[update] Make MLDSA as the default pqc algorithm in image options

builder/src/lib.rs

@@ -471,7 +471,7 @@ impl Default for ImageOptions {
             app_svn: Default::default(),
             vendor_config: caliptra_image_fake_keys::VENDOR_CONFIG_KEY_0,
             owner_config: Some(caliptra_image_fake_keys::OWNER_CONFIG),
-            pqc_key_type: FwVerificationPqcKeyType::LMS,
+            pqc_key_type: FwVerificationPqcKeyType::MLDSA,
         }
     }
 }

drivers/src/fuse_bank.rs

@@ -70,23 +70,6 @@ impl From<IdevidCertAttr> for usize {
     }
 }
 
-#[derive(Debug, Default, Clone, Copy, PartialEq, Eq)]
-pub enum RomPqcVerifyConfig {
-    #[default]
-    EcdsaAndLms = 1,
-    EcdsaAndMldsa = 2,
-}
-
-impl From<u8> for RomPqcVerifyConfig {
-    fn from(value: u8) -> Self {
-        match value {
-            1 => RomPqcVerifyConfig::EcdsaAndLms,
-            2 => RomPqcVerifyConfig::EcdsaAndMldsa,
-            _ => RomPqcVerifyConfig::default(),
-        }
-    }
-}
-
 impl FuseBank<'_> {
     /// Get the key id crypto algorithm.
     ///

drivers/src/lib.rs

@@ -72,9 +72,7 @@ pub use error_reporter::{report_fw_error_fatal, report_fw_error_non_fatal};
 pub use exit_ctrl::ExitCtrl;
 #[cfg(feature = "fips-test-hooks")]
 pub use fips_test_hooks::FipsTestHook;
-pub use fuse_bank::{
-    FuseBank, IdevidCertAttr, RomPqcVerifyConfig, VendorPubKeyRevocation, X509KeyIdAlgo,
-};
+pub use fuse_bank::{FuseBank, IdevidCertAttr, VendorPubKeyRevocation, X509KeyIdAlgo};
 pub use hand_off::FirmwareHandoffTable;
 pub use hmac::{Hmac, HmacData, HmacKey, HmacMode, HmacOp, HmacTag};
 pub use hmac_kdf::hmac_kdf;

image/types/src/lib.rs

@@ -190,7 +190,7 @@ impl Default for ImagePqcSignature {
     }
 }
 
-#[derive(Copy, Clone, PartialEq, Eq)]
+#[derive(Copy, Clone, PartialEq, Eq, Debug)]
 pub enum FwVerificationPqcKeyType {
     LMS = 1,
     MLDSA = 2,
@@ -204,7 +204,7 @@ impl From<FwVerificationPqcKeyType> for u8 {
 
 impl Default for FwVerificationPqcKeyType {
     fn default() -> Self {
-        Self::LMS
+        Self::MLDSA
     }
 }
 

image/verify/src/lib.rs

@@ -75,8 +75,8 @@ pub struct ImageVerificationInfo {
     /// Vendor PQC (LMS or MLDSA) public key index
     pub vendor_pqc_pub_key_idx: u32,
 
-    /// PQC Verification Configuration
-    pub pqc_verify_config: RomPqcVerifyConfig,
+    /// PQC Key Type
+    pub pqc_key_type: FwVerificationPqcKeyType,
 
     /// Digest of owner public keys that verified the image
     pub owner_pub_keys_digest: ImageDigest384,

image/verify/src/verifier.rs

@@ -156,7 +156,7 @@ impl<Env: ImageVerificationEnv> ImageVerifier<Env> {
                     fuse_svn: self.env.runtime_fuse_svn(),
                 },
             },
-            pqc_verify_config: manifest.pqc_key_type.into(),
+            pqc_key_type,
         };
 
         Ok(info)

rom/dev/src/flow/cold_reset/fmc_alias.rs

@@ -222,7 +222,7 @@ impl FmcAliasLayer {
             soc_ifc.fuse_bank().anti_rollback_disable() as u8,
             data_vault.vendor_ecc_pk_index() as u8,
             data_vault.vendor_pqc_pk_index() as u8,
-            fw_proc_info.pqc_verify_config,
+            fw_proc_info.pqc_key_type,
             fw_proc_info.owner_pub_keys_digest_in_fuses as u8,
         ])?;
         hasher.update(&<[u8; 48]>::from(
@@ -323,7 +323,7 @@ impl FmcAliasLayer {
             soc_ifc.fuse_bank().anti_rollback_disable() as u8,
             data_vault.vendor_ecc_pk_index() as u8,
             data_vault.vendor_pqc_pk_index() as u8,
-            fw_proc_info.pqc_verify_config,
+            fw_proc_info.pqc_key_type,
             fw_proc_info.owner_pub_keys_digest_in_fuses as u8,
         ])?;
         hasher.update(&<[u8; 48]>::from(

