[sw,rom_ext] Add dual-redundancy boot_data writing algorithm #28967
Conversation
sasdf
force-pushed
the
mgTc31d8c3c
branch
6 times, most recently
from
7d4520f to
2963544
Compare
sasdf
force-pushed
the
mgTc31d8c3c
branch
2 times, most recently
from
e53a867 to
15fdd4a
Compare
siemen11
left a comment
siemen11
left a comment
There was a problem hiding this comment.
Thank you for the changes to the ROM_EXT! These changes are highly important to secure the rollback mechanic of the boot.
However, if I understand correctly, if all boot_data entries are invalidated (the two indices per page and the two pages of boot_data), then the ROM_EXT will proceed with loading a default boot data (which has security version 0) to all copies in flash. This invalidation could have been done through adversarial means.
Given the attacker has an old BL0 (with a lower security version), this means that it can be correctly loaded giving a rollback.
Please let me know if I misunderstood the logic. Maybe we can discuss the change in a meeting?
The update flow is designed to ensure that the inactive page is written and verified via read-back before the active page is updated. This guarantees that at least one valid entry is available at all times, preventing an unintended fallback to the default boot data. With the new scheme, entries are categorized as either:
In scenarios where a page becomes corrupted (e.g., due to power loss), we always write the new data to that corrupted page first. This makes it impossible to invalidate all entries simultaneously without a direct physical attack. |
sasdf
force-pushed
the
mgTc31d8c3c
branch
2 times, most recently
from
d224b34 to
56da5a0
Compare
|
This change LGTM, but I'd really like to make sure there is a test to validate that the approach of writing two records to each page. |
sasdf
force-pushed
the
mgTc31d8c3c
branch
2 times, most recently
from
8514d3d to
a66a56f
Compare
|
Thanks. The latest commit introduced tests for various entry validity combinations within the page. The Each of these tests reads back all four entries to verify that |
This commit introduces a new dual-redundancy scheme for writing boot data to flash. Instead of the legacy circular writing scheme, which is now renamed to `boot_data_write_old`, the new `boot_data_write` function ensures that a valid and consistent entry is written to the first index of both boot data pages. Key changes: - Renamed the legacy `boot_data_write` to `boot_data_write_old`. - Implemented the new `boot_data_write` using a dual-redundancy algorithm. - Added `boot_data_redundancy_check` to verify consistency between the two pages. - Updated `rom_ext_start` to automatically repair boot data using the redundancy check. Change-Id: Ic31d8c3c778397feb8eb2991ca9e670917047633 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
sasdf
force-pushed
the
mgTc31d8c3c
branch
2 times, most recently
from
0f1663c to
1871921
Compare
|
In addition to the requested changes, I included two minor follow-up commits:
|
In addition to using hardened functions for control flow integrity, this change updates `boot_data_write` to write each entry twice per page (at index 0 and 1). This redundancy ensures that the boot data can survive some types of persistent bit corruption. Change-Id: I548174aba322da3b5bf7c568fbde5abc032e81c0 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This update modifies the boot data functional test to account for the recently added redundancy where boot data entries are duplicated on each page. It introduces `write_dup_boot_data` to simulate various valid/invalid states using bitmaps and updates existing tests to iterate through these scenarios. Change-Id: I6767b3205759c1285c7e31e2802935cf1cf38ff9 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This change adds an `events` field to the `boot_log_t` structure to track specific events during the boot process. Specifically, it introduces a `kBootLogEventRedundancy` flag that indicates if the boot data redundancy was fixed by the ROM_EXT. The `events` field is populated in `rom_ext_start` based on the `boot_data_validity` check. A new end-to-end test is added to verify that the redundancy fix is correctly signaled on the first boot after a bitstream load and not on subsequent resets. Change-Id: I2a3417d4e588f916bdb1ca4127a2bf0e4917d8a1 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This change adds a call to `boot_data_check` after reading back boot data. This ensures that the newly written entry is not only bit-for-bit correct but also indeed valid according to the boot data integrity rules. Change-Id: Idde3c0af5ed5478c1bd94e3a76a43ae9c016a537 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This change ignores the result of the boot data write operation to avoid falling into a boot loop if the redundancy fix fails. Change-Id: Id46734c58c36024249775b0b4e61114a6de26344 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
siemen11
left a comment
siemen11
left a comment
There was a problem hiding this comment.
Thank you for the offline discussions, change looks good to me!
timothytrippel
merged commit f35f93c
into
lowRISC:earlgrey_1.0.0
4 participants
This commit introduces a new dual-redundancy scheme for writing boot data to flash. Instead of the legacy circular writing scheme, which is now renamed to
boot_data_write_old, the newboot_data_writefunction ensures that a valid and consistent entry is written to the first index of both boot data pages.Key changes:
boot_data_writetoboot_data_write_old(for compatibility testing).boot_data_writeusing a dual-redundancy algorithm.boot_data_redundancy_checkto verify consistency between the two pages.rom_ext_startto automatically repair boot data using the redundancy check.Size difference:
boot_data_writeCoverage:
Full coverage of the added code is verified manually with the following command.