Measure the SP on SP_RESET signal interrupt (#1946)

On SP_RESET asserted, the RoT will measure the entire active SP Hubris
bank (Hubris plus 0xff padding from 0x800_0000 to 0x80f_ffff).
The measurement reliably takes about 0.482 seconds since neither the SP
nor the RoT are doing anything else during this time. This low
measurement time and the existing timeouts and retries used by the
control plane mitigate concerns that were present when the duration was
measured in multiple seconds.

This time could be further reduced. It is currently taking 0.245 seconds
to inject the measurement program into the SP. Each u32 is being sent
and read back separately and retried if there is any error (no errors
have been seen as of yet).

If all is well with the SP, the measurement will match the `Sha3_256`
value represented in the SP Hubris archive in the file named
"img/final.fwid".
 
# Testing SP measurement

Checkout hubris branch `attest-sp`

```sh
APP=$PWD/app/oxide-rot-1/app-dev.toml
ARCHIVE=$(cargo -q xtask print --archive --image-name a $APP)
cargo xtask flash $APP
```

## Measure on SP Reset:

Hit the reset button on the SP or use the SpCtrl.db_reset_sp function:
```sh
humility --archive=$ARCHIVE hiffy -c SpCtrl.db_reset_sp -a delay_ms=10
sleep 13
```

## See traces
The ringbuf trace in `swd` and `attest` tasks have the interesting
information including the time expended:

```sh
humility --archive=$ARCHIVE ringbuf
```

## Dump the attestation log:

```sh
humility --archive=$ARCHIVE hiffy -c Attest.log -a offset=0 -n 256 -o out
hexdump -C out
```
The hexdump is not hard to read directly. The first four bytes are a LE
u32 giving
the number of valid entries. Each entry is a 1-byte discriminator that
is 0_u8 for `Sha3_256` followed by the 32-byte measurement (FWID). There
is space for 16 measurements.

## Notes

  - The RoT only attempts a measurement if it detects an SP reset.
- Existing measurements are cleared if an STLINK power-on is detected or
if an STLINK is on during a measurement attempt. It is observed that
powered-off STLINKs have no effect.
- No SP reset can be captured until the `swd` task has initialized. If
needed, the control plane can request the SP to reset itself which will
result in the RoT measuring the SP.
- The `attest` task has a `reset_log_and_record` function usable only by
the `swd` task (and hiffy for debug builds).
- Closes #2020 by reserving the first slot of the attestation log for
the `swd` task.

Author: lzrd

.cargo/config.toml

@@ -8,3 +8,6 @@ xtask = "run --package xtask --"
 # overridden within xtask for Hubris programs, so this only affects host tools like
 # xtask.
 rustflags = ["-Zallow-features=proc_macro_diagnostic,asm_const,naked_functions,used_with_arg"]
+
+[unstable]
+bindeps = true

Cargo.lock

@@ -20,6 +20,21 @@ opt-level = "z" # smaller optimizations
 [profile.dev]
 opt-level = 1 # no optimizations was just too painful in terms of flash size
 
+[profile.release.package.endoscope]
+codegen-units = 1
+debug = 2
+opt-level = "z"
+
+[profile.dev.package.endoscope]
+codegen-units = 1
+debug = 2
+opt-level = "z"
+
+[profile.bench.package.endoscope]
+codegen-units = 1
+debug = 2
+opt-level = "z"
+
 [patch."https://github.com/oxidecomputer/hubris".userlib]
 path = "sys/userlib"
 

Cargo.toml

@@ -53,8 +53,6 @@ start = true
 [tasks.update_server]
 name = "lpc55-update-server"
 priority = 3
-max-sizes = {flash = 26080, ram = 17000, usbsram = 4096}
-# TODO: Size this appropriately
 stacksize = 8192
 start = true
 sections = {bootstate = "usbsram"}
@@ -82,7 +80,6 @@ task-slots = ["syscon_driver"]
 [tasks.sprot]
 name = "drv-lpc55-sprot-server"
 priority = 6
-max-sizes = {flash = 54016, ram = 32768}
 uses = ["flexcomm8", "bootrom"]
 features = ["spi0", "sp-ctrl"]
 start = true
@@ -103,20 +100,18 @@ pins = [
     { name = "CHIP_SELECT", pin = { port = 1, pin = 1}, alt = 5},
     # ROT_IRQ = P0_18 = FUN0
     { name = "ROT_IRQ", pin = { port = 0, pin = 18}, alt = 0, direction = "output"},
-    # SP_RESET = P0_9 = FUN0
-    { name = "SP_RESET", pin = { port = 0, pin = 9}, alt = 0, direction = "input"},
 ]
 