rom/dev/src/flow/cold_reset/fw_processor.rs

@@ -51,7 +51,7 @@ pub struct FwProcInfo {
 
     pub owner_pub_keys_digest_in_fuses: bool,
 
-    pub pqc_verify_config: u8,
+    pub pqc_key_type: u8,
 }
 
 pub struct FirmwareProcessor {}
@@ -157,7 +157,7 @@ impl FirmwareProcessor {
             fmc_cert_valid_not_after: nf,
             effective_fuse_svn: info.effective_fuse_svn,
             owner_pub_keys_digest_in_fuses: info.owner_pub_keys_digest_in_fuses,
-            pqc_verify_config: info.pqc_verify_config as u8,
+            pqc_key_type: info.pqc_key_type as u8,
         })
     }
 

rom/dev/src/pcr.rs

@@ -92,7 +92,7 @@ pub(crate) fn extend_pcrs(
         data_vault.fmc_svn() as u8,
         info.effective_fuse_svn as u8,
         data_vault.vendor_pqc_pk_index() as u8,
-        info.pqc_verify_config as u8,
+        info.pqc_key_type as u8,
         info.owner_pub_keys_digest_in_fuses as u8,
     ];
 

rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs

@@ -15,8 +15,7 @@ use caliptra_common::RomBootStatus::*;
 use caliptra_common::{FirmwareHandoffTable, FuseLogEntry, FuseLogEntryId};
 use caliptra_common::{PcrLogEntry, PcrLogEntryId};
 use caliptra_drivers::memory_layout::*;
-use caliptra_drivers::{pcr_log::MeasurementLogEntry, DataVault};
-use caliptra_drivers::{PcrId, RomPqcVerifyConfig};
+use caliptra_drivers::{pcr_log::MeasurementLogEntry, DataVault, PcrId};
 use caliptra_error::CaliptraError;
 use caliptra_hw_model::{BootParams, Fuses, HwModel, InitParams, ModelError, SecurityState};
 use caliptra_image_crypto::OsslCrypto as Crypto;
@@ -202,7 +201,7 @@ fn test_pcr_log() {
             FMC_SVN as u8,
             0_u8,
             VENDOR_CONFIG_KEY_1.pqc_key_idx as u8,
-            RomPqcVerifyConfig::EcdsaAndLms as u8,
+            FwVerificationPqcKeyType::MLDSA as u8,
             true as u8,
         ],
     );
@@ -303,7 +302,7 @@ fn test_pcr_log_no_owner_key_digest_fuse() {
             0_u8,
             0_u8,
             VENDOR_CONFIG_KEY_1.pqc_key_idx as u8,
-            RomPqcVerifyConfig::EcdsaAndLms as u8,
+            FwVerificationPqcKeyType::MLDSA as u8,
             false as u8,
         ],
     );
@@ -398,7 +397,7 @@ fn test_pcr_log_fmc_fuse_svn() {
             FMC_SVN as u8,
             FMC_FUSE_SVN as u8,
             VENDOR_CONFIG_KEY_1.pqc_key_idx as u8,
-            RomPqcVerifyConfig::EcdsaAndLms as u8,
+            FwVerificationPqcKeyType::MLDSA as u8,
             true as u8,
         ],
     );

rom/dev/tests/rom_integration_tests/test_image_validation.rs

@@ -457,6 +457,7 @@ fn test_preamble_vendor_lms_pubkey_revocation() {
         let mut image_options = ImageOptions::default();
         let key_idx = vendor_config.pqc_key_idx;
         image_options.vendor_config = vendor_config;
+        image_options.pqc_key_type = FwVerificationPqcKeyType::LMS;
 
         let fuses = caliptra_hw_model::Fuses {
             fuse_lms_revocation: 1u32 << image_options.vendor_config.pqc_key_idx,
@@ -763,8 +764,11 @@ fn test_header_verify_vendor_lms_sig_mismatch() {
     let fuses = caliptra_hw_model::Fuses {
         ..Default::default()
     };
-    let (mut hw, mut image_bundle) =
-        helpers::build_hw_model_and_image_bundle(fuses, ImageOptions::default());
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
+    let (mut hw, mut image_bundle) = helpers::build_hw_model_and_image_bundle(fuses, image_options);
 
     // Modify the vendor public key.
     let lms_pub_key_backup = image_bundle.manifest.preamble.vendor_pqc_active_pub_key;
@@ -791,8 +795,11 @@ fn test_header_verify_vendor_lms_sig_mismatch() {
     let fuses = caliptra_hw_model::Fuses {
         ..Default::default()
     };
-    let (mut hw, mut image_bundle) =
-        helpers::build_hw_model_and_image_bundle(fuses, ImageOptions::default());
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
+    let (mut hw, mut image_bundle) = helpers::build_hw_model_and_image_bundle(fuses, image_options);
 
