[perso] cleanup SPI transactions during personalization

This updates the personalization firmware and FT test harness to make
use of the GPIO TX indicator pin to eliminate the host driven polling of
the SPI flash buffer. This makes the wavesforms cleaner to simplify ATE
integration.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 5da7c4a)

Author: timothytrippel

sw/device/silicon_creator/manuf/base/ft_personalize.c

@@ -14,6 +14,7 @@
 #include "sw/device/lib/dif/dif_pinmux.h"
 #include "sw/device/lib/dif/dif_rstmgr.h"
 #include "sw/device/lib/runtime/log.h"
+#include "sw/device/lib/runtime/print.h"
 #include "sw/device/lib/testing/flash_ctrl_testutils.h"
 #include "sw/device/lib/testing/json/provisioning_data.h"
 #include "sw/device/lib/testing/lc_ctrl_testutils.h"
@@ -60,11 +61,6 @@
 #include "hw/top/otp_ctrl_regs.h"    // Generated.
 #include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
 
-OTTF_DEFINE_TEST_CONFIG(.console.type = kOttfConsoleSpiDevice,
-                        .console.base_addr = TOP_EARLGREY_SPI_DEVICE_BASE_ADDR,
-                        .console.test_may_clobber = false,
-                        .silence_console_prints = true);
-
 enum {
   /**
    * Size of the largest OTP partition to be measured.
@@ -109,6 +105,15 @@ static const dif_gpio_pin_t kGpioPinTestError = 2;
 static const dif_gpio_pin_t kGpioPinSpiConsoleTxReady = 3;
 static const dif_gpio_pin_t kGpioPinSpiConsoleRxReady = 4;
 
+OTTF_DEFINE_TEST_CONFIG(
+        .console.type = kOttfConsoleSpiDevice,
+        .console.base_addr = TOP_EARLGREY_SPI_DEVICE_BASE_ADDR,
+        .console.test_may_clobber = false, .console.putbuf_buffered = true,
+        .silence_console_prints = true, .console_tx_indicator.enable = true,
+        .console_tx_indicator.spi_console_tx_ready_mio = kDtPadIoa5,
+        .console_tx_indicator.spi_console_tx_ready_gpio =
+            kGpioPinSpiConsoleTxReady);
+
 /**
  * Keymgr binding values.
  */
@@ -198,7 +203,7 @@ OT_WEAK rom_error_t sku_creator_owner_init(boot_data_t *bootdata) {
 
 static void log_self_hash(void) {
   // clang-format off
-  LOG_INFO("Personalization Firmware Hash: 0x%08x%08x%08x%08x%08x%08x%08x%08x",
+  base_printf("Personalization Firmware Hash: 0x%08x%08x%08x%08x%08x%08x%08x%08x\n",
            boot_measurements.rom_ext.data[7],
            boot_measurements.rom_ext.data[6],
            boot_measurements.rom_ext.data[5],
@@ -364,17 +369,17 @@ static status_t personalize_otp_and_flash_secrets(ujson_t *uj) {
     TRY(manuf_individualize_device_field_cfg(
         &otp_ctrl,
         OTP_CTRL_PARAM_CREATOR_SW_CFG_FLASH_DATA_DEFAULT_CFG_OFFSET));
-    LOG_INFO("Bootstrap requested.");
+    base_printf("Bootstrap requested.\n");
     wait_for_interrupt();
   }
 
   // Provision OTP Secret2 partition and flash info pages 1, 2, and 4 (keymgr
   // and DICE keygen seeds).
   if (!status_ok(manuf_personalize_device_secrets_check(&otp_ctrl))) {
+    log_self_hash();
     lc_token_hash_t token_hash;
-    // Wait for host the host generated RMA unlock token hash to arrive over the
-    // console.
-    LOG_INFO("Waiting For RMA Unlock Token Hash ...");
+    // Wait for the host to send the RMA unlock token hash over the console.
+    base_printf("Waiting For RMA Unlock Token Hash ...\n");
     TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleRxReady, true));
     CHECK_STATUS_OK(
         UJSON_WITH_CRC(ujson_deserialize_lc_token_hash_t, uj, &token_hash));
@@ -523,7 +528,7 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
   // Retrieve certificate provisioning data.
   // DO NOT CHANGE THE BELOW STRING without modifying the host code in
   // sw/host/provisioning/ft_lib/src/lib.rs
-  LOG_INFO("Waiting for certificate inputs ...");
+  base_printf("Waiting for certificate inputs ...\n");
   TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleRxReady, true));
   TRY(ujson_deserialize_manuf_certgen_inputs_t(uj, &certgen_inputs));
   TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleRxReady, false));
@@ -590,10 +595,10 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
       "UDS",
       /*needs_endorsement=*/kDiceCertFormat == kDiceCertFormatX509TcbInfo,
       kDiceCertFormat, all_certs, curr_cert_size, &perso_blob_to_host));
-  LOG_INFO("Generated UDS certificate.");
 
