Caliptra 1.0.3 ROM Updates (#1633)

* Changing SHA384ACC KAT to SHA512 (#1562)

* Changing SHA384ACC KAT to SHA512

- Adding support for SHA512 digest in the SHA acclerator driver
- Enabling support for SHA512 in the SW emulator SHA accelerator

* Renaming sha384acc to sha2_512_384acc

* Adding ECC error checking during waits (#1610)

* [bugfix] hmac384 driver: Reload kv keys for each block.

This fixes #1520 / #1550: HMAC operations larger than a
single block produce the incorrect results when using data or keys from
the keyvault.

Add a multi-block hmac384 test that uses the key-vault.

smoke-test: Verify FMC key derivation with independent impl.

* Updating DPE to fix sporadic test failure

* Updating ROM version to 1.0.3

* Removing publish website step for nightly release

---------

Co-authored-by: Kor Nielsen <[email protected]>

.github/workflows/nightly-release.yml

@@ -215,11 +215,12 @@ jobs:
           name: release-info
           path: /tmp/release-info
 
-  publish-website:
-    name: Publish https://caliptra-sw.github.io/
-    needs:
-      create-release
-    uses: ./.github/workflows/publish-website.yml
-    permissions:
-      pages: write
-      id-token: write
+  # SKIP Publishing the test results when we are not on the main branch
+  # publish-website:
+  #   name: Publish https://caliptra-sw.github.io/
+  #   needs:
+  #     create-release
+  #   uses: ./.github/workflows/publish-website.yml
+  #   permissions:
+  #     pages: write
+  #     id-token: write

FROZEN_IMAGES.sha384sum

@@ -1,3 +1,3 @@
 # WARNING: Do not update this file without the approval of the Caliptra TAC
-a6d9b0b6ae4abe19b11a838b2bebaa93f7e8f901c86cdd1e5dae31ae7fed833eff1e46968abbeff5cb3c7fe020565d82  caliptra-rom-no-log.bin
-f6df64ab5a31ecbbf4380e55a13ade0f43e797cf73defb288f719cabc1e60c5bf4da85b54f068e3182040db0675b4f4b  caliptra-rom-with-log.bin
+89ac48da7ac14cc456b9545c68f5ff70e6a6fcdd4deba3d7d94a65b7d3ad092273a723114073a925728fa82c3c8ca225  caliptra-rom-no-log.bin
+ab399aa651019bb77c379ccb184444b2dd17d118f27072827477d2bf561616251b0ea149973ac13659b25e81beffafe6  caliptra-rom-with-log.bin

builder/src/firmware.rs

@@ -228,8 +228,8 @@ pub mod driver_tests {
         ..BASE_FWID
     };
 
-    pub const SHA384ACC: FwId = FwId {
-        bin_name: "sha384acc",
+    pub const SHA2_512_384ACC: FwId = FwId {
+        bin_name: "sha2_512_384acc",
         ..BASE_FWID
     };
 
@@ -415,7 +415,7 @@ pub const REGISTERED_FW: &[&FwId] = &[
     &driver_tests::SHA1,
     &driver_tests::SHA256,
     &driver_tests::SHA384,
-    &driver_tests::SHA384ACC,
+    &driver_tests::SHA2_512_384ACC,
     &driver_tests::STATUS_REPORTER,
     &driver_tests::TEST_LMS_24,
     &driver_tests::TEST_LMS_32,

builder/src/version.rs

@@ -2,7 +2,7 @@
 
 pub const ROM_VERSION_MAJOR: u16 = 1;
 pub const ROM_VERSION_MINOR: u16 = 0;
-pub const ROM_VERSION_PATCH: u16 = 2;
+pub const ROM_VERSION_PATCH: u16 = 3;
 
 pub const FMC_VERSION_MAJOR: u16 = 1;
 pub const FMC_VERSION_MINOR: u16 = 0;

common/src/error_handler.rs

@@ -1,7 +1,7 @@
 // Licensed under the Apache-2.0 license
 use caliptra_drivers::{
     cprintln, report_fw_error_fatal, report_fw_error_non_fatal, Ecc384, Hmac384, KeyVault, Mailbox,
-    Sha256, Sha384, Sha384Acc, SocIfc,
+    Sha256, Sha2_512_384Acc, Sha384, SocIfc,
 };
 
 #[allow(clippy::empty_loop)]
@@ -20,13 +20,13 @@ pub fn handle_fatal_error(code: u32) -> ! {
         Hmac384::zeroize();
         Sha256::zeroize();
         Sha384::zeroize();
-        Sha384Acc::zeroize();
+        Sha2_512_384Acc::zeroize();
 
         // Zeroize the key vault.
         KeyVault::zeroize();
 
