Implement epoch-based rollback protection in LPC55 update_server

Author: lzrd

Cargo.lock

@@ -117,11 +117,15 @@ zip = { version = "0.6", default-features = false, features = ["bzip2"] }
 # Oxide forks and repos
 attest-data = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.1.0" }
 dice-mfg-msgs = { git = "https://github.com/oxidecomputer/dice-util", default-features = false, version = "0.2.1" }
-gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
+#gateway-messages = { git = "https://github.com/oxidecomputer/management-gateway-service", default-features = false, features = ["smoltcp"] }
+# XXX fix before push
+gateway-messages = { path = "/home/stoltz/Oxide/src/mgs/epoch/gateway-messages",  default-features = false, features = ["smoltcp"] }
 gimlet-inspector-protocol = { git = "https://github.com/oxidecomputer/gimlet-inspector-protocol", version = "0.1.0" }
 hif = { git = "https://github.com/oxidecomputer/hif", default-features = false }
 humpty = { git = "https://github.com/oxidecomputer/humpty", default-features = false, version = "0.1.3" }
-hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, version = "0.4.1" }
+#hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, version = "0.4.1" }
+# XXX fix before push
+hubtools = { git = "https://github.com/oxidecomputer/hubtools", default-features = false, branch = "epoch", version = "0.4.7" }
 idol = { git = "https://github.com/oxidecomputer/idolatry.git", default-features = false }
 idol-runtime = { git = "https://github.com/oxidecomputer/idolatry.git", default-features = false }
 lpc55_sign = { git = "https://github.com/oxidecomputer/lpc55_support", default-features = false }

Cargo.toml

@@ -3,6 +3,7 @@ chip = "../../chips/stm32h7"
 memory = "memory-large.toml"
 stacksize = 896
 fwid = true
+epoch = 0
 
 [kernel]
 name = "gimlet"

app/gimlet/base.toml

@@ -48,7 +48,7 @@ start = true
 [tasks.update_server]
 name = "lpc55-update-server"
 priority = 3
-max-sizes = {flash = 27008, ram = 16704}
+max-sizes = {flash = 30368, ram = 16704}
 stacksize = 8192
 start = true
 sections = {bootstate = "usbsram"}

app/lpc55xpresso/app.toml

@@ -49,7 +49,7 @@ start = true
 [tasks.update_server]
 name = "lpc55-update-server"
 priority = 3
-max-sizes = {flash = 27904, ram = 17344, usbsram = 4096}
+max-sizes = {flash = 30368, ram = 17344, usbsram = 4096}
 # TODO: Size this appropriately
 stacksize = 8192
 start = true

app/oxide-rot-1/app-dev.toml

@@ -611,7 +611,7 @@ pub fn package(
                 // The Git hash is included in the default caboose under the key
                 // `GITC`, so we don't include it in the pseudo-version.
                 archive
-                    .write_default_caboose(None)
+                    .write_default_caboose(None, None)
                     .context("writing caboose into archive")?;
                 archive.overwrite().context("overwriting archive")?;
             }
@@ -621,8 +621,13 @@ pub fn package(
         if let Some(signing) = &cfg.toml.signing {
             let mut archive = hubtools::RawHubrisArchive::load(&archive_name)
                 .context("loading archive with hubtools")?;
+            let priv_key_rel_path = signing
+                .certs
+                .private_key
+                .clone()
+                .context("missing private key path")?;
             let private_key = lpc55_sign::cert::read_rsa_private_key(
-                &cfg.app_src_dir.join(&signing.certs.private_key),
+                &cfg.app_src_dir.join(priv_key_rel_path),
             )
             .with_context(|| {
                 format!(

build/xtask/src/dist.rs

@@ -242,6 +242,16 @@ impl From<RotSlot> for SlotId {
     }
 }
 
+impl SlotId {
+    pub fn other(&self) -> SlotId {
+        if *self == SlotId::A {
+            SlotId::B
+        } else {
+            SlotId::A
+        }
+    }
+}
+
 impl TryFrom<u16> for SlotId {
     type Error = ();
     fn try_from(i: u16) -> Result<Self, Self::Error> {