lowRISC · pamaury · Jul 25, 2025 · Nov 19, 2024 · Nov 20, 2024 · Nov 22, 2024
@@ -760,6 +760,7 @@ static const flash_ctrl_info_page_t *kInfoPagesNoOwnerAccess[] = {
     // Bank 1
     &kFlashCtrlInfoPageBootData0,
     &kFlashCtrlInfoPageBootData1,
+    &kFlashCtrlInfoPageCreatorReserved0,
 };
 
 enum {
@@ -805,6 +806,7 @@ void flash_ctrl_cert_info_page_creator_cfg(
 void flash_ctrl_cert_info_page_owner_restrict(
     const flash_ctrl_info_page_t *info_page) {
   SEC_MMIO_ASSERT_WRITE_INCREMENT(kFlashCtrlSecMmioCertInfoPageOwnerRestrict,
-                                  1);
+                                  2);
   flash_ctrl_info_perms_set(info_page, kCertificateInfoPageOwnerAccess);
+  sec_mmio_write32(flash_ctrl_core_base() + info_page->cfg_wen_offset, 0);
 }
@@ -166,9 +166,9 @@ FLASH_CTRL_INFO_PAGES_DEFINE(INFO_PAGE_STRUCT_DECL_);
  */
 enum {
   kFlashCtrlSecMmioCertInfoPageCreatorCfg = 2,
-  kFlashCtrlSecMmioCertInfoPageOwnerRestrict = 1,
+  kFlashCtrlSecMmioCertInfoPageOwnerRestrict = 2,
   kFlashCtrlSecMmioCertInfoPagesOwnerRestrict = 5,
-  kFlashCtrlSecMmioCreatorInfoPagesLockdown = 12,
+  kFlashCtrlSecMmioCreatorInfoPagesLockdown = 14,
   kFlashCtrlSecMmioDataDefaultCfgSet = 1,
   kFlashCtrlSecMmioDataDefaultPermsSet = 1,
   kFlashCtrlSecMmioExecSet = 1,

@@ -682,10 +682,11 @@ INSTANTIATE_TEST_SUITE_P(AllCases, FlashCtrlCfgSetTest,
                              }));
 
 TEST_F(FlashCtrlTest, CreatorInfoLockdown) {
-  std::array<const flash_ctrl_info_page_t *, 6> no_owner_access = {
-      &kFlashCtrlInfoPageFactoryId,   &kFlashCtrlInfoPageCreatorSecret,
-      &kFlashCtrlInfoPageOwnerSecret, &kFlashCtrlInfoPageWaferAuthSecret,
-      &kFlashCtrlInfoPageBootData0,   &kFlashCtrlInfoPageBootData1,
+  std::array<const flash_ctrl_info_page_t *, 7> no_owner_access = {
+      &kFlashCtrlInfoPageFactoryId,        &kFlashCtrlInfoPageCreatorSecret,
+      &kFlashCtrlInfoPageOwnerSecret,      &kFlashCtrlInfoPageWaferAuthSecret,
+      &kFlashCtrlInfoPageBootData0,        &kFlashCtrlInfoPageBootData1,
+      &kFlashCtrlInfoPageCreatorReserved0,
   };
   for (auto page : no_owner_access) {
     auto info_page = InfoPages().at(page);
@@ -737,6 +738,7 @@ TEST_F(FlashCtrlTest, CertInfoOwnerRestrict) {
     auto info_page = InfoPages().at(page);
     EXPECT_SEC_READ32(base_ + info_page.cfg_offset, 0x9666666);
     EXPECT_SEC_WRITE32(base_ + info_page.cfg_offset, 0x9669966);
+    EXPECT_SEC_WRITE32(base_ + info_page.cfg_wen_offset, 0);
   }
 
   flash_ctrl_cert_info_page_owner_restrict(

@@ -251,12 +251,10 @@ rom_error_t owner_block_flash_apply(const owner_flash_config_t *flash,
 }
 
 static inline hardened_bool_t is_owner_page(const owner_info_page_t *config) {
-  if (config->bank == 0) {
-    if (config->page >= 6 && config->page <= 9) {
-      // Currently, bank0, pages 6-9 (inclusive) are the pages reserved
-      // for the owner's use.
-      return kHardenedBoolTrue;
-    }
+  // On earlgrey_a1, in banks 0 and 1, pages 5-8 (inclusive) are reserved
+  // for the owner.
+  if (config->page >= 5 && config->page <= 8) {
+    return kHardenedBoolTrue;
   }
   return kHardenedBoolFalse;
 }

