[rom_ext,e2e] add ROM_EXT E2E test to check variation interoperability

timothytrippel · pamaury · commit 668f9df86c84 · 2025-12-08T13:54:26.000+01:00
There are two flavors of ROM_EXT: 1. one that uses X.509 DICE cert encodings, and 2. one that uses CWT DICE cert encodings. If you run one first, you should be able to run the other later and the ROM_EXT should seemlessly update the CDI certs. This adds a test to check this behavior works as intended. Signed-off-by: Tim Trippel <ttrippel@google.com> (cherry picked from commit 8a2ac65)
diff --git a/sw/device/silicon_creator/lib/cert/dice_chain.c b/sw/device/silicon_creator/lib/cert/dice_chain.c
@@ -437,7 +437,7 @@ rom_error_t dice_chain_attestation_owner(
   // Check if the current CDI_1 cert is valid.
   RETURN_IF_ERROR(dice_chain_load_cert_obj("CDI_1", /*name_size=*/6));
   if (dice_chain.cert_valid == kHardenedBoolFalse) {
-    dbg_puts("CDI_1 certificate not valid. Updating it ...\r\n");
+    dbg_puts("warning: CDI_1 certificate not valid; Updating it ...\r\n");
     // Update the cert page buffer.
     size_t updated_cert_size = kScratchCertSizeBytes;
     // TODO(#19596): add owner configuration block measurement to CDI_1 cert.
diff --git a/sw/device/silicon_creator/rom_ext/e2e/dice_chain/BUILD b/sw/device/silicon_creator/rom_ext/e2e/dice_chain/BUILD
@@ -2,15 +2,27 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
+load("//rules:const.bzl", "CONST", "hex")
+load("//rules:manifest.bzl", "manifest")
+load("//rules/opentitan:cc.bzl", "opentitan_binary_assemble")
 load(
     "//rules/opentitan:defs.bzl",
     "fpga_params",
+    "opentitan_binary",
     "opentitan_test",
 )
+load(
+    "//sw/device/silicon_creator/rom/e2e:defs.bzl",
+    "SLOTS",
+)
 load(
     "//sw/device/silicon_creator/rom_ext:defs.bzl",
     "ROM_EXT_VARIATIONS",
 )
+load(
+    "//sw/device/silicon_creator/rom_ext/e2e:defs.bzl",
+    "OWNER_SLOTS",
+)
 
 package(default_visibility = ["//visibility:public"])
 
