Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rom_ext] Lock the correct ROM_EXT region #25892

Open
wants to merge 1 commit into
base: earlgrey_es_sival
Choose a base branch
from
Open

[rom_ext] Lock the correct ROM_EXT region #25892

wants to merge 1 commit into from

Conversation

cfrantz
Copy link
Contributor

@cfrantz cfrantz commented Jan 15, 2025

Ownership flash lockdown was protecting and locking all regions in the same slot that booted the owner code. However, the ROM_EXT and owner code don't have to boot from the same side of the flash.

  1. Protect the ROM_EXT and owner regions each according to their boot slot.
  2. Test each combination of ROM_EXT slot and owner slot in the flash_permission_test.

Fixes #25435.

@cfrantz cfrantz requested review from moidx and jettr January 15, 2025 21:58
@cfrantz cfrantz requested review from a team as code owners January 15, 2025 21:58
@cfrantz cfrantz requested review from jwnrt and removed request for a team and jwnrt January 15, 2025 21:58
@cfrantz cfrantz force-pushed the rom_ext-flash-lock branch from 4f4bd24 to c680f7f Compare January 15, 2025 22:35
jettr
jettr suggested changes Jan 16, 2025
View reviewed changes
sw/device/silicon_creator/lib/ownership/owner_block.c
uint32_t region_start = config->start;
uint32_t region_end = region_start + config->size;

// When applying the flash configuration, a region is a ROM_EXT region if
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the detailed comment! The comment and the logic don't quite match either other. I agree with the comment. The logic to match the comment would be

kRomExtAStart <= region_start < kRomExtAEnd &&
kRomExtAStart < region_end <= kRomExtAEnd

(and maybe we need an explicit region_start<=region_end check too?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 How embarrassing. A total logic fail.

I've fixed this and added unit tests to owner_block_unittest.cc to test the overlap/exclusivity checking functions.

We don't need to test region_start <= region_end because the bounds are computed from a start and size (which are uint16_t) and the region_* values are uint32_t.

I added a sanity check to the end value: if the end is beyond the total size of the flash, the configuration is invalid.

@cfrantz cfrantz force-pushed the rom_ext-flash-lock branch from c680f7f to 2e18d36 Compare January 18, 2025 00:28
@cfrantz
[rom_ext] Lock the correct ROM_EXT region
7ca9842 
Ownership flash lockdown was protecting and locking all regions in the
same slot that booted the owner code.  However, the ROM_EXT and owner
code don't have to boot from the same side of the flash.

1. Protect the ROM_EXT and owner regions each according to their boot slot.
2. Test each combination of ROM_EXT slot and owner slot in the
   `flash_permission_test`.

Fixes lowRISC#25435.

Signed-off-by: Chris Frantz <[email protected]>
@cfrantz cfrantz force-pushed the rom_ext-flash-lock branch from 2e18d36 to 7ca9842 Compare January 18, 2025 00:46
@cfrantz cfrantz requested a review from jettr January 21, 2025 19:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jettr jettr jettr approved these changes

@moidx moidx moidx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cfrantz @moidx @jettr