[ot] hw/opentitan: ot_flash: Dump keymgr secret in read trace

AlexJones0 · AlexJones0 · commit 91b1f391bc09 · 2025-10-09T11:12:31.000+01:00
I would have likely caught the previous bugs if I had properly traced
the seed like the TODO suggests. Add the ability to dump the entire seed
in the trace to make it easier to catch issues involving flash secrets
in the future.

Signed-off-by: Alex Jones &lt;alex.jones@lowrisc.org&gt;
diff --git a/hw/opentitan/ot_flash.c b/hw/opentitan/ot_flash.c
@@ -875,13 +875,21 @@ struct OtFlashState {
      */
     OtFifo32 hw_rd_fifo;
 
+    char *hexstr;
+
+    /* properties */
     char *ot_id;
     BlockBackend *blk; /* Flash backend */
     OtVMapperState *vmapper; /* to disable execution from flash */
     bool no_mem_prot; /* Flag to disable mem protection features */
     bool fatal_escalate;
 };
 
+#define OT_FLASH_HEXSTR_SIZE (FLASH_SEED_BYTES * 2u + 2u)
+
+#define ot_flash_dump_bigint(_s_, _b_, _l_) \
+    ot_common_lhexdump(_b_, _l_, true, (_s_)->hexstr, OT_FLASH_HEXSTR_SIZE)
+
 /* Flash memory protection rules */
 
 static const OtFlashPropertyCfg OT_FLASH_CFG_ALLOW_READ = {
@@ -1947,8 +1955,11 @@ static void ot_flash_read_keymgr_seed(OtFlashState *s, unsigned page,
     memcpy(seed->secret, seed_words, FLASH_SEED_BYTES);
     seed->valid = !s->op.failed;
 
-    /* todo: dump the seed in the trace? */
-    trace_ot_flash_read_keymgr_seed(s->ot_id, page, !s->op.failed);
+    if (trace_event_get_state(TRACE_OT_FLASH_READ_KEYMGR_SEED)) {
+        const char *hexstr =
+            ot_flash_dump_bigint(s, seed->secret, FLASH_SEED_BYTES);
+        trace_ot_flash_read_keymgr_seed(s->ot_id, page, !s->op.failed, hexstr);
+    }
 
     if (s->op.failed) {
         ot_flash_set_error(s, R_FAULT_STATUS_SEED_ERR_MASK, s->op.address);
@@ -3369,6 +3380,8 @@ static void ot_flash_init(Object *obj)
     s->lc_broadcast.timer =
         timer_new_ns(OT_VIRTUAL_CLOCK, &ot_flash_lc_broadcast, s);
     s->op_delay = timer_new_ns(OT_VIRTUAL_CLOCK, &ot_flash_init_complete, s);
+
+    s->hexstr = g_new0(char, OT_FLASH_HEXSTR_SIZE);
 }
 
 static void ot_flash_class_init(ObjectClass *klass, void *data)
diff --git a/hw/opentitan/trace-events b/hw/opentitan/trace-events
@@ -214,7 +214,7 @@ ot_flash_op_execute(const char* id, const char *op, bool hw) "%s: %s (hw=%u)"
 ot_flash_op_prog(const char* id, unsigned op_addr, unsigned count, unsigned remaining, bool failed, bool fifo_empty) "%s: op_addr 0x%06x count %u remaining %u failed %u fifo_empty %u"
 ot_flash_op_start(const char* id, const char *op, bool hw) "%s: %s (hw=%u)"
 ot_flash_prog_word(const char* id, bool info_part, unsigned word_addr, uint32_t word) "%s: info_part %u word_addr %u word %u"
-ot_flash_read_keymgr_seed(const char* id, unsigned page, bool success) "%s: %u: %u"
+ot_flash_read_keymgr_seed(const char* id, unsigned page, bool success, const char *seed) "%s: page:%u, success:%u, seed:%s"
 ot_flash_reset(const char *id, const char *phase) "%s: %s"
 ot_flash_reset_fifo(const char* id, const char *name) "%s: %s"
 ot_flash_set_error(const char* id, const char *op, bool hw, uint32_t err_code, uint32_t err_addr) "%s: %s (hw=%u): err=0x%08x at addr=0x%06x"
