Adding owner pub key hash to FW_INFO cmd

chipsalliance · Dec 14, 2024 · 97b096f · 97b096f
1 parent cbd59bf
commit 97b096f
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 2 deletions.
diff --git a/api/src/mailbox.rs b/api/src/mailbox.rs
@@ -786,8 +786,7 @@ pub struct FwInfoResp {
     pub rom_sha256_digest: [u32; 8],
     pub fmc_sha384_digest: [u32; 12],
     pub runtime_sha384_digest: [u32; 12],
-    // TODO: Decide what other information to report for general firmware
-    // status.
+    pub owner_pub_key_hash: [u32; 12],
 }
 
 // CAPABILITIES

diff --git a/libcaliptra/inc/caliptra_types.h b/libcaliptra/inc/caliptra_types.h
@@ -144,6 +144,7 @@ struct caliptra_fw_info_resp {
     uint32_t rom_sha256_digest[8];
     uint32_t fmc_sha384_digest[12];
     uint32_t runtime_sha384_digest[12];
+    uint32_t owner_pub_key_hash[12];
 };
 
 struct caliptra_dpe_tag_tci_req {

diff --git a/runtime/README.md b/runtime/README.md
@@ -554,6 +554,8 @@ Command Code: `0x4754_4744` ("GTGD")
 
 Retrieves information about the current Runtime Firmware, FMC, and ROM.
 
+NOTE: Additional fields and info may be appended to the response in subsequent FW versions.
+
 Command Code: `0x494E_464F` ("INFO")
 
 *Table: `FW_INFO` input arguments*
@@ -579,6 +581,7 @@ Command Code: `0x494E_464F` ("INFO")
 | rom_sha256_digest      | u32[8]         | Digest of ROM binary.
 | fmc_sha384_digest      | u32[12]        | Digest of FMC binary.
 | runtime_sha384_digest  | u32[12]        | Digest of runtime binary.
+| owner_pub_key_hash     | u8[48]         | Hash of the owner public keys provided in the image bundle manifest.
 
 ### VERSION
 

diff --git a/runtime/src/info.rs b/runtime/src/info.rs
@@ -46,6 +46,7 @@ impl FwInfoCmd {
             rom_sha256_digest: rom_info.sha256_digest,
             fmc_sha384_digest: pdata.manifest1.fmc.digest,
             runtime_sha384_digest: pdata.manifest1.runtime.digest,
+            owner_pub_key_hash: drivers.data_vault.owner_pk_hash().into(),
         }))
     }
 }

diff --git a/runtime/tests/runtime_integration_tests/test_info.rs b/runtime/tests/runtime_integration_tests/test_info.rs
@@ -1,6 +1,7 @@
 // Licensed under the Apache-2.0 license.
 
 use crate::common::{run_rt_test, RuntimeTestArgs};
+use caliptra_api::SocManager;
 use caliptra_builder::{
     firmware::{APP_WITH_UART, FMC_WITH_UART},
     ImageOptions,
@@ -13,7 +14,10 @@ use caliptra_common::{
     },
 };
 use caliptra_hw_model::{BootParams, DefaultHwModel, HwModel, InitParams};
+use caliptra_image_crypto::OsslCrypto as Crypto;
+use caliptra_image_gen::ImageGenerator;
 use caliptra_image_types::RomInfo;
+
 use core::mem::size_of;
 use zerocopy::{AsBytes, FromBytes};
 
@@ -59,10 +63,21 @@ fn test_fw_info() {
         caliptra_builder::build_and_sign_image(&FMC_WITH_UART, &APP_WITH_UART, image_opts10)
             .unwrap();
 
+    // Set fuses
+    let owner_pub_key_hash = ImageGenerator::new(Crypto::default())
+        .owner_pubkey_digest(&image.manifest.preamble)
+        .unwrap();
+
+    let fuses = caliptra_hw_model::Fuses {
+        owner_pk_hash: owner_pub_key_hash,
+        ..Default::default()
+    };
+
     let mut model = caliptra_hw_model::new(
         init_params,
         BootParams {
             fw_image: Some(&image.to_bytes().unwrap()),
+            fuses,
             ..Default::default()
         },
     )
@@ -117,6 +132,8 @@ fn test_fw_info() {
     assert_eq!(info.rom_sha256_digest, rom_info.sha256_digest);
     assert_eq!(info.fmc_sha384_digest, image.manifest.fmc.digest);
     assert_eq!(info.runtime_sha384_digest, image.manifest.runtime.digest);
+    // Check owner public key hash
+    assert_eq!(info.owner_pub_key_hash, owner_pub_key_hash);
 
     // Make image with newer SVN.
     let mut image_opts20 = image_opts.clone();