- Troy Lee·Last edited by Troy Lee on Aug 15, 2024Linked with GitHubContributed by
Setup Environment
Rust
rustup target install riscv32imc-unknown-none-elf
rustup override set 1.70
Caliptra Software
git clone https://github.com/chipsalliance/caliptra-sw
cd caliptra-sw
git submodule update --init --recursive
Patch
FMC
Including LMS Vendor key to image header
diff --git a/fmc/tools/keys.toml b/fmc/tools/keys.toml
index a763ce4f..a81b616a 100644
--- a/fmc/tools/keys.toml
+++ b/fmc/tools/keys.toml
@@ -13,7 +13,78 @@ ecc_priv_keys = [
"vnd-priv-key-2.pem",
"vnd-priv-key-3.pem",
]
+lms_pub_keys = [
+ "vnd-lms-pub-key-0.pem",
+ "vnd-lms-pub-key-1.pem",
+ "vnd-lms-pub-key-2.pem",
+ "vnd-lms-pub-key-3.pem",
+ "vnd-lms-pub-key-4.pem",
+ "vnd-lms-pub-key-5.pem",
+ "vnd-lms-pub-key-6.pem",
+ "vnd-lms-pub-key-7.pem",
+ "vnd-lms-pub-key-8.pem",
+ "vnd-lms-pub-key-9.pem",
+ "vnd-lms-pub-key-10.pem",
+ "vnd-lms-pub-key-11.pem",
+ "vnd-lms-pub-key-12.pem",
+ "vnd-lms-pub-key-13.pem",
+ "vnd-lms-pub-key-14.pem",
+ "vnd-lms-pub-key-15.pem",
+ "vnd-lms-pub-key-16.pem",
+ "vnd-lms-pub-key-17.pem",
+ "vnd-lms-pub-key-18.pem",
+ "vnd-lms-pub-key-19.pem",
+ "vnd-lms-pub-key-20.pem",
+ "vnd-lms-pub-key-21.pem",
+ "vnd-lms-pub-key-22.pem",
+ "vnd-lms-pub-key-23.pem",
+ "vnd-lms-pub-key-24.pem",
+ "vnd-lms-pub-key-25.pem",
+ "vnd-lms-pub-key-26.pem",
+ "vnd-lms-pub-key-27.pem",
+ "vnd-lms-pub-key-28.pem",
+ "vnd-lms-pub-key-29.pem",
+ "vnd-lms-pub-key-30.pem",
+ "vnd-lms-pub-key-31.pem",
+]
+lms_priv_keys = [
+ "vnd-lms-priv-key-0.pem",
+ "vnd-lms-priv-key-1.pem",
+ "vnd-lms-priv-key-2.pem",
+ "vnd-lms-priv-key-3.pem",
+ "vnd-lms-priv-key-4.pem",
+ "vnd-lms-priv-key-5.pem",
+ "vnd-lms-priv-key-6.pem",
+ "vnd-lms-priv-key-7.pem",
+ "vnd-lms-priv-key-8.pem",
+ "vnd-lms-priv-key-9.pem",
+ "vnd-lms-priv-key-10.pem",
+ "vnd-lms-priv-key-11.pem",
+ "vnd-lms-priv-key-12.pem",
+ "vnd-lms-priv-key-13.pem",
+ "vnd-lms-priv-key-14.pem",
+ "vnd-lms-priv-key-15.pem",
+ "vnd-lms-priv-key-16.pem",
+ "vnd-lms-priv-key-17.pem",
+ "vnd-lms-priv-key-18.pem",
+ "vnd-lms-priv-key-19.pem",
+ "vnd-lms-priv-key-20.pem",
+ "vnd-lms-priv-key-21.pem",
+ "vnd-lms-priv-key-22.pem",
+ "vnd-lms-priv-key-23.pem",
+ "vnd-lms-priv-key-24.pem",
+ "vnd-lms-priv-key-25.pem",
+ "vnd-lms-priv-key-26.pem",
+ "vnd-lms-priv-key-27.pem",
+ "vnd-lms-priv-key-28.pem",
+ "vnd-lms-priv-key-29.pem",
+ "vnd-lms-priv-key-30.pem",
+ "vnd-lms-priv-key-31.pem",
+]
+
[owner]
ecc_pub_key = "own-pub-key.pem"
ecc_priv_key = "own-priv-key.pem"
+lms_pub_key = "own-lms-pub-key.pem"
+lms_priv_key = "own-lms-priv-key.pem"
ROM
Excluding to build rom/dev/test-fw
diff --git a/rom/dev/Makefile b/rom/dev/Makefile
index f35b3240..f97f3f41 100644
--- a/rom/dev/Makefile
+++ b/rom/dev/Makefile
@@ -110,7 +110,7 @@ build-rom:
--rom-with-log $(TARGET_DIR)/caliptra-rom.bin \
--fw /dev/null
-run: build-emu build-fw-image build-rom
+run: build-emu build-rom
cargo \
"--config=$(EXTRA_CARGO_CONFIG)" \
run \
Runing Caliptra Emualtor
pushd rom/dev; make build gen-certs; popd
pushd fmc; make build-fw-image; popd
pushd rom/dev; make run; popd
Console:
Running Caliptra ROM ...
