Skip to content

Backport 26620 ([ownership, rescue] Fix errors) #29023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pamaury merged 5 commits into from
Jan 7, 2026
Merged

Backport 26620 ([ownership, rescue] Fix errors) #29023

pamaury merged 5 commits into from
Jan 7, 2026

Conversation

@pamaury
Copy link
Contributor

@pamaury pamaury commented Jan 5, 2026
edited
Loading

Backport #26620. Depends on #29018, only review the last 3 commits.

@pamaury pamaury requested review from a team as code owners January 5, 2026 10:18
@pamaury pamaury requested review from cfrantz and timothytrippel and removed request for a team January 5, 2026 10:18
@pamaury pamaury requested a review from jwnrt January 6, 2026 14:54
cfrantz added 5 commits January 6, 2026 21:38
@cfrantz @pamaury
[ownership] Allow use of detached signatures in flash
2914d4a 
Allow using detached signatures in flash for owner operations.
1. A detached signature is detected when the 64-byte built-in ECDSA
   signature field is all zeros.
2. The entire flash DATA region is scanned for a detached signature.
   The signature must be aligned on a flash page boundary and must
   contain the command/entity that it is signing and the current ROM_EXT
   nonce.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 284716b)
@cfrantz @pamaury
[ownership] Remove auxilliary ECDSA library
188c95e 
The auxilliary ECDSA wrapper library was added at the start of ownership
development because we had not yet created our own implmentation using the
OTBN accelerator.  Now that owner signature verification is consolidated
into `owner_verify`, we no longer need the ECDSA wrapper library.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 4d44b10)
@cfrantz @pamaury
[rom-ext] Fix type error
10d9c3c 
A loop variable of type `size_t` was being passed to `launder32` which
accepts `uint32_t`.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 0ebf7b9)
@cfrantz @pamaury
[rescue] Check xmodem recv bounds
8c6005e 
There was a potential out-of-bounds access when receiving an xmodem
frame.  Check that the buffer has enough space to receive the next
frame.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 96c9af6)
@cfrantz @pamaury
[ownership] Check struct lengths and array bounds
534b824 
Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 849f9b7)
jwnrt
jwnrt approved these changes Jan 7, 2026
View reviewed changes
Copy link
Contributor

@jwnrt jwnrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last three commits LGTM

@pamaury pamaury added this pull request to the merge queue Jan 7, 2026
Merged via the queue into lowRISC:master with commit 1116072 Jan 7, 2026
78 of 80 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz cfrantz approved these changes

@jwnrt jwnrt jwnrt approved these changes

@timothytrippel timothytrippel Awaiting requested review from timothytrippel timothytrippel is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

Assignees

No one assigned

Labels

MergeBack:1.0.0 to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pamaury @cfrantz @jwnrt