[manuf] remove duplicate tests and config files

All provisioning flows are now tested E2E with the orchestrator script.
This makes the `opentitan_test` targets that also ran said flows
redundant and unneeded, thus we remove them. Additionally, we no longer
need duplicate CA configuration files as these are generated on the fly
by the orchestrator script from the same information that was duplicated
in the orchestrator SKU configuration files. This simplifies our test
infrastructure and provisioning flow configurations.

Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 6a5747a)

Author: timothytrippel

sw/device/silicon_creator/manuf/base/BUILD

@@ -14,14 +14,11 @@ load(
     "fpga_params",
     "opentitan_binary",
     "opentitan_test",
-    "silicon_params",
 )
 load(
     "//sw/device/silicon_creator/manuf/base:provisioning_inputs.bzl",
-    "CP_PROVISIONING_INPUTS",
     "EARLGREY_OTP_CFGS",
     "EARLGREY_SKUS",
-    "FT_PROVISIONING_INPUTS",
 )
 load(
     "//sw/device/silicon_creator/rom/e2e:defs.bzl",
@@ -127,38 +124,6 @@ opentitan_binary(
     ],
 )
 
-_CP_PROVISIONING_CMD_ARGS = """
-  --elf={sram_cp_provision}
-""" + CP_PROVISIONING_INPUTS
-
-_CP_PROVISIONING_HARNESS = "//sw/host/provisioning/cp"
-
-opentitan_test(
-    name = "cp_provision",
-    exec_env = {
-        "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None,
-        "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
-        "//hw/top_earlgrey:silicon_creator": None,
-    },
-    fpga = fpga_params(
-        binaries = {":sram_cp_provision": "sram_cp_provision"},
-        changes_otp = True,
-        needs_jtag = True,
-        otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_test_unlocked0_manuf_empty",
-        tags = ["manuf"],
-        test_cmd = _CP_PROVISIONING_CMD_ARGS,
-        test_harness = _CP_PROVISIONING_HARNESS,
-    ),
-    silicon = silicon_params(
-        binaries = {":sram_cp_provision": "sram_cp_provision"},
-        changes_otp = True,
-        interface = "teacup",
-        needs_jtag = True,
-        test_cmd = _CP_PROVISIONING_CMD_ARGS,
-        test_harness = _CP_PROVISIONING_HARNESS,
-    ),
-)
-
 opentitan_test(
     name = "cp_provision_functest",
     exec_env = {
@@ -363,16 +328,6 @@ manifest(d = {
     for sku, config in EARLGREY_SKUS.items()
 ]
 
-_FT_PROVISIONING_CMD_ARGS = """
-  --elf={{sram_ft_individualize}}
-  --bootstrap={{ft_personalize}}
-  --second-bootstrap={{bundle}}
-  --ca-config={{ca_config}}
-  --owner-success-text="{owner_fw_boot_str}"
-""" + FT_PROVISIONING_INPUTS
-
-_FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft:ft_{}"
-
 [
     opentitan_binary_assemble(
         name = "ft_fw_bundle_{}".format(sku),
@@ -410,112 +365,6 @@ filegroup(
            EXT_SIGNED_PERSO_BINS,
 )
 
-[
-    opentitan_test(
-        name = "ft_provision_{}".format(sku),
-        exec_env = {
-            "//hw/top_earlgrey:fpga_cw310_rom_with_fake_keys": None,
-            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
-            "//hw/top_earlgrey:fpga_cw340_sival": None,
-            "//hw/top_earlgrey:silicon_creator": None,
-        },
-        fpga = fpga_params(
-            timeout = "moderate",
-            binaries =
-                {
-                    ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
-                    # Use a pre-compiled perso binary if the SKU defines it,
-                    # else use the label of the opentitan_binary for the SKU.
-                    config.get(
-                        "perso_bin",
-                        ":ft_personalize_{}".format(sku),
-                    ): "ft_personalize",
-                    config["ca_config"]: "ca_config",
-                    ":ft_fw_bundle_{}".format(sku): "bundle",
-                },
-            changes_otp = True,
-            data = [config["ca_data"]],
-            needs_jtag = True,
-            otp = "//hw/top_earlgrey/data/otp/emulation:otp_img_test_locked0_manuf_initialized",
-            owner_slot_b = OWNER_SLOTS["b"],
-            rom_ext_slot_a = SLOTS["a"],
-            rom_ext_slot_b = SLOTS["b"],
-            tags = [
-                "lc_test_locked0",
-                "manuf",
-            ] + (["manual"] if config.get("offline", False) else []),
-            test_cmd = _FT_PROVISIONING_CMD_ARGS.format(
-                owner_fw_boot_str = config.get("owner_fw_boot_str", ""),
-            ),
-            test_harness = _FT_PROVISIONING_HARNESS.format(sku),
-        ),
-        silicon = silicon_params(
-            binaries =
-                {
-                    ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
-                    # Use a pre-compiled perso binary if the SKU defines it,
-                    # else use the label of the opentitan_binary for the SKU.
-                    config.get(
-                        "perso_bin",
-                        ":ft_personalize_{}".format(sku),
-                    ): "ft_personalize",
-                    config["ca_config"]: "ca_config",
-                    ":ft_fw_bundle_{}".format(sku): "bundle",
-                },
-            changes_otp = True,
-            data = [config["ca_data"]],
-            interface = "teacup",
-            needs_jtag = True,
-            owner_slot_b = OWNER_SLOTS["b"],
-            rom_ext_slot_a = SLOTS["a"],
-            rom_ext_slot_b = SLOTS["b"],
-            test_cmd = _FT_PROVISIONING_CMD_ARGS.format(
-                owner_fw_boot_str = config.get("owner_fw_boot_str", ""),
-            ),
-            test_harness = _FT_PROVISIONING_HARNESS.format(sku),
-        ),
-    )
-    for sku, config in EARLGREY_SKUS.items()
-]
-
-test_suite(
-    name = "ft_provision_cw310",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw310_rom_with_fake_keys".format(sku)
-        for sku, config in EARLGREY_SKUS.items()
-        if not config.get("offline", False)
-    ],
-)
-
-test_suite(
-    name = "ft_provision_including_offline_cw310",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw310_rom_with_fake_keys".format(sku)
-        for sku in EARLGREY_SKUS.keys()
-    ],
-)
-
-test_suite(
-    name = "ft_provision_cw340",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
-        for sku, config in EARLGREY_SKUS.items()
-        if not config.get("offline", False)
-    ],
-)
-
-test_suite(
-    name = "ft_provision_including_offline_cw340",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
-        for sku in EARLGREY_SKUS.keys()
-    ],
-)
-
 _DISQUALIFIED_FOR_SIGNING = ["emulation"]
 
