Test 'authorize_and_stash' more extensively

This adds: - A check on stash on both failing and succeeding paths - A succeeding path test Signed-off-by: Arthur Heymans <arthur.heymans@9elements.com>
chipsalliance · Nov 5, 2024 · cfee63f · cfee63f
1 parent 9803094
commit cfee63f
Show file tree

Hide file tree

Showing 2 changed files with 129 additions and 4 deletions.
diff --git a/runtime/tests/runtime_integration_tests/test_authorize_and_stash.rs b/runtime/tests/runtime_integration_tests/test_authorize_and_stash.rs
@@ -1,14 +1,21 @@
 // Licensed under the Apache-2.0 license
 
-use crate::common::run_rt_test;
+use crate::common::{run_rt_test, run_rt_test_lms};
+use crate::test_set_auth_manifest::test_auth_manifest;
 use caliptra_api::SocManager;
+use caliptra_builder::{
+    firmware::{self, FMC_WITH_UART},
+    ImageOptions,
+};
 use caliptra_common::mailbox_api::{
     AuthorizeAndStashReq, AuthorizeAndStashResp, CommandId, ImageHashSource, MailboxReq,
-    MailboxReqHeader,
+    MailboxReqHeader, SetAuthManifestReq,
 };
 use caliptra_hw_model::HwModel;
 use caliptra_runtime::RtBootStatus;
-use caliptra_runtime::DENY_IMAGE_AUTHORIZATION;
+use caliptra_runtime::{AUTHORIZE_IMAGE, DENY_IMAGE_AUTHORIZATION};
+use sha2::{Digest, Sha384};
+use zerocopy::AsBytes;
 use zerocopy::FromBytes;
 
