Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[silicon_creator] refactor OTBN boot services to enable generating TPM or DICE keys #22810

Merged
merged 3 commits into from
Apr 30, 2024
Merged

[silicon_creator] refactor OTBN boot services to enable generating TPM or DICE keys #22810

merged 3 commits into from
Apr 30, 2024

Conversation

timothytrippel
Copy link
Contributor

This fixes #22622 to enable generating TPM attestation keys off of the keymgr sealing side and DICE attestation keys off of the keymgr attestation side.

Additionally, this cleans up the DICE lib to reduce code size and align naming conventions.

@timothytrippel timothytrippel requested a review from a team as a code owner April 24, 2024 22:54
@timothytrippel timothytrippel removed the request for review from a team April 24, 2024 22:54
@timothytrippel timothytrippel force-pushed the refactor-otbn-boot-svcs branch 2 times, most recently from a79f94d to 483f34b Compare April 26, 2024 19:08
@timothytrippel
[sw/silicon_creator] enable OTBN boot services to gen TPM keys
f3edc3e 
This refactors the OTBN boot services library, and silicon_creator
keymgr driver to enable generating two types attestation keys:
1. DICE keys, that are based on the attestation side of the key ladder,
   and
2. TPM keys, that are based on the sealing side of the key ladder.

This fixes lowRISC#22622.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel
[test] adjust exec_env of otbn_boot_functest
b401aee 
The `otbn_boot_services_functest` must run in the ROM_EXT slot since it
manipulates the keygmr state, which normally is done by the ROM_EXT.

This partially addresses lowRISC#21706.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel
[dice] refactor dice lib to reduce code size
b9a2ff8 
This refactors the dice lib to optimize code reuse and follow lib asset
naming conventions.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel merged commit b217f41 into lowRISC:master Apr 30, 2024
32 checks passed
@timothytrippel timothytrippel deleted the refactor-otbn-boot-svcs branch April 30, 2024 03:20
@timothytrippel timothytrippel mentioned this pull request May 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moidx moidx moidx approved these changes

@cfrantz cfrantz Awaiting requested review from cfrantz

@vbendeb vbendeb Awaiting requested review from vbendeb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[silicon_creator/sw] refactor the otbn_boot_attestation_keygen function
2 participants
@timothytrippel @moidx