[ot] hw/opentitan: ot_keymgr: Implement sideloaded key clearing

Implements basic functionality for clearing the sideloaded keys, which
for now just zeroes out the keys, as wiping with entropy is not yet
implemented.

Signed-off-by: Alex Jones <[email protected]>

Author: AlexJones0

hw/opentitan/ot_keymgr.c

@@ -575,6 +575,20 @@ static const char *KEY_SINK_NAMES[] = {
          KEY_SINK_NAMES[(_st_)] : \
          "?")
 
+#define SIDELOAD_CLEAR_ENTRY(_st_) \
+    [KEYMGR_SIDELOAD_CLEAR_##_st_] = stringify(_st_)
+static const char *SIDELOAD_CLEAR_NAMES[] = {
+    SIDELOAD_CLEAR_ENTRY(NONE),
+    SIDELOAD_CLEAR_ENTRY(AES),
+    SIDELOAD_CLEAR_ENTRY(KMAC),
+    SIDELOAD_CLEAR_ENTRY(OTBN),
+};
+#undef SIDELOAD_CLEAR_ENTRY
+#define SIDELOAD_CLEAR_NAME(_st_) \
+    (((unsigned)(_st_)) < ARRAY_SIZE(SIDELOAD_CLEAR_NAMES) ? \
+         SIDELOAD_CLEAR_NAMES[(_st_)] : \
+         "?")
+
 #define WORKING_STATE_ENTRY(_st_) \
     [KEYMGR_WORKING_STATE_##_st_] = stringify(_st_)
 static const char *WORKING_STATE_NAMES[] = {
@@ -901,6 +915,39 @@ static void ot_keymgr_push_kdf_key(OtKeyMgrState *s, const uint8_t *key_share0,
                        false);
 }
 
+static void ot_keymgr_sideload_clear(OtKeyMgrState *s)
+{
+    int sideload_clear =
+        (int)FIELD_EX32(s->regs[R_SIDELOAD_CLEAR], SIDELOAD_CLEAR, VAL);
+
+    trace_ot_keymgr_sideload_clear(s->ot_id,
+                                   SIDELOAD_CLEAR_NAME(sideload_clear),
+                                   sideload_clear);
+
+    /* @todo: this should use random dummy data instead */
+    uint8_t share0[KEYMGR_KEY_SIZE_MAX] = { 0 };
+    uint8_t share1[KEYMGR_KEY_SIZE_MAX] = { 0 };
+
+    switch (sideload_clear) {
+    case KEYMGR_SIDELOAD_CLEAR_NONE:
+        break;
+    case KEYMGR_SIDELOAD_CLEAR_AES:
+    case KEYMGR_SIDELOAD_CLEAR_OTBN:
+    case KEYMGR_SIDELOAD_CLEAR_KMAC: {
+        OtKeyMgrKeySink sink =
+            (OtKeyMgrKeySink)(sideload_clear - KEY_SINK_OFFSET);
+        ot_keymgr_push_key(s, sink, share0, share1, false, true);
+        break;
+    }
+    default:
+        /* continuously clear ALL slots if a non-enumerated value is written */
+        for (unsigned ix = 0; ix < KEYMGR_KEY_SINK_COUNT; ix++) {
+            ot_keymgr_push_key(s, (OtKeyMgrKeySink)ix, share0, share1, false,
+                               true);
+        }
+    }
+}
+
 /* check that 'data' is not all zeros or all ones */
 static bool ot_keymgr_valid_data_check(const uint8_t *data, size_t len)
 {
@@ -1990,7 +2037,7 @@ static void ot_keymgr_write(void *opaque, hwaddr addr, uint64_t val64,
         }
         val32 &= R_SIDELOAD_CLEAR_VAL_MASK;
         s->regs[reg] = val32;
-        /* @todo: implement R_SIDELOAD_CLEAR */
+        ot_keymgr_sideload_clear(s);
         break;
     case R_RESEED_INTERVAL_REGWEN:
         val32 &= R_RESEED_INTERVAL_REGWEN_EN_MASK;

hw/opentitan/trace-events

@@ -303,6 +303,7 @@ ot_keymgr_reset(const char *id, const char *stage) "%s: %s"
 ot_keymgr_restore_kmac_key(const char *id) "%s"
 ot_keymgr_schedule_fsm(const char *id, const char *func, int line) "%s @ %s:%d"
 ot_keymgr_seed_missing(const char *id, unsigned ix) "%s: #%u"
+ot_keymgr_sideload_clear(const char *id, const char *sc, unsigned nsc) "%s: [%s:%u]"
 ot_keymgr_update_alert(const char *id, int prev, int next) "%s: %d -> %d"
 
 # ot_keymgr_dpe.c