Cherry-pick to earlgrey_1.0.0: [ownership] Initialize owner configuration

sw/device/silicon_creator/lib/ownership/BUILD

@@ -100,7 +100,11 @@ cc_library(
     deps = [
         ":datatypes",
         ":ecdsa",
+        ":owner_block",
         ":ownership_key",
+        "//sw/device/lib/base:hardened_memory",
+        "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib:dbg_print",
         "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
     ],
 )
@@ -168,3 +172,51 @@ cc_test(
         "@googletest//:gtest_main",
     ],
 )
+
+cc_library(
+    name = "ownership_activate",
+    srcs = ["ownership_activate.c"],
+    hdrs = ["ownership_activate.h"],
+    deps = [
+        ":datatypes",
+        ":ownership",
+        ":ownership_key",
+        "//sw/device/lib/base:memory",
+        "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib:error",
+        "//sw/device/silicon_creator/lib/boot_svc:boot_svc_msg",
+        "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
+    ],
+)
+
+cc_test(
+    name = "ownership_activate_unittest",
+    srcs = [
+        "ownership_activate_unittest.cc",
+    ],
+    deps = [
+        ":datatypes",
+        ":ownership_activate",
+        ":ownership_key",
+        "//sw/device/lib/base:hardened",
+        "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib/boot_svc:boot_svc_header",
+        "//sw/device/silicon_creator/testing:rom_test",
+        "@googletest//:gtest_main",
+    ],
+)
+
+cc_library(
+    name = "test_owner",
+    testonly = True,
+    srcs = ["test_owner.c"],
+    deps = [
+        ":datatypes",
+        ":owner_block",
+        ":ownership",
+        "//sw/device/silicon_creator/lib:boot_data",
+        "//sw/device/silicon_creator/lib/drivers:flash_ctrl",
+        "//sw/device/silicon_creator/lib/ownership/keys/fake:includes",
+    ],
+    alwayslink = True,
+)

sw/device/silicon_creator/lib/ownership/datatypes.h

@@ -42,7 +42,7 @@ typedef enum ownership_state {
   /* Unlocked Endorsed: `UEND`. */
   kOwnershipStateUnlockedEndorsed = 0x444e4555,
   /* Locked None: any bit pattern not listed above. */
-  kOwnershipStateLockedNone = 0,
+  kOwnershipStateRecovery = 0,
 } ownership_state_t;
 
 typedef enum ownership_key_alg {

sw/device/silicon_creator/lib/ownership/keys/fake/BUILD

@@ -4,6 +4,19 @@
 
 package(default_visibility = ["//visibility:public"])
 
+cc_library(
+    name = "includes",
+    testonly = True,
+    hdrs = [
+        "activate_ecdsa_p256.h",
+        "app_dev_key_rsa_3072_exp_f4.h",
+        "app_prod_key_rsa_3072_exp_f4.h",
+        "app_test_key_rsa_3072_exp_f4.h",
+        "owner_ecdsa_p256.h",
+        "unlock_ecdsa_p256.h",
+    ],
+)
+
 cc_library(
     name = "fake",
     srcs = [
@@ -22,3 +35,18 @@ filegroup(
     name = "no_owner_recovery_key",
     srcs = ["no_owner_recovery_ecdsa_p256.der"],
 )
+
+filegroup(
+    name = "owner_key",
+    srcs = ["owner_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "activate_key",
+    srcs = ["activate_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "unlock_key",
+    srcs = ["unlock_ecdsa_p256.der"],
+)

sw/device/silicon_creator/lib/ownership/keys/fake/activate_ecdsa_p256.h

@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_ACTIVATE_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_ACTIVATE_ECDSA_P256_H_
+
+#define ACTIVATE_ECDSA_P256                                                 \
+  {                                                                         \
+    0x63a31253, 0x04b237ba, 0x3738e9f4, 0x5882a207, 0x8c5dd770, 0xbc279ae3, \
+        0x4f608694, 0xc7888656, 0xbbe32c57, 0x1528a35a, 0xf13f6916,         \
+        0xa3802d5e, 0xcf1f6f3d, 0x2f8b61a0, 0xa5e97f8f, 0x77328a26,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_ACTIVATE_ECDSA_P256_H_

sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_key_rsa_3072_exp_f4.h

@@ -0,0 +1,38 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_KEY_RSA_3072_EXP_F4_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_KEY_RSA_3072_EXP_F4_H_
+
+#define APP_DEV_KEY_RSA_3072_EXP_F4                                     \
+  {                                                                     \
+    .n =                                                                \
+        {{                                                              \
+            0x63f8a30b, 0xd703332e, 0xcfda502b, 0x2a51ada2, 0xc99413d6, \
+            0x7830792c, 0xe1107f7d, 0xe5854ec6, 0x5d410c7c, 0x88131d46, \
+            0xab8d61aa, 0xf9994b28, 0x4b52055a, 0xf7753ce2, 0xbac65041, \
+            0xf77d36c2, 0xe2c13eb1, 0xbbcf1618, 0x65f03fa4, 0x5a548fb2, \
+            0xc0845b92, 0xbb12faca, 0xb3172796, 0xe4bee37b, 0xf40ac213, \
+            0xd0914385, 0x5a4b7a11, 0x35204ba7, 0x1598a2e5, 0xcbe0e0dc, \
+            0xf5a1e236, 0x19195202, 0xfcf02de3, 0xb9757104, 0x3a3d9f19, \
+            0xf6c9a286, 0x3d30e741, 0x952bc51d, 0xe67c3a90, 0x8870ee31, \
+            0x89134026, 0xfca20db3, 0x1e82d36f, 0x034c13e3, 0xc085359f, \
+            0xc693dfdf, 0x3454d1d4, 0x7c778806, 0x80f22087, 0xeea8597c, \
+            0x467ae6d2, 0x4d5194e4, 0x2367fe77, 0xccaf7d67, 0x9fc866e0, \
+            0x3164a496, 0x58944368, 0x7ed7b0ca, 0x1cc7d16c, 0xfbd57965, \
+            0xa53c091e, 0x4dcf09ea, 0x19fccc00, 0x35422a8d, 0x66411309, \
+            0x07b1b7b7, 0xf1fcaeb0, 0xc016d776, 0x65cfb0c2, 0x383adb60, \
+            0x1e45b70f, 0x674d7502, 0x186e1c7c, 0xb9c59554, 0xab5ae125, \
+            0x110e22a9, 0x67dd11dd, 0xab890787, 0x6303702a, 0x39ff545d, \
+            0x81ef5e96, 0x682c936c, 0xa2b37ac3, 0x168138c2, 0x478d052e, \
+            0xc18577a8, 0x668b2f0c, 0xfa040834, 0x1b44c2c2, 0x37ab4e2f, \
+            0xb467dfd9, 0xf6ba4975, 0xe9894308, 0x0a2cd975, 0xca8f9260, \
+            0xa60f2fbd,                                                 \
+        }},                                                             \
+    .n0_inv = {                                                         \
+        0xccd16f5d, 0xfd731e89, 0xd45f135f, 0xf03201e9,                 \
+        0x4d574fed, 0x4a558cfc, 0x96e3e680, 0x958fb9cc,                 \
+    },                                                                  \
+  }
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_KEY_RSA_3072_EXP_F4_H_

sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_key_rsa_3072_exp_f4.h

@@ -0,0 +1,39 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_KEY_RSA_3072_EXP_F4_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_KEY_RSA_3072_EXP_F4_H_
+
+#define APP_PROD_KEY_RSA_3072_EXP_F4                                    \
+  {                                                                     \
+    .n =                                                                \
+        {{                                                              \
+            0x57c16245, 0xef622191, 0x066fad45, 0x59e954cd, 0xfec92329, \
+            0x0159eef1, 0x1cb5d8c4, 0xc4a03e0d, 0x7bd1981f, 0xa3b1635d, \
+            0x4a4043cc, 0x96f233f3, 0x61899a37, 0xd7364c98, 0x840fd549, \
+            0x8a6e9b79, 0x4b57b805, 0x3d6e245d, 0x952aed3e, 0x4eb99cfe, \
+            0x4cc09a03, 0x0508a4e0, 0x76ca6b13, 0x87d9b6e4, 0x8b845774, \
+            0x5a5922a7, 0x0536a4c7, 0xfbda4ec3, 0x5eb92876, 0xaba0dd7c, \
+            0xbaf505b1, 0xbe54b9e9, 0x88bb8492, 0x8252f8db, 0x0a863853, \
+            0xde7aa0e3, 0x6e22419c, 0xa9f7a633, 0x307202a5, 0x94668bca, \
+            0x97eb70ba, 0xaa0cf94d, 0x316e1839, 0x459819f6, 0xd0df6c70, \
+            0xdc08075a, 0xc4a9de99, 0x4b4561b1, 0xb2441f56, 0x7aa03e20, \
+            0xb0223b2c, 0xe6f5771c, 0xc5b14137, 0xb216afac, 0xc81f8c58, \
+            0x4ebbb550, 0xcc480cb3, 0xabec7c08, 0x5add27ea, 0x96c4768e, \
+            0x17705358, 0x096e018f, 0xcb3db3f2, 0x298bad67, 0x19643908, \
+            0x57f549a4, 0x263f5bb1, 0x2a639177, 0x620b6b3b, 0xa217f4cd, \
+            0x0c34bd39, 0x382e5e82, 0xd500f1c7, 0x83c585bf, 0xa2d29016, \
+            0x6d08b243, 0xd0042413, 0x3f8d5917, 0xe65aa37f, 0x2577ce05, \
+            0x4390f0fd, 0x0533f174, 0x20a5c0ce, 0x14964d18, 0x58677957, \
+            0x5add31f4, 0x80dc1389, 0x3de51892, 0x5ae164d5, 0x68ea63d4, \
+            0x8f4dfa76, 0xcbd59ec7, 0xd1e1ea09, 0x722c74c2, 0x64ffef63, \
+            0xab0e98d1,                                                 \
+        }},                                                             \
+    .n0_inv = {                                                         \
+        0x25389f73, 0xbeda0297, 0x8e6abac3, 0x08d0109b,                 \
+        0xb27dc418, 0x6f1f68fa, 0xfdc91f89, 0xc8f474e6,                 \
+    },                                                                  \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_KEY_RSA_3072_EXP_F4_H_

sw/device/silicon_creator/lib/ownership/keys/fake/app_test_key_rsa_3072_exp_f4.h

@@ -0,0 +1,38 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_KEY_RSA_3072_EXP_F4_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_KEY_RSA_3072_EXP_F4_H_
+
+#define APP_TEST_KEY_RSA_3072_EXP_F4                                    \
+  {                                                                     \
+    .n =                                                                \
+        {{                                                              \
+            0x8cc060e5, 0xc401299d, 0xf6f6e6f7, 0x25e4392e, 0xd667b33c, \
+            0x5b8586a0, 0x24acb25c, 0xe2b291ac, 0x5866f047, 0xfe552471, \
+            0x7ba31ddf, 0x683d4c22, 0x89c4fe63, 0xf642189e, 0x8e7fa00c, \
+            0x2dbeb725, 0xd8dcb764, 0x3b0d8d12, 0x9507d661, 0x5631d52e, \
+            0xbc19dbaa, 0xc05734fe, 0x2fc72a38, 0xf22a7394, 0x9f2e752e, \
+            0xd7a05945, 0xc0e6bf7a, 0x9261e6e8, 0x89650bf1, 0x76932ef8, \
+            0x99b56c57, 0x590fda42, 0x06525cee, 0xfff0ea5b, 0x2e09ae39, \
+            0xaf51ec78, 0xfb6fde95, 0xd6112aea, 0x3fdde88d, 0x88eaec29, \
+            0xc8509a52, 0x648d38b9, 0x8ca67d25, 0x00be1651, 0x6cdd6b9b, \
+            0xd372a5ab, 0xb01b23a8, 0x6c3c43ca, 0xaa333384, 0x7b44cf31, \
+            0x48ae6650, 0x68e0be9e, 0xb3131ae3, 0xa5c6457e, 0x0cd09e62, \
+            0x51cca07b, 0x9950fe9a, 0x51371fe4, 0xdd26f224, 0xad262164, \
+            0xad4f40d2, 0x322736f9, 0x49298a49, 0xbdd376ab, 0x1aea9cdb, \
+            0xae9b2156, 0x71445f25, 0xa67c0ef4, 0x170bbe94, 0x3917d727, \
+            0x37b0c7fe, 0xab9bea53, 0x08b25e4d, 0x7d65e134, 0x35935d0f, \
+            0x824b2781, 0xbeb29840, 0xb3b84c24, 0x2bb92abf, 0x1dfaaf98, \
+            0xf1a8a765, 0x10bdde5d, 0x1e7ed4a5, 0x26c6355e, 0xdc00ce80, \
+            0xb5b94b12, 0x6d24c5c7, 0xd97266b1, 0x4fc282ce, 0xdeb39ac3, \
+            0x14f429b6, 0x221cb1ff, 0xb43df22a, 0x11dc0ea4, 0x8a676ff4, \
+            0xf396bbb4,                                                 \
+        }},                                                             \
+    .n0_inv = {                                                         \
+        0x5a7ba313, 0xb119675d, 0xd56cff72, 0x8d3991af,                 \
+        0x1f4be5ec, 0x5466a71f, 0xced86046, 0x24bdad5e,                 \
+    },                                                                  \
+  }
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_KEY_RSA_3072_EXP_F4_H_

