Backport #25149 "[build] Introduce OTP emulation images." #27654
+408
−176
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pamaury
force-pushed
the
backport_25149
branch
2 times, most recently
from
ea01032 to
8459ac3
Compare
This change is in preparation for managing the SiVal silicon configuration using a separate OTP scaffolding. The `//sw/ip/otp_ctrl/data/earlgrey_skus/emulation` targets will contain OTP images used for simulation as well as FPGA emulation. FPGA emulation images will include both pre-silicon and post-silicon use cases. Targets under `//sw/ip/otp_ctrl/data/earlgrey_skus/sival` will be used strictly for configuring silicon for Silicon Validation flows. We refer to this as the SiVal SKU. The SiVal SKU will contain secure boot public keys backed by code-signing infrastructure as opposed to the the `emulation` configuration which will continue to use the test (i.e. fake) keys stored in the repository. Signed-off-by: Miguel Osorio <[email protected]>
Signed-off-by: Amaury Pouly <[email protected]>
The provisioning firmware contains hardcoded settings for the HWCFG1 partition, and uses data generated at manufacturing time to calculate the DEVICE_ID. As a result, most of the otp image targets and hardware partition settings in the sival SKU, are not derived from the OTP build targets. This change removes unused tardgets to simplify the build / provisioning maintenance. pre-silicon and post-silicon simulation and emulation environments should use the emulation SKU instead. Signed-off-by: Miguel Osorio <[email protected]>
The use of `CREATOR_SW_CFG_MANUF_STATE` as the SKU identifier is getting deprecated in favor of using the DeviceID. The DeviceID definition contains enough information to constraint code signatures to a particular SKU. The `CREATOR_SW_CFG_MANUF_STATE` will be used to capture the manufacturing state of the device. At the end of manufacturing, there will be a value configured to flag end of manufacturing. Signed-off-by: Miguel Osorio <[email protected]>
This is essentially applying lowRISC#26061 to the emulation OTP images. See lowRISC#26060 for the rationale and plan for re-enabling SPX signatures. Signed-off-by: Amaury Pouly <[email protected]>
|
My recollection is that we disabled SPX signing on master togive some space for the development of the immutable section and to make the "sival" configuration on master match the configuration of the A1 SiVAL chip. On the various production SKUs, we do have SPX signing enabled and must maintain an appropriate size for ROM_EXT so that the immutable section, rom_ext and SPX signature all fit in 64K. I don't know what different OTP combinations we have for FPGA testing on master. We need SPX turned on for at least one of the configurations so that we make sure the ROM_EXT + Immutable Section + SPX signature fits into 64k. |
|
I suggest that we merge this PR as-is, and create an issue to enable SPX on master for the emulation images (or at least verify that there is a test that exercices ROM_EXT + immutable section + SPX). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport #25149, #25168 . The history is quite confusing because some changes were partially cherry-picked to master but in a different from the one in earlgrey_1.0.0, see #25168 I had to fix quite a few bazel labels but nothing major.
There is one issue however: on master, SPX was disabled in SiVal (#26060) but not on
earlgrey_1.0.0. Therefore a plain backports causes SiVal tests to fail because the emulation images have SPX enabled and the sival exec env is switched to the emulation OTP. In this PR, I added one commit to "apply" #26060 to the emulation images so that SPX is disabled in both emulation and SiVal images.@moidx @timothytrippel @cfrantz Please let me know if the extra commit disabling SPX is fine