Backport #25149 "[build] Introduce OTP emulation images." #27654
Conversation
pamaury
force-pushed
the
backport_25149
branch
2 times, most recently
from
ea01032 to
8459ac3
Compare
This change is in preparation for managing the SiVal silicon configuration using a separate OTP scaffolding. The `//sw/ip/otp_ctrl/data/earlgrey_skus/emulation` targets will contain OTP images used for simulation as well as FPGA emulation. FPGA emulation images will include both pre-silicon and post-silicon use cases. Targets under `//sw/ip/otp_ctrl/data/earlgrey_skus/sival` will be used strictly for configuring silicon for Silicon Validation flows. We refer to this as the SiVal SKU. The SiVal SKU will contain secure boot public keys backed by code-signing infrastructure as opposed to the the `emulation` configuration which will continue to use the test (i.e. fake) keys stored in the repository. Signed-off-by: Miguel Osorio <miguelosorio@google.com>
Signed-off-by: Amaury Pouly <amaury.pouly@lowrisc.org>
The provisioning firmware contains hardcoded settings for the HWCFG1 partition, and uses data generated at manufacturing time to calculate the DEVICE_ID. As a result, most of the otp image targets and hardware partition settings in the sival SKU, are not derived from the OTP build targets. This change removes unused tardgets to simplify the build / provisioning maintenance. pre-silicon and post-silicon simulation and emulation environments should use the emulation SKU instead. Signed-off-by: Miguel Osorio <miguelosorio@google.com>
The use of `CREATOR_SW_CFG_MANUF_STATE` as the SKU identifier is getting deprecated in favor of using the DeviceID. The DeviceID definition contains enough information to constraint code signatures to a particular SKU. The `CREATOR_SW_CFG_MANUF_STATE` will be used to capture the manufacturing state of the device. At the end of manufacturing, there will be a value configured to flag end of manufacturing. Signed-off-by: Miguel Osorio <miguelosorio@google.com>
This is essentially applying lowRISC#26061 to the emulation OTP images. See lowRISC#26060 for the rationale and plan for re-enabling SPX signatures. Signed-off-by: Amaury Pouly <amaury.pouly@lowrisc.org>
|
My recollection is that we disabled SPX signing on master togive some space for the development of the immutable section and to make the "sival" configuration on master match the configuration of the A1 SiVAL chip. On the various production SKUs, we do have SPX signing enabled and must maintain an appropriate size for ROM_EXT so that the immutable section, rom_ext and SPX signature all fit in 64K. I don't know what different OTP combinations we have for FPGA testing on master. We need SPX turned on for at least one of the configurations so that we make sure the ROM_EXT + Immutable Section + SPX signature fits into 64k. |
|
I suggest that we merge this PR as-is since it now passes the CI, and create an issue to enable SPX on master for the emulation images (or at least verify that there is a test that exercices ROM_EXT + immutable section + SPX). |
There was a problem hiding this comment.
I'm not as familiar with the intricacies of the manufacturing/provisioning flows, but the changes backported here seem reasonable (and were already approved on earlgrey_1.0.0). I've left one comment about an original commit that could use a change.
I definitely think we should get confirmation that it is fine to disable SPX signing on master for now before merging, and it would be good if someone more familiar with the details could review as well.
| otp_img = ":otp_json_owner_sw_cfg", | ||
| ) | ||
|
|
||
| # Create an overlay that enalbes the rv_dm late debug feature. |
There was a problem hiding this comment.
| # Create an overlay that enalbes the rv_dm late debug feature. | |
| # Create an overlay that enables the rv_dm late debug feature. |
(you don't need to fix this here, just pointing it out - this also exists on earlgrey_1.0.0 in hw/ip/otp_ctrl/data/earlgrey_skus/emulation/BUILD)
| @@ -12,7 +12,7 @@ To run on an CW310 FPGA for testing, run: | |||
| ``` | |||
| bazel run \ | |||
| --//hw/bitstream/universal:env=//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys \ | |||
| --//hw/bitstream/universal:otp=//hw/ip/otp_ctrl/data/earlgrey_skus/sival:otp_img_test_unlocked0_manuf_empty \ | |||
| --//hw/bitstream/universal:otp=//hw/top_earlgrey/data/otp/sival:otp_img_test_unlocked0_manuf_empty \ | |||
There was a problem hiding this comment.
Shouldn't this be:
| --//hw/bitstream/universal:otp=//hw/top_earlgrey/data/otp/sival:otp_img_test_unlocked0_manuf_empty \ | |
| --//hw/bitstream/universal:otp=//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked0_manuf_empty \ |
as the subsequent (3rd) backported commit removes this target from from //hw/top_earlgrey/data/otp/sival (aside: even if it did still exist, it would be //hw/top_earlgrey/data/otp/sival_skus on master).
There was a problem hiding this comment.
I see that you fixed this in #27705 anyhow, but it would be nice if it was correct here also.
(edit: actually I think it's wrong there also, I'll leave a comment).
Backport #25149, #25168 . The history is quite confusing because some changes were partially cherry-picked to master but in a different from the one in earlgrey_1.0.0, see #25168 I had to fix quite a few bazel labels but nothing major.
There is one issue however: on master, SPX was disabled in SiVal (#26060) but not on
earlgrey_1.0.0. Therefore a plain backports causes SiVal tests to fail because the emulation images have SPX enabled and the sival exec env is switched to the emulation OTP. In this PR, I added one commit to "apply" #26060 to the emulation images so that SPX is disabled in both emulation and SiVal images.@moidx @timothytrippel @cfrantz Please let me know if the extra commit disabling SPX is fine