[state] CFI Enabled
[state] LifecycleState = Unprovisioned
[state] DebugLocked = No
[state] Watchdog Timer is not started because the device is not locked for debugging
[kat] SHA2-256
ROM Digest: 34E015D6D8C44109576AEE80CD8428BEA27286D34AF3704A48C395C1FC32A424
[kat] ++
[kat] sha1
[kat] SHA2-256
[kat] SHA2-384
[kat] SHA2-512-ACC
[kat] ECC-384
[kat] HMAC-384Kdf
[kat] LMS
[kat] --
[cold-reset] ++
[fht] Storing FHT @ 0x50003400
[idev] ++
[idev] CDI.KEYID = 6
[idev] SUBJECT.KEYID = 7
[idev] UDS.KEYID = 0
[idev] Erasing UDS.KEYID = 0
[idev] Using Sha1 for KeyId Algorithm
[idev] CSR upload requested
[idev] Signing CSR with SUBJECT.KEYID = 7
[idev] PUB.X = 91AB08476490591E788E54F9D99379A514B64E98CE11873C0CE0898FAF3CA2A24D50DB397B4D9B8683AE0944FBF2B4C9
[idev] PUB.Y = 4BD5A6D06C46E6C40CCBA36792D30E9718E5BFA309F81A934BA22A60D26C114F51B752DF396512CAB514B7B4A5983607
[idev] SIG.R = 70B6431E7F52AA79E07172CADFA359526C635BB9F7D8AEA085D724D33994DABF9733A6427E1A298EA274F1A803FEF2E4
[idev] SIG.S = A813DF720C197D9E6441CFFE86C501BD1D2C7B971C28927FC48D0F5817173280463A21DCE05F1B9D85C6637918937DAC
[idev] CSR = 308201B83082013E0201003069311C301A06035504030C1343616C697074726120312E3020494465764944314930470603550405134032374238384141
4346343237344241344136353039304632433931343338323044464330363034343130344246304236433931353433443242353842343046373076301006072A8648CE3
D020106052B810400220362000491AB08476490591E788E54F9D99379A514B64E98CE11873C0CE0898FAF3CA2A24D50DB397B4D9B8683AE0944FBF2B4C94BD5A6D06C46
E6C40CCBA36792D30E9718E5BFA309F81A934BA22A60D26C114F51B752DF396512CAB514B7B4A5983607A056305406092A864886F70D01090E3147304530120603551D1
30101FF040830060101FF020105300E0603551D0F0101FF040403020204301F060667810505040404153013041101FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF300A06082A
8648CE3D0403030368003065023070B6431E7F52AA79E07172CADFA359526C635BB9F7D8AEA085D724D33994DABF9733A6427E1A298EA274F1A803FEF2E4023100A813D
F720C197D9E6441CFFE86C501BD1D2C7B971C28927FC48D0F5817173280463A21DCE05F1B9D85C6637918937DAC
[idev] CSR uploaded
[idev] --
[ldev] ++
[ldev] CDI.KEYID = 6
[ldev] SUBJECT.KEYID = 5
[ldev] AUTHORITY.KEYID = 7
[ldev] FE.KEYID = 1
[ldev] Erasing FE.KEYID = 1
[ldev] Signing Cert with AUTHORITY.KEYID = 7
[ldev] PUB.X = 504D38CA45D997901F48BA333A149A2FB2668B973AAC64D3B79ECC09A663F02ED2FABA133F5FA499677AEB7687C99B25
[ldev] PUB.Y = A5CD31125698B3322C086E4398A591946BF20A3ECEA8EB7D7C23410D49FA877E7ECFBE47BD883BD53D7DA865AC217F1D
[ldev] SIG.R = A20EB096C15D7D29809559C2B3FB7508CBAA3385C3AE7F0452965F917F99C87C7232196F9D2D57A505C36FEAFCAB8E2A
[ldev] SIG.S = 3607393FA13FE0A4516A3E0F63F9CA0B9F1C2C184507063B3453FEF725394FA36534BB9B844B177687715855914B17C7
[ldev] --
[fwproc] Waiting for Commands...