@@ -219,7 +219,7 @@ const owner_flash_info_config_t info_config = {
             {
                 // Disallowed page
                 .bank = 0,
-                .page = 5,
+                .page = 9,
                 .access = FLASH_ACCESS(
                     /*index=*/1,
                     /*read=*/true,

diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD
@@ -322,6 +322,7 @@ manifest(d = {
             "//sw/device/lib/testing/test_framework:status",
             "//sw/device/lib/testing/test_framework:ujson_ottf",
             "//sw/device/silicon_creator/lib:attestation",
+            "//sw/device/silicon_creator/lib:boot_data",
             "//sw/device/silicon_creator/lib:otbn_boot_services",
             "//sw/device/silicon_creator/lib/base:chip",
             "//sw/device/silicon_creator/lib/base:util",
@@ -333,10 +334,12 @@ manifest(d = {
             "//sw/device/silicon_creator/lib/drivers:hmac",
             "//sw/device/silicon_creator/lib/drivers:keymgr",
             "//sw/device/silicon_creator/lib/drivers:kmac",
+            "//sw/device/silicon_creator/lib/ownership:owner_block",
+            "//sw/device/silicon_creator/lib/ownership:ownership_key",
             "//sw/device/silicon_creator/manuf/lib:flash_info_fields",
             "//sw/device/silicon_creator/manuf/lib:individualize_sw_cfg_{}".format(config["otp"]),
             "//sw/device/silicon_creator/manuf/lib:personalize",
-        ] + config["dice_libs"] + config["device_ext_libs"],
+        ] + config["dice_libs"] + config["device_ext_libs"] + config.get("ownership_libs", []),
     )
     for sku, config in EARLGREY_SKUS.items()
 ]

@@ -24,6 +24,7 @@
 #include "sw/device/silicon_creator/lib/base/boot_measurements.h"
 #include "sw/device/silicon_creator/lib/base/chip.h"
 #include "sw/device/silicon_creator/lib/base/util.h"
+#include "sw/device/silicon_creator/lib/boot_data.h"
 #include "sw/device/silicon_creator/lib/cert/cdi_0.h"  // Generated.
 #include "sw/device/silicon_creator/lib/cert/cdi_1.h"  // Generated.
 #include "sw/device/silicon_creator/lib/cert/cert.h"
@@ -37,6 +38,8 @@
 #include "sw/device/silicon_creator/lib/error.h"
 #include "sw/device/silicon_creator/lib/manifest.h"
 #include "sw/device/silicon_creator/lib/otbn_boot_services.h"
+#include "sw/device/silicon_creator/lib/ownership/owner_block.h"
+#include "sw/device/silicon_creator/lib/ownership/ownership_key.h"
 #include "sw/device/silicon_creator/manuf/base/perso_tlv_data.h"
 #include "sw/device/silicon_creator/manuf/base/personalize_ext.h"
 #include "sw/device/silicon_creator/manuf/lib/flash_info_fields.h"
@@ -157,6 +160,16 @@ static cert_flash_info_layout_t cert_flash_layout[] = {
     },
 };
 
+/**
+ * Ownership initialization function.
+ */
+OT_WEAK rom_error_t
+sku_creator_owner_init(boot_data_t *bootdata, owner_config_t *config,
+                       owner_application_keyring_t *keyring) {
+  LOG_ERROR("No ownership initialization");
+  return kErrorOk;
+}
+
 static void log_self_hash(void) {
   // clang-format off
   LOG_INFO("Personalization Firmware Hash: 0x%08x%08x%08x%08x%08x%08x%08x%08x",
@@ -503,6 +516,9 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
       kDiceCertFormat, all_certs, curr_cert_size, &perso_blob_to_host));
   LOG_INFO("Generated UDS certificate.");
 
+  ownership_seal_init();
+  LOG_INFO("Initialized ownership sealing in UDS state.");
+
   // Generate CDI_0 keys and cert.
   curr_cert_size = kCdi0MaxCertSizeBytes;
   compute_keymgr_owner_int_binding(&certgen_inputs);
@@ -547,6 +563,39 @@ static status_t personalize_gen_dice_certificates(ujson_t *uj) {
   return OK_STATUS();
 }
 
