[manuf] remove duplicate tests and config files

All provisioning flows are now tested E2E with the orchestrator script. This makes the `opentitan_test` targets that also ran said flows redundant and unneeded, thus we remove them. Additionally, we no longer need duplicate CA configuration files as these are generated on the fly by the orchestrator script from the same information that was duplicated in the orchestrator SKU configuration files. This simplifies our test infrastructure and provisioning flow configurations. Signed-off-by: Tim Trippel <[email protected]>
lowRISC · Jan 17, 2025 · 18e06ba · 18e06ba
1 parent f067742
commit 18e06ba
Show file tree

Hide file tree

Showing 8 changed files with 2 additions and 202 deletions.
diff --git a/sw/device/silicon_creator/manuf/base/BUILD b/sw/device/silicon_creator/manuf/base/BUILD
@@ -16,14 +16,11 @@ load(
     "fpga_params",
     "opentitan_binary",
     "opentitan_test",
-    "silicon_params",
 )
 load(
     "//sw/device/silicon_creator/manuf/base:provisioning_inputs.bzl",
-    "CP_PROVISIONING_INPUTS",
     "EARLGREY_OTP_CFGS",
     "EARLGREY_SKUS",
-    "FT_PROVISIONING_INPUTS",
 )
 load(
     "//sw/device/silicon_creator/rom/e2e:defs.bzl",
@@ -124,38 +121,6 @@ opentitan_binary(
     ],
 )
 
-_CP_PROVISIONING_CMD_ARGS = """
-  --elf={sram_cp_provision}
-""" + CP_PROVISIONING_INPUTS
-
-_CP_PROVISIONING_HARNESS = "//sw/host/provisioning/cp"
-
-opentitan_test(
-    name = "cp_provision",
-    exec_env = {
-        "//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys": None,
-        "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
-        "//hw/top_earlgrey:silicon_creator": None,
-    },
-    fpga = fpga_params(
-        binaries = {":sram_cp_provision": "sram_cp_provision"},
-        changes_otp = True,
-        needs_jtag = True,
-        otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/emulation:otp_img_test_unlocked0_manuf_empty",
-        tags = ["manuf"],
-        test_cmd = _CP_PROVISIONING_CMD_ARGS,
-        test_harness = _CP_PROVISIONING_HARNESS,
-    ),
-    silicon = silicon_params(
-        binaries = {":sram_cp_provision": "sram_cp_provision"},
-        changes_otp = True,
-        interface = "teacup",
-        needs_jtag = True,
-        test_cmd = _CP_PROVISIONING_CMD_ARGS,
-        test_harness = _CP_PROVISIONING_HARNESS,
-    ),
-)
-
 opentitan_test(
     name = "cp_provision_functest",
     exec_env = {
@@ -350,16 +315,6 @@ manifest(d = {
     for sku, config in EARLGREY_SKUS.items()
 ]
 
-_FT_PROVISIONING_CMD_ARGS = """
-  --elf={{sram_ft_individualize}}
-  --bootstrap={{ft_personalize}}
-  --second-bootstrap={{bundle}}
-  --ca-config={{ca_config}}
-  --owner-success-text="{owner_fw_boot_str}"
-""" + FT_PROVISIONING_INPUTS
-
-_FT_PROVISIONING_HARNESS = "//sw/host/provisioning/ft:ft_{}"
-
 [
     opentitan_binary_assemble(
         name = "ft_fw_bundle_{}".format(sku),
@@ -397,112 +352,6 @@ filegroup(
            EXT_SIGNED_PERSO_BINS,
 )
 