sw/device/silicon_creator/lib/ownership/keys/fake/owner_ecdsa_p256.h

@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_OWNER_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_OWNER_ECDSA_P256_H_
+
+#define OWNER_ECDSA_P256                                                    \
+  {                                                                         \
+    0x8e3dcb50, 0x0036bafe, 0xe9ca771f, 0xbce13f2c, 0x8246d17a, 0x5949d6b1, \
+        0x3a624c28, 0x7c5d8d08, 0xd664e861, 0xd07b1bf5, 0x6f437b27,         \
+        0x21696187, 0x123b6637, 0xee962e67, 0xaec24bf5, 0x529422ab,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_OWNER_ECDSA_P256_H_

sw/device/silicon_creator/lib/ownership/keys/fake/unlock_ecdsa_p256.h

@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_UNLOCK_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_UNLOCK_ECDSA_P256_H_
+
+#define UNLOCK_ECDSA_P256                                                   \
+  {                                                                         \
+    0x113f87b2, 0x04711ce7, 0x6af306d9, 0xb80e76dd, 0x26e30fd2, 0xda71b86e, \
+        0xa062c80f, 0x284f4eb2, 0xe5704f44, 0xb11098c5, 0xc31d48d5,         \
+        0x5895d10f, 0x7ac11545, 0x86031e92, 0x71c617c6, 0x1f8e3b14,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_UNLOCK_ECDSA_P256_H_

sw/device/silicon_creator/lib/ownership/owner_block.c

@@ -19,6 +19,14 @@ enum {
   kFlashBankSize = FLASH_CTRL_PARAM_REG_PAGES_PER_BANK,
 };
 
+void owner_config_default(owner_config_t *config) {
+  // Use a bogus pointer value to avoid the all-zeros pattern of NULL.
+  config->flash = (const owner_flash_config_t *)kHardenedBoolFalse;
+  config->info = (const owner_flash_info_config_t *)kHardenedBoolFalse;
+  config->rescue = (const owner_rescue_config_t *)kHardenedBoolFalse;
+  config->sram_exec = kOwnerSramExecModeDisabledLocked;
+}
+
 rom_error_t owner_block_parse(const owner_block_t *block,
                               owner_config_t *config,
                               owner_application_keyring_t *keyring) {
@@ -27,13 +35,9 @@ rom_error_t owner_block_parse(const owner_block_t *block,
   if (block->header.length != sizeof(owner_block_t))
     return kErrorOwnershipInvalidTagLength;
 
+  owner_config_default(config);
   config->sram_exec = block->sram_exec_mode;
 
-  // Use a bogus pointer value to avoid the all-zeros pattern of NULL.
-  config->flash = (const owner_flash_config_t *)kHardenedBoolFalse;
-  config->info = (const owner_flash_info_config_t *)kHardenedBoolFalse;
-  config->rescue = (const owner_rescue_config_t *)kHardenedBoolFalse;
-
   uint32_t remain = sizeof(block->data);
   uint32_t offset = 0;
   while (remain) {

sw/device/silicon_creator/lib/ownership/owner_block.h

@@ -38,6 +38,16 @@ typedef struct owner_application_keyring {
   const owner_application_key_t *key[16];
 } owner_application_keyring_t;
 
+/**
+ * Initialize the owner config with default values.
+ *
+ * The sram_exec mode is set to DisabledLocked and the three configuration
+ * pointers are set to kHardenedBoolFalse.
+ *
+ * @param config A pointer to a config struct holding pointers to config items.
+ */
+void owner_config_default(owner_config_t *config);
+
 /**
  * Parse an owner block, extracting pointers to keys and configuration items.
  *