[fwproc] Received command 0x46574c44
[fwproc] Received Image of size 102524 bytes
[fwproc] Image verified using Vendor ECC Key Index 3
[fwproc] Loading FMC at address 0x40000000 len 17484
[fwproc] Loading Runtime at address 0x40005000 len 79156
[afmc] CDI.KEYID = 6
[afmc] SUBJECT.KEYID = 7
[afmc] AUTHORITY.KEYID = 5
[afmc] Signing Cert with AUTHORITY.KEYID = 5
[afmc] Erasing AUTHORITY.KEYID = 5
[afmc] PUB.X = 835B8649E5D7F09CEE1B2E7D8C544FC254C93D1A98BD6E4E35D0A60AE571DABDC84F01455F09D914552B1EE43100CFBD
[afmc] PUB.Y = FCABD2870B1BBA60CB6BB378396BE87B6FDFABD7A5D13B7E035DAC9E7217B785A4D60DA9E561615D970D0A3E3815E98F
[afmc] SIG.R = C65C84083B49B158466CB445D6AD33D2FB7E73EAE9B5433926F5B4733293C0EB4DA7ABCD651C04C9D31CFD9B16D8FF2B
[afmc] SIG.S = A9ED16CB65CDA8AE6C4BBCBEDB52C4E993C971B3D0C4AE031DCB3B03D9C43899D2639154827C74F129499428E29D3CF0
[afmc] --
[cold-reset] --
[state] Locking Datavault
[state] Locking PCR0, PCR1 and PCR31
[state] Locking ICCM
[exit] Launching FMC @ 0x40000130
Running Caliptra FMC ...
[state] CFI Enabled
[alias rt] Extend RT PCRs
[alias rt] Extend RT PCRs Done
[alias rt] Lock RT PCRs
[alias rt] Lock RT PCRs Done
[alias rt] Populate DV
[alias rt] Populate DV Done
[fht] Handoff : FMC CDI: 6
[fht] FMC Alias Private Key: 7
[alias rt] Derive CDI
[alias rt] Store in in slot 0x4
[alias rt] Derive Key Pair
[alias rt] Store priv key in slot 0x5
[alias rt] Derive Key Pair - Done
[alias rt] Signing Cert with AUTHO
RITY.KEYID = 7
[alias rt] Erasing AUTHORITY.KEYID = 7
[alias rt] PUB.X = FEED7ECEF9B59B8925C732BD2A8DC7DA522D0B358833BE588CBF210C0F793BF60428808988ED0CDC995EA02BC6CB86B1
[alias rt] PUB.Y = 3D1522A6D243B15EBBB94368248B1AED3F05D10875BCF8D0320A4260F50FC9E2E03B81EA49E82814333C5F4A6672B77D
[alias rt] SIG.R = 44B880E7333C63F3FE34A4FC01350659C5989A9C7895BB646151D9047BCCEDD7E26898754139B4799604F9E4E0174459
[alias rt] SIG.S = A202E5B9B4622AB146C7BC8C09C5F4C738081B0F27FAB2A8F957C1872E862412D59D95CE12A5013764F8401A0BEF3D81
____ _ _ _ ____ _____
/ ___|__ _| (_)_ __ | |_ _ __ __ _ | _ \_ _|
| | / _` | | | '_ \| __| '__/ _` | | |_) || |
| |__| (_| | | | |_) | |_| | | (_| | | _ < | |
\____\__,_|_|_| .__/ \__|_| \__,_| |_| \_\|_|
|_|
[state] CFI Enabled
[rt] Runtime listening for mailbox commands...
handle_trap: cause=8000000b, mtval=0, next_pc=40005000
Read more
Resolution changing in X
#!/bin/bash sudo xrandr --newmode "1600x900_60.00" 118.25 1600 1696 1856 2112 900 903 908 934 -hsync +vsync sudo xrandr --addmode VGA-1 "1600x900_60.00" sudo xrandr --newmode "1600x1200_60.00" 161.00 1600 1712 1880 2160 1200 1203 1207 1245 -hsync +vsync sudo xrandr --addmode VGA-1 "1600x1200_60.00" while [ [1] ]; do sudo xrandr --output VGA-1 --mode 1600x1200_60.00 sleep 5
Dec 6, 2023OpenBMC SoL Console Setting
Generate a login console on specific serial port:
Nov 7, 2023Kernel MCTP
Add mctp.cfg
Sep 8, 2023Published on 
HackMD
HackMD