[signing] Publish signing ceremony 2024-10-25

1. Ceremony documentation.
2. Change owner_key_type to ecdsa.
3. ROM_EXT 0.6 binaries.

Signed-off-by: Chris Frantz <[email protected]>

signing/BUILD

@@ -33,7 +33,7 @@ config_setting(
 # and eliminate RSA keys for application signing.
 string_flag(
     name = "owner_key_type",
-    build_setting_default = "rsa",
+    build_setting_default = "ecdsa",
     values = [
         "rsa",
         "ecdsa",

signing/logs/2024-10-25.md

@@ -0,0 +1,295 @@
+# Signing Ceremony 2024-10-25
+
+- Purpose:
+    - Create new a ROM\_EXT release with ownership transfer and a validatable DICE chain.
+    - Correct the `protect_when_active` defect in ROM_EXT 0.5.
+- Participants: cfrantz (leader), moidx(witness), ttrippel (witness).
+
+## Ceremony Prolog
+
+Before the ceremony, we double checked build reproducibility.
+At opentitan commit ebb466707eda33c46157c477d3598f87844272e2 on branch
+`earlgrey_es_sival`, we ran:
+
+```
+bazel build  --stamp \
+    --//sw/device/silicon_creator/rom_ext:secver_write=false \
+    //sw/device/silicon_creator/rom_ext/proda:digests \
+    //sw/device/silicon_creator/rom_ext/prodc:digests \
+    //sw/device/silicon_creator/rom_ext/sival:digests
+
+sha256sum \
+    bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar \
+    bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar \
+    bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar
+e3d3ac9f3dd3ca3d5514f6580adede5cfe10432c3ea9a90668b8f5109cb40e22  bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar
+1ede4cbfd47b40c23632b820e33fe86e4ab59c1656d4ada8d98a608fcb3de9f6  bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar
+c7ba82eb6004b0e6fc713004f606ea382aec71f0168c3957a53ea7d9a420e39d  bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar
+```
+
+Having established that the binaries are reproducible, we copied the digests and
+`hsmtool` to a staging subdirectory.
+```
+cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/proda/digests.tar ~/signing/proda.tar
+cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/prodc/digests.tar ~/signing/prodc.tar
+cp bazel-out/k8-fastbuild/bin/sw/device/silicon_creator/rom_ext/sival/digests.tar ~/signing/sival.tar
+cp bazel-out/k8-fastbuild/bin/sw/host/hsmtool/hsmtool ~/signing
+```
+
+## Entrust HSM driver
+
+No driver updates were required during this ceremony.
+
+## Ceremony
+
+### Setup & Authenticate to the HSM
+
+```
+$ export HSMTOOL_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so
+$ cd ~/signing
+
+$ /opt/nfast/bin/preload  -c earlgrey_a0 /bin/bash
+
+2024-05-23 16:39:11: [1825312]: INFO: Preload running with: -c earlgrey_a0 /bin/bash
+2024-05-23 16:39:12: [1825312]: INFO: Created a (new) connection to Hardserver
+2024-05-23 16:39:12: [1825312]: INFO: Modules newly usable: [1].
+2024-05-23 16:39:12: [1825312]: INFO: Found a change in the system: an update pass is needed.
+2024-05-23 16:39:12: [1825312]: INFO: Loading cardset: earlgrey_a0 in modules: [1]
+
+Loading `earlgrey_a0':
+ Module 1 slot 0: empty
+ Module 1 slot 2: empty
+ Module 1 slot 3: empty
+ Module 1 slot 4: empty
+ Module 1 slot 0: `earlgrey_a0' #6
+ Module 1 slot 0:- passphrase supplied - reading card
+ Module 1 slot 0:- passphrase supplied - reading card
+ Module 1 slot 0: `earlgrey_a0' #6: already read
+ Module 1 slot 0: empty
+ Module 1 slot 0: `earlgrey_a0' #7
+ Module 1 slot 0:- passphrase supplied - reading card
+ Module 1 slot 0:- passphrase supplied - reading card
+ Module 1 slot 0: `earlgrey_a0' #7: already read
+ Module 1 slot 0: empty
+ Module 1 slot 0: `earlgrey_a0' #8
+ Module 1 slot 0:- passphrase supplied - reading card
+Card reading complete.
+
+2024-05-23 16:43:16: [1825312]: INFO: Loading cardset: Cardset: earlgrey_a0 (1c7c...) in module: 1
+2024-05-23 16:43:16: [1825312]: INFO: Stored Cardset: earlgrey_a0 (1c7c...) in module #1
+2024-05-23 16:43:16: [1825312]: INFO: Maintaining the cardset earlgrey_a0 protected key(s)=['pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1', 'pkcs11:uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb'].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-74f9033870f2653fd4973b0360da7de6d4f80f90 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-2a10059f018344a8f6450a1281de161df478a999 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-826f19e10a525bc8ae593d5a9af960465d86b636 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-fe987257aaa6d3b9c9cefcbbe8a7d7393521c287 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-73fc0ba5bb8af48d168644cebed2543be1c57419 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-990cc0b5fb853aace101455f79ac48ffeac311f1 is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: The private/symmetric key pkcs11/uc1c7c81df30010626431b8fa4c7fc646cac722b61-54bf627299209f050de6d490fe06b331dce656bb is loaded in module(s): [1].
+2024-05-23 16:43:16: [1825312]: INFO: Loading complete. Executing subprocess /bin/bash
+
+$ ./hsmtool token list
+{
+  "tokens": [
+    {
+      "label": "loadshared accelerator",
+      "manufacturer_id": "nCipher Corp. Ltd",
+      "model": "",
+      "serial_number": ""
+    },
+    {
+      "label": "earlgrey_a0",
+      "manufacturer_id": "nCipher Corp. Ltd",
+      "model": "",
+      "serial_number": "1c7c81df30010626"
+    }
+  ]
+}
+```
+
+## Signing
+
+Signing was performed in the staging subdirectory inside the `preload` subshell.
+
+### ProdA signatures
+
+```
+$ mkdir proda
+$ cd proda
+$ tar xvf ../proda.tar
+$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json
+
+[
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  }
+]
+```
+
+### ProdC signatures
+
+```
+$ mkdir prodc
+$ cd prodc
+$ tar xvf ../prodc.tar
+$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json
+[
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  }
+]
+```
+
+### SiVal signatures
+
+```
+$ mkdir sival
+$ cd sival
+$ tar xvf ../sival.tar
+$ ../hsmtool -t earlgrey_a0 -u user exec presigning.json
+
+[
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  },
+  {
+    "command": "rsa-sign",
+    "result": {
+      "success": true
+    }
+  }
+]
+```
+
+## Ceremony Epilog
+
+After signing, the signatures were collected so they could be tested prior to
+publishing the signatures and binaries.  The `preload` session was exited, thus logging out of the HSM.
+
+```
+$ tar cvf signatures.tar */*.rsa_sig
+
+proda/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig
+proda/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig
+proda/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig
+proda/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig
+proda/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig
+proda/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig
+prodc/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig
+sival/rom_ext_real_prod_signed_slot_a_fpga_cw310.rsa_sig
+sival/rom_ext_real_prod_signed_slot_a_silicon_creator.rsa_sig
+sival/rom_ext_real_prod_signed_slot_b_fpga_cw310.rsa_sig
+sival/rom_ext_real_prod_signed_slot_b_silicon_creator.rsa_sig
+sival/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig
+sival/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig
+
+$ exit
+```
+
+### Attaching signatures
+
+The following command was used to attach the signatures to the ROM\_EXT binaries:
+
+```
+bazel build --stamp --//sw/device/silicon_creator/rom_ext:secver_write=false \
+  //sw/device/silicon_creator/rom_ext/prodc:signed \
+  //sw/device/silicon_creator/rom_ext/proda:signed \
+  //sw/device/silicon_creator/rom_ext/sival:signed
+```