@@ -38,3 +50,91 @@ package(default_visibility = ["//visibility:public"])
     )
     for variation in ROM_EXT_VARIATIONS.keys()
 ]
+
+manifest({
+    "name": "owner_manifest",
+    "identifier": hex(CONST.OWNER),
+    "visibility": ["//visibility:private"],
+})
+
+opentitan_binary(
+    name = "print_certs_for_assemble",
+    testonly = True,
+    srcs = ["//sw/device/silicon_creator/rom_ext/e2e/attestation:print_certs.c"],
+    exec_env = {
+        "//hw/top_earlgrey:fpga_cw310_rom_ext": None,
+        "//hw/top_earlgrey:fpga_cw340_rom_ext": None,
+    },
+    linker_script = "//sw/device/lib/testing/test_framework:ottf_ld_silicon_owner_slot_a",
+    manifest = ":owner_manifest",
+    deps = [
+        "//sw/device/lib/base:status",
+        "//sw/device/lib/runtime:log",
+        "//sw/device/lib/runtime:print",
+        "//sw/device/lib/testing/test_framework:ottf_main",
+        "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
+        "//sw/device/silicon_creator/manuf/base:perso_tlv_data",
+    ],
+)
+
+[
+    opentitan_binary_assemble(
+        name = "{}_rom_ext_owner_bundle".format(variation),
+        testonly = True,
+        bins = {
+            "//sw/device/silicon_creator/rom_ext:rom_ext_{}_slot_a".format(variation): SLOTS["a"],
+            ":print_certs_for_assemble": OWNER_SLOTS["a"],
+        },
+        exec_env = [
+            "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys",
+            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys",
+        ],
+    )
+    for variation in ROM_EXT_VARIATIONS.keys()
+]
+
+_VARIATION_INTEROP_TEST_CASES = [
+    {
+        "first": "x509",
+        "second": "cwt",
+    },
+    {
+        "first": "cwt",
+        "second": "x509",
+    },
+]
+
+[
+    opentitan_test(
+        name = "variation_interop_{}_first_test".format(tc["first"]),
+        exec_env = {
+            "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None,
+            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
+        },
+        fpga = fpga_params(
+            binaries = {
+                ":dice_{}_rom_ext_owner_bundle".format(tc["second"]): "second",
+                ":dice_{}_rom_ext_owner_bundle".format(tc["first"]): "firmware",
+            },
+            otp = "//sw/device/silicon_creator/rom_ext/e2e:otp_img_secret2_locked_rma",
+            test_cmd = """
+                --clear-bitstream
+                --bootstrap={firmware}
+                --second-bootstrap={second}
+            """,
+            test_harness = "//sw/host/tests/rom_ext/e2e_variation_interop",
+        ),
+    )
+    for tc in _VARIATION_INTEROP_TEST_CASES
+]
+
+test_suite(
+    name = "variation_interop_tests",
+    tags = ["manual"],
+    tests = [
+        "variation_interop_{}_first_test".format(
+            tc["first"],
+        )
+        for tc in _VARIATION_INTEROP_TEST_CASES
+    ],
+)
diff --git a/sw/host/tests/rom_ext/e2e_variation_interop/BUILD b/sw/host/tests/rom_ext/e2e_variation_interop/BUILD
@@ -0,0 +1,23 @@
+# Copyright lowRISC contributors (OpenTitan project).
+# Licensed under the Apache License, Version 2.0, see LICENSE for details.
+# SPDX-License-Identifier: Apache-2.0
+
+load("@rules_rust//rust:defs.bzl", "rust_binary")
+
+package(default_visibility = ["//visibility:public"])
+
+rust_binary(
+    name = "e2e_variation_interop",
+    srcs = [
+        "src/main.rs",
+    ],
+    deps = [
+        "//sw/host/opentitanlib",
+        "//third_party/rust/crates:anyhow",
+        "//third_party/rust/crates:clap",
+        "//third_party/rust/crates:humantime",
+        "//third_party/rust/crates:log",
+        "//third_party/rust/crates:num_enum",
+        "//third_party/rust/crates:regex",
+    ],
+)
diff --git a/sw/host/tests/rom_ext/e2e_variation_interop/src/main.rs b/sw/host/tests/rom_ext/e2e_variation_interop/src/main.rs
@@ -0,0 +1,95 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+//! ROM_EXT E2E Variation Interoperability test.
+//!
+//! This test harness checks that an CWT ROM_EXT can be booted on a chip before and after an X.509
+//! ROM_EXT can be booted, and vice versa. In both cases, CDI_* should be regenerated by the
+//! ROM_EXT seamlessly.
+
+use std::path::PathBuf;
+use std::time::Duration;
+
+use anyhow::{anyhow, Context};
+use clap::Parser;
+use regex::Regex;
+
+use opentitanlib::test_utils::init::InitializeTest;
+use opentitanlib::uart::console::{ExitStatus, UartConsole};
+
+/// CLI args for this test.
+#[derive(Debug, Parser)]
+struct Opts {
+    #[command(flatten)]
+    init: InitializeTest,
+
+    /// Second image (ROM_EXT + Owner FW bundle) to bootstrap.
+    #[arg(long)]
+    second_bootstrap: PathBuf,
+
+    /// Console receive timeout.
+    #[arg(long, value_parser = humantime::parse_duration, default_value = "30s")]
+    timeout: Duration,
+}
+
+fn main() -> anyhow::Result<()> {
+    let opts = Opts::parse();
+    opts.init.init_logging();
+
+    // Bootstrap first ROM_EXT + Owner FW.
+    let transport = opts.init.init_target()?;
+    let uart = transport.uart("console").context("failed to get UART")?;
+
+    // Wait for CDI_* update messags.
+    for i in 0..2 {
+        let _ = UartConsole::wait_for(
+            &*uart,
+            format!(r"warning: CDI_{:?} certificate not valid; updating", i).as_str(),
+            opts.timeout,
+        )?;
+    }
+
+    // Wait for pass message from first owner firmware stage.
+    let _ = UartConsole::wait_for(&*uart, r"PASS!", opts.timeout)?;
+
+    // Bootstrap second ROM_EXT + Owner FW.
+    opts.init
+        .bootstrap
+        .load(&transport, &opts.second_bootstrap)?;
+
+    // Wait for pass message from owner firmware stage.
+    let mut console = UartConsole {
+        timeout: Some(opts.timeout),
+        exit_success: Some(Regex::new(r"PASS.*\n")?),
+        exit_failure: Some(Regex::new(r"BFV.*\n")?),
+        newline: true,
+        ..Default::default()
+    };
+    let mut stdout = std::io::stdout();
+    let result = console.interact(&*uart, None, Some(&mut stdout))?;
+    match result {
+        ExitStatus::None | ExitStatus::CtrlC => Ok(()),
+        ExitStatus::Timeout => {
+            if console.exit_success.is_some() {
+                Err(anyhow!("Console timeout exceeded"))
+            } else {
+                Ok(())
+            }
+        }
+        ExitStatus::ExitSuccess => {
+            log::info!(
+                "ExitSuccess({:?})",
+                console.captures(result).unwrap().get(0).unwrap().as_str()
+            );
+            Ok(())
+        }
+        ExitStatus::ExitFailure => {
+            log::info!(
+                "ExitFailure({:?})",
+                console.captures(result).unwrap().get(0).unwrap().as_str()
+            );
+            Err(anyhow!("Matched exit_failure expression"))
+        }
+    }
+}
