Backport 26987 ([ownership] Test the key algorithm with pubkey for key equivalence) #29206
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow `spi_device_cmd_get` to operate in a non-blocking fashion. This allows the rescue protocol to time out after a period of inactivity. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 6564a9b)
Add a `skip_once` parameter to rescue entry. This allows the ROM_EXT to send a message to itself to skip rescue detection (and entry) once on the next boot. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 8e820ba)
Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 2933902)
1. Enter rescue on boot failure. 2. Exit rescue after a peroid of inactivty. The inactivty timeout is cancelled if there is any rescue activity at all. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit ceedca4)
Parameterize builds of the `test_owner` module and associated ROM_EXTs to avoid copy/pasting of the `cc_library` and `opentitan_binary` rules. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit 59e6e66)
pamaury
requested review from
alees24 and
jwnrt
and removed request for
a team
Add tests for the rescue enter-on-fail and inactivity timeout features. Signed-off-by: Chris Frantz <cfrantz@google.com> (cherry picked from commit b3e481f)
This change prevents the algorithm confusion attack, which can downgrade a hybrid key to ECDSA-only. Change-Id: Ice80075e930c0eb0e092ad1fe7a2840cc4a99db2 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com> (cherry picked from commit 5d30608)
This updates the newversion_test harness to accept the SPX keys and adds an e2e test for the newversion mode update using SPX keys. Change-Id: I5b948339b20e85c2df3084d0ee7d13bb4cdd1bfd Co-authored-by: Anthony Chen <antchen@google.com> Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com> (cherry picked from commit fa6c29e)
This change adds a e2e test to ensure rom_ext prevents the attack. Change-Id: I124f43b315930a799df3c1156f810cb646e6c219 Signed-off-by: Yi-Hsuan Deng <yhdeng@google.com> (cherry picked from commit c47d5b5)
pamaury
force-pushed
the
backport_26987
branch
from
5daf7a5 to
388aa46
Compare
cfrantz
approved these changes
Jan 29, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport #26987. Depends on #29204, only review last 3 commits.