         // Lock the SHA Accelerator.
-        Sha384Acc::lock();
+        Sha2_512_384Acc::lock();
 
         // Stop the watchdog timer.
         // Note: This is an idempotent operation.

drivers/src/ecc384.rs

@@ -19,7 +19,7 @@ use crate::{
 };
 #[cfg(not(feature = "no-cfi"))]
 use caliptra_cfi_derive::cfi_impl_fn;
-use caliptra_registers::ecc::EccReg;
+use caliptra_registers::ecc::{EccReg, RegisterBlock};
 use core::cmp::Ordering;
 use zerocopy::{AsBytes, FromBytes};
 use zeroize::Zeroize;
@@ -182,6 +182,32 @@ impl Ecc384 {
         false
     }
 
+    // Wait on the provided condition OR the error condition defined in this function
+    // In the event of the error condition being set, clear the error bits and return an error
+    fn wait<F>(regs: RegisterBlock<ureg::RealMmioMut>, condition: F) -> CaliptraResult<()>
+    where
+        F: Fn() -> bool,
+    {
+        let err_condition = || {
+            (u32::from(regs.intr_block_rf().error_global_intr_r().read()) != 0)
+                || (u32::from(regs.intr_block_rf().error_internal_intr_r().read()) != 0)
+        };
+
+        // Wait for either the given condition or the error condition
+        wait::until(|| (condition() || err_condition()));
+
+        if err_condition() {
+            // Clear the errors
+            // error_global_intr_r is RO
+            regs.intr_block_rf()
+                .error_internal_intr_r()
+                .write(|_| u32::from(regs.intr_block_rf().error_internal_intr_r().read()).into());
+            return Err(CaliptraError::DRIVER_ECC384_HW_ERROR);
+        }
+
+        Ok(())
+    }
+
     /// Generate ECC-384 Key Pair
     ///
     /// # Arguments
@@ -206,7 +232,7 @@ impl Ecc384 {
         let mut priv_key = priv_key;
 
         // Wait for hardware ready
-        wait::until(|| ecc.status().read().ready());
+        Ecc384::wait(ecc, || ecc.status().read().ready())?;
 
         // Configure hardware to route keys to user specified hardware blocks
         match &mut priv_key {
@@ -245,7 +271,7 @@ impl Ecc384 {
         ecc.ctrl().write(|w| w.ctrl(|w| w.keygen()));
 
         // Wait for command to complete
-        wait::until(|| ecc.status().read().valid());
+        Ecc384::wait(ecc, || ecc.status().read().valid())?;
 
         // Copy the private key
         match &mut priv_key {
@@ -290,7 +316,7 @@ impl Ecc384 {
         let ecc = self.ecc.regs_mut();
 
         // Wait for hardware ready
-        wait::until(|| ecc.status().read().ready());
+        Ecc384::wait(ecc, || ecc.status().read().ready())?;
 
         // Generate an IV.
         let iv = trng.generate()?;
@@ -299,7 +325,7 @@ impl Ecc384 {
         ecc.ctrl().write(|w| w.pcr_sign(true).ctrl(|w| w.signing()));
 
         // Wait for command to complete
-        wait::until(|| ecc.status().read().valid());
+        Ecc384::wait(ecc, || ecc.status().read().valid())?;
 
         // Copy signature
         let signature = Ecc384Signature {
@@ -322,7 +348,7 @@ impl Ecc384 {
         let ecc = self.ecc.regs_mut();
 
         // Wait for hardware ready
-        wait::until(|| ecc.status().read().ready());
+        Ecc384::wait(ecc, || ecc.status().read().ready())?;
 
         // Copy private key
         match priv_key {
@@ -344,7 +370,7 @@ impl Ecc384 {
         ecc.ctrl().write(|w| w.ctrl(|w| w.signing()));
 
         // Wait for command to complete
-        wait::until(|| ecc.status().read().valid());
+        Ecc384::wait(ecc, || ecc.status().read().valid())?;
 
         // Copy signature
         let signature = Ecc384Signature {
@@ -455,7 +481,7 @@ impl Ecc384 {
         let ecc = self.ecc.regs_mut();
 
         // Wait for hardware ready
-        wait::until(|| ecc.status().read().ready());
+        Ecc384::wait(ecc, || ecc.status().read().ready())?;
 
         // Copy public key to registers
         pub_key.x.write_to_reg(ecc.pubkey_x());
@@ -472,7 +498,7 @@ impl Ecc384 {
         ecc.ctrl().write(|w| w.ctrl(|w| w.verifying()));
 
         // Wait for command to complete
-        wait::until(|| ecc.status().read().valid());
+        Ecc384::wait(ecc, || ecc.status().read().valid())?;
 
         // Copy the random value
         let verify_r = Array4x12::read_from_reg(ecc.verify_r());