-[
-    opentitan_test(
-        name = "ft_provision_{}".format(sku),
-        exec_env = {
-            "//hw/top_earlgrey:fpga_hyper310_rom_with_fake_keys": None,
-            "//hw/top_earlgrey:fpga_cw340_rom_with_fake_keys": None,
-            "//hw/top_earlgrey:fpga_cw340_sival": None,
-            "//hw/top_earlgrey:silicon_creator": None,
-        },
-        fpga = fpga_params(
-            timeout = "moderate",
-            binaries =
-                {
-                    ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
-                    # Use a pre-compiled perso binary if the SKU defines it,
-                    # else use the label of the opentitan_binary for the SKU.
-                    config.get(
-                        "perso_bin",
-                        ":ft_personalize_{}".format(sku),
-                    ): "ft_personalize",
-                    config["ca_config"]: "ca_config",
-                    ":ft_fw_bundle_{}".format(sku): "bundle",
-                },
-            changes_otp = True,
-            data = [config["ca_data"]],
-            needs_jtag = True,
-            otp = "//hw/ip/otp_ctrl/data/earlgrey_skus/emulation:otp_img_test_locked0_manuf_initialized",
-            owner_slot_b = OWNER_SLOTS["b"],
-            rom_ext_slot_a = SLOTS["a"],
-            rom_ext_slot_b = SLOTS["b"],
-            tags = [
-                "lc_test_locked0",
-                "manuf",
-            ] + (["manual"] if config.get("offline", False) else []),
-            test_cmd = _FT_PROVISIONING_CMD_ARGS.format(
-                owner_fw_boot_str = config.get("owner_fw_boot_str", ""),
-            ),
-            test_harness = _FT_PROVISIONING_HARNESS.format(sku),
-        ),
-        silicon = silicon_params(
-            binaries =
-                {
-                    ":sram_ft_individualize_{}".format(config["otp"]): "sram_ft_individualize",
-                    # Use a pre-compiled perso binary if the SKU defines it,
-                    # else use the label of the opentitan_binary for the SKU.
-                    config.get(
-                        "perso_bin",
-                        ":ft_personalize_{}".format(sku),
-                    ): "ft_personalize",
-                    config["ca_config"]: "ca_config",
-                    ":ft_fw_bundle_{}".format(sku): "bundle",
-                },
-            changes_otp = True,
-            data = [config["ca_data"]],
-            interface = "teacup",
-            needs_jtag = True,
-            owner_slot_b = OWNER_SLOTS["b"],
-            rom_ext_slot_a = SLOTS["a"],
-            rom_ext_slot_b = SLOTS["b"],
-            test_cmd = _FT_PROVISIONING_CMD_ARGS.format(
-                owner_fw_boot_str = config.get("owner_fw_boot_str", ""),
-            ),
-            test_harness = _FT_PROVISIONING_HARNESS.format(sku),
-        ),
-    )
-    for sku, config in EARLGREY_SKUS.items()
-]
-
-test_suite(
-    name = "ft_provision_cw310",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_hyper310_rom_with_fake_keys".format(sku)
-        for sku, config in EARLGREY_SKUS.items()
-        if not config.get("offline", False)
-    ],
-)
-
-test_suite(
-    name = "ft_provision_including_offline_cw310",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_hyper310_rom_with_fake_keys".format(sku)
-        for sku in EARLGREY_SKUS.keys()
-    ],
-)
-
-test_suite(
-    name = "ft_provision_cw340",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
-        for sku, config in EARLGREY_SKUS.items()
-        if not config.get("offline", False)
-    ],
-)
-
-test_suite(
-    name = "ft_provision_including_offline_cw340",
-    tags = ["manual"],
-    tests = [
-        ":ft_provision_{}_fpga_cw340_rom_with_fake_keys".format(sku)
-        for sku in EARLGREY_SKUS.keys()
-    ],
-)
-
 _DISQUALIFIED_FOR_SIGNING = ["emulation"]
 
