Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[orchestrator] fix bugs in orchestrator.py script #25873

Merged
merged 3 commits into from
Jan 15, 2025
Merged

[orchestrator] fix bugs in orchestrator.py script #25873

merged 3 commits into from
Jan 15, 2025

Conversation

timothytrippel
Copy link
Contributor

This fixes two bugs in the orchestrator.py script:

  1. a bug in the computation and construction of the Device ID when parts are provisioned from a TestLocked* stage, i.e., if part has already previously run through CP and then runs through FT at a later stage. In this scenario, the there is no CP device ID returned to the Host (since CP stage is not run), so FT must trust what already exists in flash, and the final device ID is read out by the host over JTAG at the end of provisioning,
  2. a device record was upserted into the registry database regardless if it already existed in the database, without flashing any warnings.

Additionally, this enhances the E2E testing of the orchestrator.py script catch these corner cases.

@timothytrippel timothytrippel requested a review from moidx January 14, 2025 23:30
@timothytrippel timothytrippel requested review from cfrantz and a team as code owners January 14, 2025 23:30
@timothytrippel timothytrippel requested review from milesdai and removed request for a team January 14, 2025 23:30
@timothytrippel timothytrippel force-pushed the fix-orchestrator-bug branch 3 times, most recently from 2a3c01b to 41b6e30 Compare January 15, 2025 00:19
@timothytrippel
[orchestrator] fix bug in computation of Device ID
cf71e79 
This fixes a bug in the computation and construction of the Device ID
when parts are provisioned from a TestLocked* stage, i.e., if part has
already previously run through CP and then runs through FT at a later
stage. In this scenario, the there is no CP device ID returned to the
Host (since CP stage is not run), so FT must trust what already exists
in flash, and the final device ID is read out by the host over JTAG at
the end of provisioning.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel
[orchestrator] test two different usecase of script
851576b 
There are two potential usecases of the orchestrator.py script:
1. to run both CP and FT flows in the same script execution at the same
   secure facility, or
2. to run the CP stage in one script execution (at one secure facility),
   and the FT stage in a subsequent script execution (at a different
   secure facility).

The first flow was already covered by the e2e_test, however the second
flow was not. This adds another test, e2e_multistage_test, to cover the
second flow.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel
[orchestrator] check if device ID exists in database before writing
5b81ae1 
This updates the orchestrator to check if a device ID already exists in
the database before attempting to update the entry.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel merged commit f831d99 into lowRISC:earlgrey_1.0.0 Jan 15, 2025
32 checks passed
@timothytrippel timothytrippel deleted the fix-orchestrator-bug branch January 15, 2025 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moidx moidx moidx approved these changes

@cfrantz cfrantz cfrantz approved these changes

@milesdai milesdai Awaiting requested review from milesdai

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@timothytrippel @cfrantz @moidx