 [

sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl

@@ -25,7 +25,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: X.509; Additional Certs: None
     "emulation": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -40,7 +39,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: CWT; Additional Certs: None
     "emulation_dice_cwt": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice_cwt"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -57,7 +55,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: X.509; Additional Certs: TPM EK
     "emulation_tpm": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -78,7 +75,6 @@ EARLGREY_SKUS = {
     # a more appropriate solution is found.
     # "sival": {
     #     "otp": "sival",
-    #     "ca_config": "//sw/device/silicon_creator/manuf/keys/sival:ca_config.json",
     #     "ca_data": "@//sw/device/silicon_creator/manuf/keys/sival:ca_data",
     #     "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
     #     "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -94,24 +90,3 @@ EARLGREY_SKUS = {
     #     "offline": True,
     # },
 } | EXT_EARLGREY_SKUS
-
-_TEST_TOKENS = """
-  --test-unlock-token="0x11111111_11111111_11111111_11111111"
-  --test-exit-token="0x11111111_11111111_11111111_11111111"
-"""
-
-CP_PROVISIONING_INPUTS = _TEST_TOKENS + """
-  --wafer-auth-secret="0x00000000_00000000_00000000_00000000_00000000_00000000_00000000_00000000"
-"""
-
-FT_PROVISIONING_INPUTS = _TEST_TOKENS + """
-  --ft-device-id="0x11111111_22222222_33333333_44444444"
-  --target-mission-mode-lc-state="prod"
-  --rma-unlock-token="0x01234567_89abcdef_01234567_89abcdef"
-  --token-encrypt-key-der-file="sw/device/silicon_creator/manuf/keys/fake/rma_unlock_enc_rsa3072.pub.der"
-  --rom-ext-measurement="0x11111111_11111111_11111111_11111111_11111111_11111111_11111111_11111111"
-  --owner-manifest-measurement="0x22222222_22222222_22222222_22222222_22222222_22222222_22222222_22222222"
-  --owner-measurement="0x33333333_33333333_33333333_33333333_33333333_33333333_33333333_33333333"
-  --rom-ext-security-version="0"
-  --owner-security-version="0"
-"""

sw/device/silicon_creator/manuf/keys/fake/BUILD

@@ -9,7 +9,6 @@ exports_files(glob(["**"]))
 filegroup(
     name = "ca_data",
     srcs = [
-        ":ca_config.json",
         ":dice_ca.pem",
         ":ext_ca.pem",
         ":rma_unlock_enc_rsa3072.pub.der",

sw/device/silicon_creator/manuf/keys/fake/ca_config.json

@@ -12,7 +12,7 @@ package(default_visibility = ["//visibility:public"])
 exports_files(glob(["**"]))
 
 filegroup(
-    name = "sku_all",
+    name = "all",
     srcs = depset([
         config["orchestrator_cfg"]
         for _, config in EARLGREY_SKUS.items()

sw/host/provisioning/orchestrator/configs/skus/BUILD

@@ -82,7 +82,7 @@ filegroup(
         "//sw/device/silicon_creator/manuf/keys:ca_data_all",
         "//sw/host/provisioning/cp",
         "//sw/host/provisioning/ft:ft_all",
-        "//sw/host/provisioning/orchestrator/configs/skus:sku_all",
+        "//sw/host/provisioning/orchestrator/configs/skus:all",
         "//third_party/openocd:jtag_cmsis_dap_adapter_cfg",
         "//third_party/openocd:jtag_olimex_cfg",
         "//third_party/openocd:openocd_bin",