+  // After we have cranked the keymgr to the CreatorRootKey (UDS) stage, we now
+  // can initialize and seal the ownership block.
   ownership_seal_init();
-  LOG_INFO("Initialized ownership sealing in UDS state.");
 
   // Generate CDI_0 keys and cert.
   curr_cert_size = kCdi0MaxCertSizeBytes;
@@ -611,7 +616,6 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
   TRY(perso_tlv_push_cert_to_perso_blob("CDI_0", /*needs_endorsement=*/false,
                                         kDiceCertFormat, all_certs,
                                         curr_cert_size, &perso_blob_to_host));
-  LOG_INFO("Generated CDI_0 certificate.");
 
   // Generate CDI_1 keys and cert.
   curr_cert_size = kCdi1MaxCertSizeBytes;
@@ -630,7 +634,6 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
   TRY(perso_tlv_push_cert_to_perso_blob("CDI_1", /*needs_endorsement=*/false,
                                         kDiceCertFormat, all_certs,
                                         curr_cert_size, &perso_blob_to_host));
-  LOG_INFO("Generated CDI_1 certificate.");
 
   return OK_STATUS();
 }
@@ -833,7 +836,6 @@ static status_t extract_next_cert(uint8_t **dest, size_t *free_room) {
     // Copy the certificate object to the destination buffer.
     uint8_t *dest_p = *dest;
     memcpy(dest_p, block.obj_p, block.obj_size);
-    LOG_INFO("Copied %s certificate", block.name);
 
     // Advance destination buffer pointer and reduce free space counter.
     *dest = dest_p + block.obj_size;
@@ -885,15 +887,13 @@ static status_t personalize_endorse_certificates(ujson_t *uj) {
   // Export the certificates to the provisioning appliance.
   // DO NOT CHANGE THE BELOW STRING without modifying the host code in
   // sw/host/provisioning/ft_lib/src/lib.rs
-  LOG_INFO("Exporting TBS certificates ...");
-  TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleTxReady, true));
+  base_printf("Exporting TBS certificates ...\n");
   RESP_OK(ujson_serialize_perso_blob_t, uj, &perso_blob_to_host);
-  TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleTxReady, false));
 
   // Import endorsed certificates from the provisioning appliance.
   // DO NOT CHANGE THE BELOW STRING without modifying the host code in
   // sw/host/provisioning/ft_lib/src/lib.rs
-  LOG_INFO("Importing endorsed certificates ...");
+  base_printf("Importing endorsed certificates ...\n");
   TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleRxReady, true));
   TRY(ujson_deserialize_perso_blob_t(uj, &perso_blob_from_host));
   TRY(dif_gpio_write(&gpio, kGpioPinSpiConsoleRxReady, false));
@@ -946,7 +946,6 @@ static status_t personalize_endorse_certificates(ujson_t *uj) {
       return RESOURCE_EXHAUSTED();
 
     memcpy(next_cert, block.obj_p, block.obj_size);
-    LOG_INFO("Copied %s certificate", block.name);
     next_cert += block.obj_size;
     free_room -= block.obj_size;
   }
@@ -983,8 +982,6 @@ static status_t personalize_endorse_certificates(ujson_t *uj) {
       TRY(write_cert_to_flash_info_page(&curr_layout, &block, next_cert,
                                         page_offset, cert_size_bytes_ru,
                                         cert_size_words));
-      LOG_INFO("Imported %s %s certificate.", curr_layout.group_name,
-               block.name);
       page_offset += cert_size_bytes_ru;
       next_cert += block.obj_size;
 
@@ -995,7 +992,7 @@ static status_t personalize_endorse_certificates(ujson_t *uj) {
 
   // DO NOT CHANGE THE BELOW STRING without modifying the host code in
   // sw/host/provisioning/ft_lib/src/lib.rs
-  LOG_INFO("Finished importing certificates.");
+  base_printf("Finished importing certificates.\n");
 
   return OK_STATUS();
 }
@@ -1136,14 +1133,12 @@ static status_t provision(ujson_t *uj) {
       .cert_flash_layout = cert_flash_layout};
   TRY(personalize_extension_post_cert_endorse(&post_endorse));
 