 [

diff --git a/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl b/sw/device/silicon_creator/manuf/base/provisioning_inputs.bzl
@@ -25,7 +25,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: X.509; Additional Certs: None
     "emulation": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -42,7 +41,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: CWT; Additional Certs: None
     "emulation_dice_cwt": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice_cwt"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -59,7 +57,6 @@ EARLGREY_SKUS = {
     # OTP Config: Emulation; DICE Certs: X.509; Additional Certs: TPM EK
     "emulation_tpm": {
         "otp": "emulation",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/fake:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/fake:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -78,7 +75,6 @@ EARLGREY_SKUS = {
     },
     "sival": {
         "otp": "sival",
-        "ca_config": "//sw/device/silicon_creator/manuf/keys/sival:ca_config.json",
         "ca_data": "@//sw/device/silicon_creator/manuf/keys/sival:ca_data",
         "dice_libs": ["//sw/device/silicon_creator/lib/cert:dice"],
         "host_ext_libs": ["@provisioning_exts//:default_ft_ext_lib"],
@@ -96,24 +92,3 @@ EARLGREY_SKUS = {
         "offline": True,
     },
 } | EXT_EARLGREY_SKUS
-
-_TEST_TOKENS = """
-  --test-unlock-token="0x11111111_11111111_11111111_11111111"
-  --test-exit-token="0x11111111_11111111_11111111_11111111"
-"""
-
-CP_PROVISIONING_INPUTS = _TEST_TOKENS + """
-  --wafer-auth-secret="0x00000000_00000000_00000000_00000000_00000000_00000000_00000000_00000000"
-"""
-
-FT_PROVISIONING_INPUTS = _TEST_TOKENS + """
-  --ft-device-id="0x11111111_22222222_33333333_44444444"
-  --target-mission-mode-lc-state="prod"
-  --rma-unlock-token="0x01234567_89abcdef_01234567_89abcdef"
-  --token-encrypt-key-der-file="sw/device/silicon_creator/manuf/keys/fake/rma_unlock_enc_rsa3072.pub.der"
-  --rom-ext-measurement="0x11111111_11111111_11111111_11111111_11111111_11111111_11111111_11111111"
-  --owner-manifest-measurement="0x22222222_22222222_22222222_22222222_22222222_22222222_22222222_22222222"
-  --owner-measurement="0x33333333_33333333_33333333_33333333_33333333_33333333_33333333_33333333"
-  --rom-ext-security-version="0"
-  --owner-security-version="0"
-"""
diff --git a/sw/device/silicon_creator/manuf/keys/fake/BUILD b/sw/device/silicon_creator/manuf/keys/fake/BUILD
@@ -9,7 +9,6 @@ exports_files(glob(["**"]))
 filegroup(
     name = "ca_data",
     srcs = [
-        ":ca_config.json",
         ":dice_ca.pem",
         ":ext_ca.pem",
         ":rma_unlock_enc_rsa3072.pub.der",

diff --git a/sw/device/silicon_creator/manuf/keys/fake/ca_config.json b/sw/device/silicon_creator/manuf/keys/fake/ca_config.json
diff --git a/sw/device/silicon_creator/manuf/keys/sival/BUILD b/sw/device/silicon_creator/manuf/keys/sival/BUILD
@@ -9,7 +9,6 @@ exports_files(glob(["**"]))
 filegroup(
     name = "ca_data",
     srcs = [
-        ":ca_config.json",
         ":dice_ca.pem",
         ":rma_unlock_enc_rsa3072.pub.der",
         # The fake RMA unlock token wrapping key is used for FPGA testing.

diff --git a/sw/device/silicon_creator/manuf/keys/sival/ca_config.json b/sw/device/silicon_creator/manuf/keys/sival/ca_config.json
diff --git a/sw/host/provisioning/orchestrator/configs/skus/BUILD b/sw/host/provisioning/orchestrator/configs/skus/BUILD
@@ -12,7 +12,7 @@ package(default_visibility = ["//visibility:public"])
 exports_files(glob(["**"]))
 
 filegroup(
-    name = "sku_all",
+    name = "all",
     srcs = depset([
         config["orchestrator_cfg"]
         for _, config in EARLGREY_SKUS.items()

diff --git a/sw/host/provisioning/orchestrator/src/BUILD b/sw/host/provisioning/orchestrator/src/BUILD
@@ -82,7 +82,7 @@ filegroup(
         "//sw/device/silicon_creator/manuf/keys:ca_data_all",
         "//sw/host/provisioning/cp",
         "//sw/host/provisioning/ft:ft_all",
-        "//sw/host/provisioning/orchestrator/configs/skus:sku_all",
+        "//sw/host/provisioning/orchestrator/configs/skus:all",
         "//third_party/openocd:jtag_cmsis_dap_adapter_cfg",
         "//third_party/openocd:jtag_olimex_cfg",
         "//third_party/openocd:openocd_bin",