Skip to content

Backport 26169 ([rom_ext] fix CDI_* cert update bug ) #28891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pamaury wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Backport 26169 ([rom_ext] fix CDI_* cert update bug ) #28891

pamaury wants to merge 3 commits into from
+233 −9

Conversation

@pamaury
Copy link
Contributor

@pamaury pamaury commented Dec 8, 2025

Backport #26169. One commit is not needed because it was backported in #27714. Nevertheless this backport is bit cursed because on master, the dice chain was moved to its file dice_chain.c before this change, whereas on earlgrey_1.0.0 it was moved after. Even after that, the diff still has a conflict because the debug message on earlgrey_1.0.0 is warning: CDI_1 certificate not valid. updating\r\n while it is CDI_1 certificate not valid. updating\r\n on master. Scrolling through the history, I found that #27286 manually cherry-picked #25279 but did not cherry-picked the inclusion of the warning: prefix for some reason. Since this prefix is used by the harness and since all other strings that with either warning: or error:, it makes sense to change the format to include this prefix as well which is what I did.

@pamaury pamaury requested review from a team as code owners December 8, 2025 12:58
@pamaury pamaury requested review from jwnrt and timothytrippel and removed request for a team December 8, 2025 12:58
@pamaury
Copy link
Contributor Author

pamaury commented Dec 8, 2025

The rust harness needed some nontrivial fixes due to the console changes introduces in #28805. I added a commit to make them so that it clear which changes come from this versus the original test.

timothytrippel and others added 3 commits December 8, 2025 17:09
@timothytrippel @pamaury
[rom_ext,e2e] split print_certs test out into binary
db484bc 
We split the "print_certs" test out into a separate opentitan_binary
target so that it can be reused amongst many tests.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit b805ccd)
@timothytrippel @pamaury
[rom_ext,e2e] add ROM_EXT E2E test to check variation interoperability
32e36c1 
There are two flavors of ROM_EXT:
1. one that uses X.509 DICE cert encodings, and
2. one that uses CWT DICE cert encodings.

If you run one first, you should be able to run the other later and the
ROM_EXT should seemlessly update the CDI certs. This adds a test to
check this behavior works as intended.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 8a2ac65)
@pamaury
[rom_ext,e2e] Update test to match the changes done to UART console
315ca49 
Signed-off-by: Amaury Pouly <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jwnrt jwnrt Awaiting requested review from jwnrt jwnrt is a code owner automatically assigned from lowRISC/ot-rust-reviewers

@timothytrippel timothytrippel Awaiting requested review from timothytrippel timothytrippel is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pamaury @timothytrippel