g: add chip unique id generation

Implement system_get_chip_unique_id() for the g hardware.
It includes the hardware revision, the chip device id and
the read-only key id.
The key-id is included because this unique id is used as serial number
inside certificates and for security reason, we want a different id if
the RO has changed (e.g Node locked firmware).
The id is also 32-byte long for convenience reason when used for
certificates, but the high 16 bytes are currently zeros.

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>

BRANCH=cr50
BUG=b:35545754
TEST=dump the x.509 individual attestation certificate which includes
the unique id as serial number.

Change-Id: If24597d0de696d2700122d425724f14703fc5256
Reviewed-on: https://chromium-review.googlesource.com/536774
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 18 insertions, 0 deletions

diff --git a/chip/g/system.c b/chip/g/system.c
index 625bde28a5..f1b45c802e 100644
--- a/chip/g/system.c
+++ b/chip/g/system.c
@@ -218,6 +218,24 @@ const char *system_get_chip_revision(void)
 	return revision_str;
 }
 
+int system_get_chip_unique_id(uint8_t **id)
+{
+	static uint32_t cached[8];
+
+	if (!cached[3]) { /* generate it if it doesn't exist yet */
+		const struct SignedHeader *ro_hdr = (const void *)
+			get_program_memory_addr(system_get_ro_image_copy());
+		const char *rev = get_revision_str();
+
+		cached[0] = ro_hdr->keyid;
+		cached[1] = GREG32(FUSE, DEV_ID0);
+		cached[2] = GREG32(FUSE, DEV_ID1);
+		strncpy((char *)&cached[3], rev, sizeof(cached[3]));
+	}
+	*id = (uint8_t *)cached;
+	return sizeof(cached);
+}
+
 int system_battery_cutoff_support_required(void)
 {
 	switch (get_fuse_set_id())