sw/device/silicon_creator/rom_ext/proda/signatures/rom_ext_real_prod_signed_slot_virtual_fpga_cw310.rsa_sig

@@ -1 +1,2 @@
-ժpƨ�����"����A����ˠe��-���$ݖmeZ� T(�>�<�N��4�H��K�v�9詮�;C��d���qt�!��?���(�+O�2��Ň���\�|�?n�U�"�c��1�i���������ÒW&c�J��y8�8�U��|��B�I��"~���K��O�:A��o�O�Wm��79q�3�&
;��2P$k ���`ޞn�t��ۑ���~��	_Ϥ����&��%O-�U��X�^����jHC�38oߨ�f���L#0&�P�����:9�'P!^�?P�`�l���+�㴶������T�cSn$�������)�v�z��hR�$�f����ZIEP���+�>\eO�^��#��	8L&�Wd�j�
+��1^���8uN�^�'95lc$(>a��;3�:��ys�a2��a�]hJ|��ݏ�F`�2�7���9ޘ@HF��"�y�x^6�����A��{V�$k�ܤ
Iǡ��ⶲU�����G�����(����֜�ʷ�^�ޔ=3*����f��	��^��h�HI*�y[t��7�+���#oǏ�H!�d��5I{�n��y8f�=r�y�h$|�)1�_w�ԮW��p��`��?��,�&2Gh�ۃ��Vt�dkY��,c���x�?�Վ��/�̗*~c\y���d����)'��h�&
�S��2a=W�z&���h�^�*��?Ao�^��gdA��
+r4�(����ܛ#MD�#�<:-X���Xv����u

sw/device/silicon_creator/rom_ext/sival/signatures/rom_ext_real_prod_signed_slot_virtual_silicon_creator.rsa_sig

@@ -1,2 +1,2 @@
-ʓr�&����8�tYRP?�~����^ �	SY'���b���7ԣ����\�}`1��鮱�D�U�Y�$�g߀�m�	�?�	�*_��`��7J^����N;vF�5{��߀:d�U8-���/�1���Ҁ�0xc����E�:jӃ�cPv�#�^+��m��d�Ԝ���4�Z��I�7�E�|}�#��*u�Ka3ᙽ��Rz��6.���I�Y��	4S��-:��T��X>������|����x��C�Z�[�-
�-�C�����W��rT��Q]t ZF�N�|�����a�e�Mσ��H��:i�*�c>PAv�l��Mh�ڶ����㋯ƃ����
-J�f�Y�P��I��ƈd�
+(��P���>�go����`.ÔXw�_4�j��+a��*j˯�ŀ-Ř�L�f���~W�~�K�Z��61;�M��u�1�)�O˫�CE���8�$�#��L��O�
"W��tp��\o�
�����cI��lw�xx`��Ta;�����X�M��n�ªi0�nt}�!�?�)�������m���yQ@]Q�l5���f*.�>h��l������E��>��o��q�p����8O�|�h(���F{��%Fd��#���"Pm�o���v��l�&��?�R��/�	�ko��P��Fu:��YY|�|*^��D��Aݧ^Pe�
+�h�J����֪�j,e:�����x)�ZRW)12�����gڊ*W��6?H]�oj