 [tasks.swd]
 name = "drv-lpc55-swd"
 priority = 4
-max-sizes = {flash = 16384, ram = 4096}
 uses = ["flexcomm5", "iocon"]
 start = true
-stacksize = 1000
-task-slots = ["gpio_driver", "syscon_driver"]
-notifications = ["spi-irq", "timer"]
-interrupts = {"flexcomm5.irq" = "spi-irq"}
+stacksize = 1280
+task-slots = ["gpio_driver", "syscon_driver", "attest"]
+notifications = ["spi-irq", "timer", "sp_reset-irq", "jtag_detect-irq"]
+interrupts = {"flexcomm5.irq" = "spi-irq", "pint.irq0" = "sp_reset-irq", "pint.irq1" = "jtag_detect-irq" }
+features = ["enable_ext_sp_reset"]
 
 [tasks.swd.config]
 # MOSI = PIO0_8
@@ -136,8 +131,10 @@ in_cfg = [
 pins = [
     # SCK
     { pin = { port = 0, pin = 7 }, alt = 3 },
-    { name = "SP_TO_ROT_JTAG_DETECT_L", pin = { port = 0, pin = 20 }, alt = 0, direction = "input" },
-    { name = "ROT_TO_SP_RESET_L", pin = { port = 0, pin = 13 }, alt = 0, value = true, direction = "output", opendrain = "opendrain" },
+    { name = "SP_TO_ROT_JTAG_DETECT_L", pin = { port = 0, pin = 20 }, alt = 0, direction = "input", mode = "nopull", pint = 1 },
+    # SP NRST has an internal 30-50k pull-up in SP
+    { name = "ROT_TO_SP_RESET_L_IN", pin = { port = 0, pin = 13 }, alt = 0, direction = "input", mode = "nopull", pint = 0 },
+    { name = "ROT_TO_SP_RESET_L_OUT", pin = { port = 0, pin = 13 }, alt = 0, direction = "output", mode = "nopull", opendrain = "opendrain", setup = false },
 ]
 spi_num = 5
 
@@ -149,26 +146,17 @@ start = true
 stacksize = 2600
 task-slots = ["swd"]
 
-# We intentionally do not start this task to avoid conflicts with the SP
-# debug connection.
-[tasks.sp_measure]
-name = "task-sp-measure"
-priority = 6
-max-sizes = {flash = 131072, ram = 8192}
-task-slots = ["swd"]
-stacksize = 2048
-
-[tasks.sp_measure.config]
-binary_path = "../../target/gimlet-c/dist/default/final.bin"
-
 [tasks.attest]
 name = "task-attest"
-priority = 5
-max-sizes = {flash = 35072, ram = 16384}
+priority = 3
+max-sizes = {flash = 35400, ram = 16384}
 stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 
+[tasks.attest.config]
+permit_log_reset = ["swd", "hiffy"]
+
 [signing.certs]
 signing-certs = ["../../support/fake_certs/fake_certificate.der.crt"]
 root-certs = ["../../support/fake_certs/fake_certificate.der.crt"]

app/oxide-rot-1/app-dev.toml

@@ -88,20 +88,17 @@ pins = [
     { name = "CHIP_SELECT", pin = { port = 1, pin = 1}, alt = 5},
     # ROT_IRQ = P0_18 = FUN0
     { name = "ROT_IRQ", pin = { port = 0, pin = 18}, alt = 0, direction = "output"},
-    # SP_RESET = P0_9 = FUN0
-    { name = "SP_RESET", pin = { port = 0, pin = 9}, alt = 0, direction = "input"},
 ]
 