 #[test]
@@ -30,6 +37,7 @@ fn test_authorize_and_stash_cmd_deny_authorization() {
         hdr: MailboxReqHeader { chksum: 0 },
         measurement: image_digest1,
         source: ImageHashSource::InRequest as u32,
+        flags: 0, // Don't skip stash
         ..Default::default()
     });
     authorize_and_stash_cmd.populate_chksum().unwrap();
@@ -47,4 +55,121 @@ fn test_authorize_and_stash_cmd_deny_authorization() {
         authorize_and_stash_resp.auth_req_result,
         DENY_IMAGE_AUTHORIZATION
     );
+
+    // create a new fw image with the runtime replaced by the mbox responder
+    let updated_fw_image = caliptra_builder::build_and_sign_image(
+        &FMC_WITH_UART,
+        &firmware::runtime_tests::MBOX,
+        ImageOptions::default(),
+    )
+    .unwrap()
+    .to_bytes()
+    .unwrap();
+
+    // trigger an update reset so we can use commands in mbox responder
+    model
+        .mailbox_execute(u32::from(CommandId::FIRMWARE_LOAD), &updated_fw_image)
+        .unwrap();
+
+    let rt_journey_pcr_resp = model.mailbox_execute(0x1000_0000, &[]).unwrap().unwrap();
+    let rt_journey_pcr: [u8; 48] = rt_journey_pcr_resp.as_bytes().try_into().unwrap();
+
+    let valid_pauser_hash_resp = model.mailbox_execute(0x2000_0000, &[]).unwrap().unwrap();
+    let valid_pauser_hash: [u8; 48] = valid_pauser_hash_resp.as_bytes().try_into().unwrap();
+
+    // We don't expect the image_digest to be part of the stash
+    let mut hasher = Sha384::new();
+    hasher.update(rt_journey_pcr);
+    hasher.update(valid_pauser_hash);
+    let expected_measurement_hash = hasher.finalize();
+
+    let dpe_measurement_hash = model.mailbox_execute(0x3000_0000, &[]).unwrap().unwrap();
+    assert_eq!(expected_measurement_hash.as_bytes(), dpe_measurement_hash);
+}
+
+#[test]
+fn test_authorize_and_stash_cmd_succes() {
+    let mut model = run_rt_test(None, None, None);
+
+    model.step_until(|m| {
+        m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands)
+    });
+
+    let auth_manifest = test_auth_manifest();
+    let buf = auth_manifest.as_bytes();
+    let mut auth_manifest_slice = [0u8; SetAuthManifestReq::MAX_MAN_SIZE];
+    auth_manifest_slice[..buf.len()].copy_from_slice(buf);
+
+    let mut set_auth_manifest_cmd = MailboxReq::SetAuthManifest(SetAuthManifestReq {
+        hdr: MailboxReqHeader { chksum: 0 },
+        manifest_size: buf.len() as u32,
+        manifest: auth_manifest_slice,
+    });
+    set_auth_manifest_cmd.populate_chksum().unwrap();
+
+    model
+        .mailbox_execute(
+            u32::from(CommandId::SET_AUTH_MANIFEST),
+            set_auth_manifest_cmd.as_bytes().unwrap(),
+        )
+        .unwrap()
+        .expect("We should have received a response");
+
+    let image_digest1: [u8; 48] = [
+        0x38, 0xB0, 0x60, 0xA7, 0x51, 0xAC, 0x96, 0x38, 0x4C, 0xD9, 0x32, 0x7E, 0xB1, 0xB1, 0xE3,
+        0x6A, 0x21, 0xFD, 0xB7, 0x11, 0x14, 0xBE, 0x07, 0x43, 0x4C, 0x0C, 0xC7, 0xBF, 0x63, 0xF6,
+        0xE1, 0xDA, 0x27, 0x4E, 0xDE, 0xBF, 0xE7, 0x6F, 0x65, 0xFB, 0xD5, 0x1A, 0xD2, 0xF1, 0x48,
+        0x98, 0xB9, 0x5B,
+    ];
+
+    let mut authorize_and_stash_cmd = MailboxReq::AuthorizeAndStash(AuthorizeAndStashReq {
+        hdr: MailboxReqHeader { chksum: 0 },
+        measurement: image_digest1,
+        source: ImageHashSource::InRequest as u32,
+        flags: 0, // Don't skip stash
+        ..Default::default()
+    });
+    authorize_and_stash_cmd.populate_chksum().unwrap();
+
+    let resp = model
+        .mailbox_execute(
+            u32::from(CommandId::AUTHORIZE_AND_STASH),
+            authorize_and_stash_cmd.as_bytes().unwrap(),
+        )
+        .unwrap()
+        .expect("We should have received a response");
+
+    let authorize_and_stash_resp = AuthorizeAndStashResp::read_from(resp.as_slice()).unwrap();
+    assert_eq!(authorize_and_stash_resp.auth_req_result, AUTHORIZE_IMAGE);
+
+    // create a new fw image with the runtime replaced by the mbox responder
+    let updated_fw_image = caliptra_builder::build_and_sign_image(
+        &FMC_WITH_UART,
+        &firmware::runtime_tests::MBOX,
+        ImageOptions::default(),
+    )
+    .unwrap()
+    .to_bytes()
+    .unwrap();
+
+    // trigger an update reset so we can use commands in mbox responder
+    model
+        .mailbox_execute(u32::from(CommandId::FIRMWARE_LOAD), &updated_fw_image)
+        .unwrap();
+
+    let rt_journey_pcr_resp = model.mailbox_execute(0x1000_0000, &[]).unwrap().unwrap();
+    let rt_journey_pcr: [u8; 48] = rt_journey_pcr_resp.as_bytes().try_into().unwrap();
+
+    let valid_pauser_hash_resp = model.mailbox_execute(0x2000_0000, &[]).unwrap().unwrap();
+    let valid_pauser_hash: [u8; 48] = valid_pauser_hash_resp.as_bytes().try_into().unwrap();
+
+    // hash expected DPE measurements in order to check that stashed measurement was added to DPE
+    let mut hasher = Sha384::new();
+    hasher.update(rt_journey_pcr);
+    hasher.update(valid_pauser_hash);
+    hasher.update(image_digest1);
+    let expected_measurement_hash = hasher.finalize();
+
+    let dpe_measurement_hash = model.mailbox_execute(0x3000_0000, &[]).unwrap().unwrap();
+    assert_eq!(expected_measurement_hash.as_bytes(), dpe_measurement_hash);
 }
diff --git a/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs b/runtime/tests/runtime_integration_tests/test_set_auth_manifest.rs
@@ -17,7 +17,7 @@ use caliptra_image_fake_keys::*;
 use caliptra_runtime::RtBootStatus;
 use zerocopy::AsBytes;
 
-fn test_auth_manifest() -> AuthorizationManifest {
+pub fn test_auth_manifest() -> AuthorizationManifest {
     let vendor_fw_key_info: AuthManifestGeneratorKeyConfig = AuthManifestGeneratorKeyConfig {
         pub_keys: AuthManifestPubKeys {
             ecc_pub_key: VENDOR_ECC_KEY_0_PUBLIC,