[rom/keys] Remove RSA fake keys.

These are no longer needed as Earl Grey is now using ECDSA for signature verification. Signed-off-by: Miguel Osorio <miguelosorio@google.com>
lowRISC · May 24, 2024 · abb01b9 · abb01b9
1 parent 244801e
commit abb01b9
Show file tree

Hide file tree

Showing 15 changed files with 3 additions and 475 deletions.
diff --git a/quality/BUILD.bazel b/quality/BUILD.bazel
@@ -121,7 +121,6 @@ clang_tidy_rv_test(
         "//sw/device/silicon_creator/rom:sigverify_keys",
         "//sw/device/silicon_creator/rom:sigverify_keys_rsa",
         "//sw/device/silicon_creator/rom:sigverify_keys_spx",
-        "//sw/device/silicon_creator/rom/keys/fake/rsa",
     ],
 )
 

diff --git a/rules/opentitan.bzl b/rules/opentitan.bzl
@@ -104,17 +104,6 @@ SILICON_CREATOR_KEYS = struct(
                 create_prod_key("fake_ecdsa_prod_key_0", "@//sw/device/silicon_creator/rom/keys/fake/ecdsa:prod_key_0_ecdsa_p256"),
             ],
         ),
-        RSA = struct(
-            TEST = [
-                create_test_key("fake_rsa_test_key_0", "@//sw/device/silicon_creator/rom/keys/fake/rsa:test_private_key_0"),
-            ],
-            DEV = [
-                create_dev_key("fake_rsa_dev_key_0", "@//sw/device/silicon_creator/rom/keys/fake/rsa:dev_private_key_0"),
-            ],
-            PROD = [
-                create_prod_key("fake_rsa_prod_key_0", "@//sw/device/silicon_creator/rom/keys/fake/rsa:prod_private_key_0"),
-            ],
-        ),
         SPX = struct(
             TEST = [
                 create_test_key("fake_spx_test_key_0", "@//sw/device/silicon_creator/rom/keys/fake/spx:test_key_0_spx"),
@@ -130,9 +119,6 @@ SILICON_CREATOR_KEYS = struct(
     # We can't expose real private keys publicly.
     REAL = None,
     UNAUTHORIZED = struct(
-        RSA = [
-            create_key_("rsa_unauthorized_0", "@//sw/device/silicon_creator/rom/keys/unauthorized/rsa:unauthorized_private_key_0", []),
-        ],
         SPX = [
             create_key_("spx_unauthorized_0", "@//sw/device/silicon_creator/rom/keys/unauthorized/spx:unauthorized_0_spx", []),
         ],
@@ -172,20 +158,6 @@ def filter_key_structs_for_lc_state(key_structs, hw_lc_state):
         (not k.spx or key_allowed_in_lc_state(k.spx, hw_lc_state))
     )]
 
-RSA_ONLY_KEY_STRUCTS = [
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.TEST[0], None),
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.DEV[0], None),
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.PROD[0], None),
-    create_key_struct(None, SILICON_CREATOR_KEYS.UNAUTHORIZED.RSA[0], None),
-]
-
-RSA_SPX_KEY_STRUCTS = [
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.TEST[0], SILICON_CREATOR_KEYS.FAKE.SPX.TEST[0]),
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.DEV[0], SILICON_CREATOR_KEYS.FAKE.SPX.DEV[0]),
-    create_key_struct(None, SILICON_CREATOR_KEYS.FAKE.RSA.PROD[0], SILICON_CREATOR_KEYS.FAKE.SPX.PROD[0]),
-    create_key_struct(None, SILICON_CREATOR_KEYS.UNAUTHORIZED.RSA[0], SILICON_CREATOR_KEYS.UNAUTHORIZED.SPX[0]),
-]
-
 ECDSA_ONLY_KEY_STRUCTS = [
     create_key_struct(SILICON_CREATOR_KEYS.FAKE.ECDSA.TEST[0], None, None),
     create_key_struct(SILICON_CREATOR_KEYS.FAKE.ECDSA.DEV[0], None, None),
@@ -998,7 +970,7 @@ def opentitan_flash_binary(
         name,
         devices = PER_DEVICE_DEPS.keys(),
         platform = OPENTITAN_PLATFORM,
-        signing_key_structs = RSA_ONLY_KEY_STRUCTS + RSA_ONLY_ROM_EXT_KEY_STRUCTS,
+        signing_key_structs = ECDSA_ONLY_KEY_STRUCTS + RSA_ONLY_ROM_EXT_KEY_STRUCTS,
         signed = True,
         sim_otp = None,
         testonly = False,

diff --git a/rules/opentitan_test.bzl b/rules/opentitan_test.bzl
@@ -4,13 +4,12 @@
 
 load(
     "@//rules:opentitan.bzl",
-    "RSA_ONLY_KEY_STRUCTS",
+    "ECDSA_ONLY_KEY_STRUCTS",
     "opentitan_flash_binary",
     "opentitan_rom_binary",
 )
 load("@bazel_skylib//lib:shell.bzl", "shell")
 load("@bazel_skylib//lib:collections.bzl", "collections")
-load("@bazel_skylib//lib:sets.bzl", "sets")
 
 def _fpga_from_fpga_target(target):
     """
@@ -325,7 +324,7 @@ def opentitan_functest(
         manifest = "@//sw/device/silicon_creator/rom_ext:manifest",
         slot = "silicon_creator_a",
         test_harness = "@//sw/host/opentitantool",
-        key_struct = RSA_ONLY_KEY_STRUCTS[0],
+        key_struct = ECDSA_ONLY_KEY_STRUCTS[0],
         logging = "info",
         dv = None,
         verilator = None,

diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/BUILD b/sw/device/silicon_creator/rom/keys/fake/rsa/BUILD
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.der b/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.der
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.h b/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.h
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.pub.der b/sw/device/silicon_creator/rom/keys/fake/rsa/dev_key_0_rsa_3072_exp_f4.pub.der
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.der b/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.der
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.h b/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.h
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.pub.der b/sw/device/silicon_creator/rom/keys/fake/rsa/prod_key_0_rsa_3072_exp_f4.pub.der
diff --git a/sw/device/silicon_creator/rom/keys/fake/rsa/sigverify_rsa_keys_fake.c b/sw/device/silicon_creator/rom/keys/fake/rsa/sigverify_rsa_keys_fake.c