New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[sw/silicon_creator] Implement ROM_EXT bootstrap library #18929
Conversation
0efa623
to
9c9e807
Compare
65971c4
to
c62ba6a
Compare
c62ba6a
to
db2451d
Compare
f198b7c
to
6315069
Compare
296ff41
to
a276bc9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for putting this together @dmcardle ! I'm just not sure about the following points:
- Can we try splitting this into two implementations like rom and rom_ext so that we don't have to cache and pass
protect_rom_ext
to the functions? - I think we should enhance the flash_ctrl.c driver and add a function for setting mp_region_cfg registers for enabling erase over an arbitrary region instead of enabling it for a bank -- this would handle protecting rom_ext as well.
- We should double-check with rom_ext is at a page boundary. If not, we will need to read-modify-write since we can only erase at page boundaries.
I'll send an invite to chat about this tomorrow.
// If the boot failed, check whether we should enter bootstrap mode. | ||
if (error != kErrorOk && rom_ext_bootstrap_enabled() == kHardenedBoolTrue) { | ||
HARDENED_CHECK_EQ(rom_ext_bootstrap_enabled(), kHardenedBoolTrue); | ||
OT_DISCARD(rom_printf("Entering ROM_EXT bootstrap\r\n")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OT_DISCARD(rom_printf("Entering ROM_EXT bootstrap\r\n")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this printf is not strictly necessary, but I figured it simplifies testing rom_ext_bootstrap_enabled()
via a functest, since we can set the exit_success
to "Entering ROM_EXT bootstrap\r\n"
.
Deleting is fine as well — e2e tests can just test the observable behavior, such as whether the requested pages were written to flash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this printf is not strictly necessary, but I figured it simplifies testing
rom_ext_bootstrap_enabled()
via a functest, since we can set theexit_success
to"Entering ROM_EXT bootstrap\r\n"
.
I see.
Deleting is fine as well — e2e tests can just test the observable behavior, such as whether the requested pages were written to flash.
I think we can also send jedec_id or read_sfdp commands and check the response.
If you prefer to include this please feel free to add a fpga-specific function implementation in device_fpga_cw310.c
. You might also want to convert the existing function to a generic fpga_rom_printf()
. But please note that if you use it in tests those tests would pass only on FPGA.
0eb14ee
to
503a09a
Compare
Hey @alphan, this is ready to review whenever you get a chance!
Done.
Per our chat, I'll enhance the flash_ctrl driver in a followup PR. This PR has unit tests that verify/document the non-bounds-checking behavior. I've left TODO comments (linking to #19151) about making use of the flash_ctrl memory protection features. I'll sweep through and clean out those TODOs in the followup PR.
Good point. The ROM_EXT regions in slot A and slot B definitely lie on page boundaries. I'll plan on adding a static_assert in the followup PR.
$ python
>>> 524288 % 2048
0
>>> 0x10000 % 2048
0
>>> (524288 + 0x10000) % 2048
0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @dmcardle ! LGTM mod some minor nits.
Signed-off-by: Dan McArdle <dmcardle@opentitan.org>
0b864cd
to
81e5a3c
Compare
Issue lowRISC#19151 Signed-off-by: Dan McArdle <dmcardle@opentitan.org>
81e5a3c
to
0826752
Compare
No description provided.