+static status_t install_owner(void) {
+  // Get the boot_data; installing the owner will write it back with the
+  // ownership_state set to LockedOwner.
+  boot_data_t boot_data;
+  TRY(boot_data_read(kLcStateProd, &boot_data));
+
+  // Initialize the ownership-related flash pages.
+  flash_ctrl_perms_t perm = {
+      .read = kMultiBitBool4True,
+      .write = kMultiBitBool4True,
+      .erase = kMultiBitBool4True,
+  };
+  flash_ctrl_cfg_t cfg = {
+      .scrambling = kMultiBitBool4True,
+      .ecc = kMultiBitBool4True,
+      .he = kMultiBitBool4False,
+  };
+  flash_ctrl_info_perms_set(&kFlashCtrlInfoPageOwnerSlot0, perm);
+  flash_ctrl_info_cfg_set(&kFlashCtrlInfoPageOwnerSlot0, cfg);
+  flash_ctrl_info_perms_set(&kFlashCtrlInfoPageOwnerSlot1, perm);
+  flash_ctrl_info_cfg_set(&kFlashCtrlInfoPageOwnerSlot1, cfg);
+
+  // Initialize ownership.  This will write the owner block into OwnerSlot0 and
+  // set the ownership_state to LockedOwner.  The first boot of the ROM_EXT
+  // will create a redundanty copy in OwnerSlot1.
+  owner_config_t config;
+  owner_config_default(&config);
+  owner_application_keyring_t keyring = {0};
+  TRY(sku_creator_owner_init(&boot_data, &config, &keyring));
+
+  return OK_STATUS();
+}
+
 // Returns how much data is left in the perso blob receive buffer (i.e., `body`
 // field). Useful when scanning the receive buffer containing perso LTV objects.
 static size_t max_available(void) {
@@ -843,6 +892,7 @@ bool test_main(void) {
   CHECK_STATUS_OK(lc_ctrl_testutils_operational_state_check(&lc_ctrl));
   CHECK_STATUS_OK(personalize_otp_and_flash_secrets(&uj));
   CHECK_STATUS_OK(personalize_gen_dice_certificates(&uj));
+  CHECK_STATUS_OK(install_owner());
 
   personalize_extension_pre_endorse_t pre_endorse = {
       .uj = &uj,

@@ -27,6 +27,7 @@ EARLGREY_SKUS = {
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
         "device_ext_libs": ["@provisioning_exts//:default_perso_fw_ext"],
+        "ownership_libs": ["//sw/device/silicon_creator/lib/ownership:test_owner"],
         "rom_ext": "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b",
         "owner_fw": "//sw/device/silicon_owner/bare_metal:bare_metal_slot_b",
     },
@@ -53,6 +54,7 @@ EARLGREY_SKUS = {
             "//sw/device/silicon_creator/lib/cert:tpm_ek_template_library",
             "//sw/device/silicon_creator/manuf/base:tpm_perso_fw_ext",
         ],
+        "ownership_libs": ["//sw/device/silicon_creator/lib/ownership:test_owner"],
         "rom_ext": "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_b",
         "owner_fw": "//sw/device/silicon_owner/bare_metal:bare_metal_slot_b",
     },