     // Modify the vendor signature.
     image_bundle.manifest.preamble.vendor_pqc_active_pub_key = lms_pub_key_backup;
@@ -826,8 +833,11 @@ fn test_header_verify_owner_lms_sig_mismatch() {
     let fuses = caliptra_hw_model::Fuses {
         ..Default::default()
     };
-    let (mut hw, mut image_bundle) =
-        helpers::build_hw_model_and_image_bundle(fuses, ImageOptions::default());
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
+    let (mut hw, mut image_bundle) = helpers::build_hw_model_and_image_bundle(fuses, image_options);
 
     // Modify the owner public key.
     let lms_pub_key_backup = image_bundle.manifest.preamble.owner_pub_keys.pqc_pub_key;
@@ -855,8 +865,11 @@ fn test_header_verify_owner_lms_sig_mismatch() {
     let fuses = caliptra_hw_model::Fuses {
         ..Default::default()
     };
-    let (mut hw, mut image_bundle) =
-        helpers::build_hw_model_and_image_bundle(fuses, ImageOptions::default());
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
+    let (mut hw, mut image_bundle) = helpers::build_hw_model_and_image_bundle(fuses, image_options);
 
     // Modify the owner signature.
     image_bundle.manifest.preamble.owner_pub_keys.pqc_pub_key = lms_pub_key_backup;
@@ -2095,24 +2108,31 @@ fn update_header(image_bundle: &mut ImageBundle) {
         runtime: ElfExecutable::default(),
         vendor_config: opts.vendor_config,
         owner_config: opts.owner_config,
-        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        pqc_key_type: FwVerificationPqcKeyType::from_u8(image_bundle.manifest.pqc_key_type)
+            .unwrap(),
     };
 
     let gen = ImageGenerator::new(Crypto::default());
     let vendor_header_digest_384 = gen
         .vendor_header_digest_384(&image_bundle.manifest.header)
         .unwrap();
+    let vendor_header_digest_512 = gen
+        .vendor_header_digest_512(&image_bundle.manifest.header)
+        .unwrap();
     let vendor_header_digest_holder = ImageDigestHolder {
         digest_384: &vendor_header_digest_384,
-        digest_512: None,
+        digest_512: Some(&vendor_header_digest_512),
     };
 
     let owner_header_digest_384 = gen
         .owner_header_digest_384(&image_bundle.manifest.header)
         .unwrap();
+    let owner_header_digest_512 = gen
+        .owner_header_digest_512(&image_bundle.manifest.header)
+        .unwrap();
     let owner_header_digest_holder = ImageDigestHolder {
         digest_384: &owner_header_digest_384,
-        digest_512: None,
+        digest_512: Some(&owner_header_digest_512),
     };
 
     image_bundle.manifest.preamble = gen
@@ -2728,7 +2748,7 @@ fn test_header_verify_vendor_mldsa_pub_key_in_preamble_and_header() {
         hw.upload_firmware(&image_bundle.to_bytes().unwrap())
             .unwrap_err(),
         ModelError::MailboxCmdFailed(
-            CaliptraError::IMAGE_VERIFIER_ERR_VENDOR_MLDSA_SIGNATURE_INVALID.into()
+            CaliptraError::IMAGE_VERIFIER_ERR_VENDOR_PQC_PUB_KEY_INDEX_MISMATCH.into()
         )
     );
 }

runtime/src/authorize_and_stash.rs

@@ -29,7 +29,7 @@ use caliptra_common::mailbox_api::{
 use caliptra_drivers::{
     pcr_log::PCR_ID_STASH_MEASUREMENT, Array4x12, Array4xN, AuthManifestImageMetadataList,
     CaliptraError, CaliptraResult, Ecc384, Ecc384PubKey, Ecc384Signature, HashValue, Lms,
-    PersistentData, RomPqcVerifyConfig, Sha256, Sha2_512_384, SocIfc,
+    PersistentData, Sha256, Sha2_512_384, SocIfc,
 };
 use caliptra_image_types::{
     ImageDigest384, ImageEccPubKey, ImageEccSignature, ImageLmsPublicKey, ImageLmsSignature,

runtime/src/set_auth_manifest.rs

@@ -29,7 +29,7 @@ use caliptra_common::mailbox_api::{
 use caliptra_drivers::{
     pcr_log::PCR_ID_STASH_MEASUREMENT, Array4x12, Array4xN, AuthManifestImageMetadataList,
     CaliptraError, CaliptraResult, Ecc384, Ecc384PubKey, Ecc384Signature, HashValue, Lms,
-    PersistentData, RomPqcVerifyConfig, Sha256, Sha2_512_384, SocIfc,
+    PersistentData, Sha256, Sha2_512_384, SocIfc,
 };
 use caliptra_image_types::{
     ImageDigest384, ImageEccPubKey, ImageEccSignature, ImageLmsPublicKey, ImageLmsSignature,