 [tasks.swd]
 name = "drv-lpc55-swd"
 priority = 4
-max-sizes = {flash = 16384, ram = 4096}
 uses = ["flexcomm5", "iocon"]
 start = true
-stacksize = 1000
-task-slots = ["gpio_driver", "syscon_driver"]
-notifications = ["spi-irq", "timer"]
-interrupts = {"flexcomm5.irq" = "spi-irq"}
+stacksize = 1280
+task-slots = ["gpio_driver", "syscon_driver", "attest"]
+notifications = ["spi-irq", "timer", "sp_reset-irq", "jtag_detect-irq"]
+interrupts = {"flexcomm5.irq" = "spi-irq", "pint.irq0" = "sp_reset-irq", "pint.irq1" = "jtag_detect-irq" }
 
 [tasks.swd.config]
 # MOSI = PIO0_8
@@ -121,8 +118,10 @@ in_cfg = [
 pins = [
     # SCK
     { pin = { port = 0, pin = 7 }, alt = 3 },
-    { name = "SP_TO_ROT_JTAG_DETECT_L", pin = { port = 0, pin = 20 }, alt = 0, direction = "input" },
-    { name = "ROT_TO_SP_RESET_L", pin = { port = 0, pin = 13 }, alt = 0, value = true, direction = "output", opendrain = "opendrain" },
+    { name = "SP_TO_ROT_JTAG_DETECT_L", pin = { port = 0, pin = 20 }, alt = 0, direction = "input", mode = "nopull", pint = 1 },
+    # SP NRST has an internal 30-50k pull-up in SP
+    { name = "ROT_TO_SP_RESET_L_IN", pin = { port = 0, pin = 13 }, alt = 0, direction = "input", mode = "nopull", pint = 0 },
+    { name = "ROT_TO_SP_RESET_L_OUT", pin = { port = 0, pin = 13 }, alt = 0, direction = "output", mode = "nopull", opendrain = "opendrain", setup = false },
 ]
 spi_num = 5
 
@@ -136,12 +135,15 @@ task-slots = ["swd"]
 
 [tasks.attest]
 name = "task-attest"
-priority = 5
+priority = 3
 max-sizes = {flash = 35400, ram = 16384}
 stacksize = 12304
 start = true
 extern-regions = ["dice_alias", "dice_certs"]
 
+[tasks.attest.config]
+permit_log_reset = ["swd"]
+
 [signing.certs]
 signing-certs = ["../../support/fake_certs/fake_certificate.der.crt"]
 root-certs = ["../../support/fake_certs/fake_certificate.der.crt"]

app/oxide-rot-1/app.toml

@@ -10,24 +10,34 @@ idol-runtime = { workspace = true }
 lpc55-pac = { workspace = true }
 num-traits = { workspace = true }
 zerocopy = { workspace = true }
+bitflags = { workspace = true }
+static_assertions = { workspace = true }
 
+attest-api = { path = "../../task/attest-api" }
 drv-lpc55-gpio-api = { path = "../lpc55-gpio-api" }
 drv-lpc55-spi = { path = "../lpc55-spi" }
 drv-lpc55-syscon-api = { path = "../lpc55-syscon-api" }
 drv-sp-ctrl-api = { path = "../sp-ctrl-api" }
 ringbuf = { path = "../../lib/ringbuf" }
 userlib = { path = "../../sys/userlib", features = ["panic-messages"] }
+endoscope-abi = { path = "../../lib/endoscope-abi" }
 
 [build-dependencies]
+anyhow = { workspace = true }
 build-lpc55pins = { path = "../../build/lpc55pins" }
 build-util = { path = "../../build/util" }
-anyhow = { workspace = true }
+call_rustfmt = { path = "../../build/call_rustfmt" }
+endoscope-abi = { path = "../../lib/endoscope-abi" }
+endoscope = { path = "../../lib/endoscope", artifact="bin:endoscope", target = "thumbv7em-none-eabihf", features = ["soc_stm32h753"]}
+goblin = { workspace = true }
 idol = { workspace = true }
 quote = { workspace = true }
+rustc-demangle = { workspace = true }
 serde = { workspace = true }
 
 [features]
 no-ipc-counters = ["idol/no-counters"]
+enable_ext_sp_reset = []
 
 # This section is here to discourage RLS/rust-analyzer from doing test builds,
 # since test builds don't work for cross compilation.