-  // Log the hash of all perso objects to the host and console.
+  // Check the hash of all perso objects with the host to confirm integrity of
+  // the transmission / provisioning operations.
   serdes_sha256_hash_t hash;
   hmac_sha256_process();
   hmac_sha256_final((hmac_digest_t *)&hash);
   TRY(send_final_hash(uj, &hash));
-  LOG_INFO("SHA256 hash of all perso objects: %08x%08x%08x%08x%08x%08x%08x%08x",
-           hash.data[7], hash.data[6], hash.data[5], hash.data[4], hash.data[3],
-           hash.data[2], hash.data[1], hash.data[0]);
 
   // Complete any remaining OTP programming.
   TRY(finalize_otp_partitions());
@@ -1164,8 +1159,6 @@ bool test_main(void) {
   CHECK_STATUS_OK(entropy_complex_init());
   ujson_t uj = ujson_ottf_console();
 
-  log_self_hash();
-
   // Read the reset reason directly from the RSTMGR.
   // This is needed to clear the reset reason before the first call to
   // `personalize_otp_and_flash_secrets()`, which will reset the device.
@@ -1184,7 +1177,7 @@ bool test_main(void) {
 
   // DO NOT CHANGE THE BELOW STRING without modifying the host code in
   // sw/host/provisioning/ft_lib/src/lib.rs
-  LOG_INFO("Personalization done.");
+  base_printf("Personalization done.\n");
 
   return true;
 }

sw/device/silicon_creator/manuf/base/tpm_personalize_ext.c

@@ -4,7 +4,6 @@
 
 #include "perso_tlv_data.h"
 #include "sw/device/lib/dif/dif_flash_ctrl.h"
-#include "sw/device/lib/runtime/log.h"
 #include "sw/device/lib/testing/test_framework/status.h"
 #include "sw/device/lib/testing/test_framework/ujson_ottf.h"
 #include "sw/device/silicon_creator/lib/attestation.h"
@@ -88,7 +87,6 @@ static status_t personalize_gen_tpm_ek_certificate(
 
 status_t personalize_extension_pre_cert_endorse(
     personalize_extension_pre_endorse_t *pre_params) {
-  LOG_INFO("Running TPM perso extension ...");
   TRY(peripheral_handles_init());
   TRY(config_and_erase_tpm_certificate_flash_pages());
   TRY(personalize_gen_tpm_ek_certificate(pre_params->certgen_inputs,

sw/host/provisioning/ft/src/main.rs

@@ -22,6 +22,7 @@ use ft_lib::{
 };
 use opentitanlib::backend;
 use opentitanlib::console::spi::SpiConsoleDevice;
+use opentitanlib::io::gpio::{PinMode, PullMode};
 use opentitanlib::test_utils::init::InitializeTest;
 use opentitanlib::test_utils::lc::{read_device_id, read_lc_state};
 use opentitanlib::test_utils::load_sram_program::SramProgramParams;
@@ -125,7 +126,10 @@ fn main() -> Result<()> {
     let transport = backend::create(&opts.init.backend_opts)?;
     transport.apply_default_configuration(None)?;
     let spi = transport.spi(&opts.console_spi)?;
-    let spi_console_device = SpiConsoleDevice::new(&*spi, None)?;
+    let device_console_tx_ready_pin = &transport.gpio_pin(&opts.console_tx_indicator_pin)?;
+    device_console_tx_ready_pin.set_mode(PinMode::Input)?;
+    device_console_tx_ready_pin.set_pull_mode(PullMode::None)?;
+    let spi_console = SpiConsoleDevice::new(&*spi, Some(device_console_tx_ready_pin))?;
     InitializeTest::print_result(
         "load_bitstream",
         opts.init.load_bitstream.init(&transport).map(|_| None),
@@ -236,8 +240,7 @@ fn main() -> Result<()> {
                 &opts.init.jtag_params,
                 &opts.sram_program,
                 &ft_individualize_data_in,
-                &opts.console_spi,
-                &opts.console_tx_indicator_pin,
+                &spi_console,
                 opts.timeout,
                 &mut ujson_payloads,
             )?;
@@ -273,7 +276,7 @@ fn main() -> Result<()> {
         ca_keys,
         &_perso_certgen_inputs,
         opts.second_bootstrap,
-        &spi_console_device,
+        &spi_console,
         &mut ujson_payloads,
         opts.timeout,
         &mut response,

sw/host/provisioning/ft_lib/src/lib.rs

@@ -22,7 +22,6 @@ use ft_ext_lib::ft_ext;
 use opentitanlib::app::{TransportWrapper, UartRx};
 use opentitanlib::console::spi::SpiConsoleDevice;
 use opentitanlib::io::console::ConsoleError;
-use opentitanlib::io::gpio::{PinMode, PullMode};
 use opentitanlib::io::jtag::{JtagParams, JtagTap, RiscvGpr, RiscvReg};
 use opentitanlib::test_utils::init::InitializeTest;
 use opentitanlib::test_utils::lc_transition::trigger_lc_transition;
@@ -89,17 +88,11 @@ pub fn run_sram_ft_individualize(
     jtag_params: &JtagParams,
     sram_program: &SramProgramParams,
     ft_individualize_data_in: &ManufFtIndividualizeData,
-    console_spi: &str,
-    console_tx_indicator_pin: &str,
+    spi_console: &SpiConsoleDevice,
     timeout: Duration,
     ujson_payloads: &mut UjsonPayloads,
 ) -> Result<()> {
-    // Setup the SPI console with the GPIO TX indicator pin.
-    let spi = transport.spi(console_spi)?;
-    let device_console_tx_ready_pin = &transport.gpio_pin(console_tx_indicator_pin)?;
-    device_console_tx_ready_pin.set_mode(PinMode::Input)?;
-    device_console_tx_ready_pin.set_pull_mode(PullMode::None)?;
-    let spi_console = SpiConsoleDevice::new(&*spi, Some(device_console_tx_ready_pin))?;
+    // Reset the SPI console before loading the target firmware.
     spi_console.reset_frame_counter();
 
     // Set CPU TAP straps, reset, and connect to the JTAG interface.
@@ -125,15 +118,15 @@ pub fn run_sram_ft_individualize(
     {
         // Wait for SRAM program to complete execution.
         let _ = UartConsole::wait_for(
-            &spi_console,
+            spi_console,
             r"Waiting for FT SRAM provisioning data ...",
             timeout,
         )?;
 
         // Inject provisioning data into the device.
         ujson_payloads.dut_in.insert(
             "FT_INDIVIDUALIZE_DATA_IN".to_string(),
-            ft_individualize_data_in.send(&spi_console)?,
+            ft_individualize_data_in.send(spi_console)?,
         );
     }
 
@@ -358,7 +351,7 @@ fn provision_certificates(
     // Wait until the device exports the TBS certificates.
     let t0 = Instant::now();
     let _ = UartConsole::wait_for(spi_console, r"Exporting TBS certificates ...", timeout)?;
-    let perso_blob = PersoBlob::recv(spi_console, timeout, true)?;
+    let perso_blob = PersoBlob::recv(spi_console, timeout, /*quite=*/ true)?;
     response.stats.log_elapsed_time("perso-tbs-export", t0);
 
     // Extract certificate byte vectors, endorse TBS certs, and ensure they parse with OpenSSL.
@@ -387,7 +380,6 @@ fn provision_certificates(
 
     let t0 = Instant::now();
     for _ in 0..perso_blob.num_objs {
-        log::info!("Processing next object");
         let header = get_obj_header(&perso_blob.body[start..])?;
         let obj_header_size = std::mem::size_of::<ObjHeaderType>();
 
@@ -594,8 +586,10 @@ pub fn run_ft_personalize(
     response: &mut PersonalizeResponse,
 ) -> Result<()> {
     // Bootstrap only personalization binary into ROM_EXT slot A in flash.
+    spi_console.reset_frame_counter();
     let t0 = Instant::now();
     init.bootstrap.init(transport)?;
+    spi_console.reset_frame_counter();
     response.stats.log_elapsed_time("first-bootstrap", t0);
 
     // Bootstrap personalization + ROM_EXT + Owner FW binaries into flash, since
@@ -606,14 +600,21 @@ pub fn run_ft_personalize(
 
     let t0 = Instant::now();
     init.bootstrap.load(transport, &second_bootstrap)?;
+    spi_console.reset_frame_counter();
     response.stats.log_elapsed_time("second-bootstrap", t0);
 
+    let _ = UartConsole::wait_for(spi_console, r"Personalization Firmware Hash:", timeout)?;
+
     // Send RMA unlock token digest to device.
     let second_t0 = Instant::now();
     let t0 = second_t0;
     send_rma_unlock_token_hash(rma_unlock_token, timeout, spi_console, ujson_payloads)?;
     response.stats.log_elapsed_time("send-rma-unlock-token", t0);
 
+    // After the OTP SECRET2 partition is programmed, the chip performs a SW
+    // reset, so we need to reset the SPI console frame counter.
+    spi_console.reset_frame_counter();
+
     // Provision all device certificates.
     let t0 = Instant::now();
     provision_certificates(