runtime/tests/runtime_integration_tests/common.rs

@@ -19,6 +19,7 @@ use caliptra_hw_model::{
     BootParams, CodeRange, DefaultHwModel, Fuses, HwModel, ImageInfo, InitParams, ModelError,
     StackInfo, StackRange,
 };
+use caliptra_image_types::FwVerificationPqcKeyType;
 use dpe::{
     commands::{Command, CommandHdr},
     response::{
@@ -69,6 +70,7 @@ pub fn run_rt_test_lms(args: RuntimeTestArgs) -> DefaultHwModel {
         opts.vendor_config.pl0_pauser = Some(0x1);
         opts.fmc_version = DEFAULT_FMC_VERSION;
         opts.app_version = DEFAULT_APP_VERSION;
+        opts.pqc_key_type = FwVerificationPqcKeyType::LMS;
         opts
     });
 

runtime/tests/runtime_integration_tests/test_authorize_and_stash.rs

@@ -15,6 +15,7 @@ use caliptra_common::mailbox_api::{
     MailboxReqHeader, SetAuthManifestReq,
 };
 use caliptra_hw_model::{DefaultHwModel, HwModel};
+use caliptra_image_types::FwVerificationPqcKeyType;
 use caliptra_runtime::RtBootStatus;
 use caliptra_runtime::{IMAGE_AUTHORIZED, IMAGE_NOT_AUTHORIZED};
 use sha2::{Digest, Sha384};
@@ -40,7 +41,15 @@ pub const FW_ID_2: [u8; 4] = [0x02, 0x00, 0x00, 0x00];
 pub const FW_ID_BAD: [u8; 4] = [0xDE, 0xED, 0xBE, 0xEF];
 
 fn set_auth_manifest(auth_manifest: Option<AuthorizationManifest>) -> DefaultHwModel {
-    let mut model = run_rt_test(RuntimeTestArgs::default());
+    let runtime_args = RuntimeTestArgs {
+        test_image_options: Some(ImageOptions {
+            pqc_key_type: FwVerificationPqcKeyType::LMS,
+            ..Default::default()
+        }),
+        ..Default::default()
+    };
+
+    let mut model = run_rt_test(runtime_args);
 
     model.step_until(|m| {
         m.soc_ifc().cptra_boot_status().read() == u32::from(RtBootStatus::RtReadyForCommands)
@@ -107,10 +116,14 @@ fn test_authorize_and_stash_cmd_deny_authorization() {
     );
 
     // create a new fw image with the runtime replaced by the mbox responder
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
     let updated_fw_image = caliptra_builder::build_and_sign_image(
         &FMC_WITH_UART,
         &firmware::runtime_tests::MBOX,
-        ImageOptions::default(),
+        image_options,
     )
     .unwrap()
     .to_bytes()
@@ -163,10 +176,14 @@ fn test_authorize_and_stash_cmd_success() {
     assert_eq!(authorize_and_stash_resp.auth_req_result, IMAGE_AUTHORIZED);
 
     // create a new fw image with the runtime replaced by the mbox responder
+    let image_options = ImageOptions {
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
+        ..Default::default()
+    };
     let updated_fw_image = caliptra_builder::build_and_sign_image(
         &FMC_WITH_UART,
         &firmware::runtime_tests::MBOX,
-        ImageOptions::default(),
+        image_options,
     )
     .unwrap()
     .to_bytes()

runtime/tests/runtime_integration_tests/test_boot.rs

@@ -9,6 +9,7 @@ use caliptra_common::{
     RomBootStatus,
 };
 use caliptra_hw_model::{BootParams, Fuses, HwModel, InitParams, SecurityState};
+use caliptra_image_types::FwVerificationPqcKeyType;
 use caliptra_runtime::RtBootStatus;
 use sha2::{Digest, Sha384};
 use zerocopy::AsBytes;
@@ -72,6 +73,7 @@ fn test_fw_version() {
 fn test_update() {
     let image_options = ImageOptions {
         app_version: 0xaabbccdd,
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
         ..Default::default()
     };
     // Make image to update to. On the FPGA this needs to be done before executing the test,
@@ -107,10 +109,12 @@ fn test_stress_update() {
     let app_versions = [0xaaabbbbc, 0xaaabbbbd];
     let image_options_0 = ImageOptions {
         app_version: app_versions[0],
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
         ..Default::default()
     };
     let image_options_1 = ImageOptions {
         app_version: app_versions[1],
+        pqc_key_type: FwVerificationPqcKeyType::LMS,
         ..Default::default()
     };