@@ -105,6 +105,49 @@ impl FlashRegion<'_> {
     }
 }
 
+fn flash_info_check(info: &[FlashRegion<'_>], unlocked: bool) -> Result<()> {
+    // Flash info regions when no OwnerReserved pages are configured:
+    let config = [
+        FlashRegion("info", 0, 0, 0, "uu-uu-uu-uu-uu-uu", "LK"), // factory ID
+        FlashRegion("info", 0, 0, 1, "uu-uu-uu-uu-uu-uu", "LK"), // creator secret
+        FlashRegion("info", 0, 0, 2, "uu-uu-uu-uu-uu-uu", "LK"), // owner secret
+        FlashRegion("info", 0, 0, 3, "uu-uu-uu-uu-uu-uu", "LK"), // wafer auth secret
+        FlashRegion("info", 0, 0, 4, "RD-xx-xx-SC-EC-xx", "LK"), // attestation key seeds
+        FlashRegion("info", 0, 0, 5, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 0, 0, 6, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 0, 0, 7, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 0, 0, 8, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 0, 0, 9, "RD-xx-xx-SC-EC-xx", "LK"), // factory certs
+        FlashRegion("info", 1, 0, 0, "uu-uu-uu-uu-uu-uu", "LK"), // boot data 0
+        FlashRegion("info", 1, 0, 1, "uu-uu-uu-uu-uu-uu", "LK"), // boot data 1
+        FlashRegion("info", 1, 0, 2, "RD-xx-xx-SC-EC-xx", "LK"), // owner config 0
+        if unlocked {
+            FlashRegion("info", 1, 0, 3, "RD-WR-ER-SC-EC-xx", "LK") // owner config 1
+        } else {
+            FlashRegion("info", 1, 0, 3, "RD-xx-xx-SC-EC-xx", "LK") // owner config 1
+        },
+        FlashRegion("info", 1, 0, 4, "uu-uu-uu-uu-uu-uu", "LK"), // creator reserved
+        FlashRegion("info", 1, 0, 5, "RD-WR-ER-xx-xx-HE", "UN"), // owner reserved
+        FlashRegion("info", 1, 0, 6, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 1, 0, 7, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 1, 0, 8, "xx-xx-xx-xx-xx-xx", "UN"), // owner reserved
+        FlashRegion("info", 1, 0, 9, "RD-xx-xx-SC-EC-xx", "LK"), // dice certs
+    ];
+    assert_eq!(info.len(), config.len());
+    let mut err = 0;
+    for i in 0..config.len() {
+        if info[i] != config[i] {
+            log::error!("INFO entry {i}: {:?} != {:?}", info[i], config[i]);
+            err += 1;
+        }
+    }
+    if err != 0 {
+        Err(anyhow!("INFO lockdown mismatch"))
+    } else {
+        Ok(())
+    }
+}
+
 fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()> {
     let uart = transport.uart("console")?;
     let rescue = RescueSerial::new(Rc::clone(&uart));
@@ -198,17 +241,7 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
             FlashRegion("data", 7, 0, 0, "xx-xx-xx-xx-xx-xx", "UN")
         );
 
-        // Bank 1, pages 2-3 are the ownership pages.  In an ownership unlocked
-        // state, OwnerPage0 (bank 1 page 2) should be read-only and OwnerPage1
-        // (bank1 page 3) should be read/write.
-        assert_eq!(
-            region[20],
-            FlashRegion("info", 1, 0, 2, "RD-xx-xx-SC-EC-xx", "LK")
-        );
-        assert_eq!(
-            region[21],
-            FlashRegion("info", 1, 0, 3, "RD-WR-ER-SC-EC-xx", "LK")
-        );
+        flash_info_check(&region[8..], /*unlocked=*/ true)?;
     }
 
     log::info!("###### Get Boot Log (2/2) ######");
@@ -306,17 +339,7 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
         FlashRegion("data", 7, 0, 0, "xx-xx-xx-xx-xx-xx", "UN")
     );
 
-    // Bank 1, pages 2-3 are the ownership pages.  In an ownership locked
-    // state, both pages should be read-only.
-    assert_eq!(
-        region[20],
-        FlashRegion("info", 1, 0, 2, "RD-xx-xx-SC-EC-xx", "LK")
-    );
-    assert_eq!(
-        region[21],
-        FlashRegion("info", 1, 0, 3, "RD-xx-xx-SC-EC-xx", "LK")
-    );
-
+    flash_info_check(&region[8..], /*unlocked=*/ false)?;
     Ok(())
 }
 

@@ -13,7 +13,8 @@ use opentitanlib::chip::helper::{OwnershipActivateParams, OwnershipUnlockParams}
 use opentitanlib::crypto::ecdsa::{EcdsaPrivateKey, EcdsaPublicKey};
 use opentitanlib::ownership::{
     ApplicationKeyDomain, CommandTag, FlashFlags, KeyMaterial, OwnerApplicationKey, OwnerBlock,
-    OwnerConfigItem, OwnerFlashConfig, OwnerFlashRegion, OwnerRescueConfig, OwnershipKeyAlg,
+    OwnerConfigItem, OwnerFlashConfig, OwnerFlashInfoConfig, OwnerFlashRegion, OwnerInfoPage,
+    OwnerRescueConfig, OwnershipKeyAlg,
 };
 use opentitanlib::rescue::serial::RescueSerial;
 
@@ -241,6 +242,15 @@ where
                 ],
                 ..Default::default()
             }));
+        owner
+            .data
+            .push(OwnerConfigItem::FlashInfoConfig(OwnerFlashInfoConfig {
+                config: vec![
+                    // Bank 1, page 5, filesystem-like configuration.
+                    OwnerInfoPage::new(1, 5, config.filesystem()),
+                ],
+                ..Default::default()
+            }));
     }
     if cfg & CFG_RESCUE1 != 0 {
         let mut rescue = OwnerRescueConfig::all();