[rom_ext,dice] Add hash integrity check for DICE pages #27424
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cfrantz
reviewed
Jun 13, 2025
Change-Id: Ia980fc98dcf088500c179d746fc235de5b0db105 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
The UDS, now located on the dedicated Factory page for all SKUs (X509/CWT), we no longer requires this skip. Change-Id: I34f16b9db049cc71658116d06d07f545cf9f0d84 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
sasdf
force-pushed
the
mgT4d8106a7
branch
2 times, most recently
from
646bfcd to
b5b80a9
Compare
Change-Id: Iea8c8d2315d466a396d5d1064b8b77a48fb28e30 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
cfrantz
approved these changes
Jun 13, 2025
Adds a hash to the CDI cache page to ensure its integrity after an update, mitigating corruption risks from resets or partial write. Change-Id: I163b994dd4b4c218a8791c5701e4c40341cda8fc Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This change introduces a flash page hash checksum similar to the one in ROM_EXT, applicable to both UDS and CDI pages. Change-Id: Ic4764bc3bda79cecd5faef31f1efa562f1c758a1 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
This change validates the integrity hash of the CDI page and regenerates the page if it is found to be corrupted. Change-Id: Id5ab836cf1dd3e1a10dd27a19cd948d0b7c8abc4 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
Change-Id: I4d8106a7b8b80d8199766323cc0e1a152cf8276b Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes:
This PR adds a hash digest to the end of the certificate info pages to ensure data integrity.
ROM_EXT verifies the hash digest during the boot process and clears the page if it is corrupted. This allows the ROM_EXT to regenerate a new certificate chain.
Implementing the integrity check in the mutable ROM_EXT keeps the immutable section simple and flexible. If a page is corrupted, the ROM_EXT triggers a reboot.
By default, this hash is added to the Factory and DICE pages, while the Ext0 and Ext1 pages have it disabled. SKU extensions can enable it if needed.
Since the e2e test requires imm_section skip signing when valid, this change is stacked over: