From ac23396b3786dfd029c15f790584fd99fc5d876f Mon Sep 17 00:00:00 2001 From: Matt Keeter Date: Mon, 20 Oct 2025 13:25:41 -0400 Subject: [PATCH] Use measurement token in auxflash reset as well --- Cargo.lock | 4 ++-- cmd/auxflash/src/lib.rs | 2 +- cmd/flash/Cargo.toml | 1 - cmd/flash/src/lib.rs | 19 ++----------------- cmd/tofino-eeprom/src/lib.rs | 4 ---- humility-core/Cargo.toml | 1 + humility-core/src/core.rs | 22 ++++++++++++++++++++++ 7 files changed, 28 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 527dd9ca..91204cf9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1590,7 +1590,6 @@ dependencies = [ "humility-cortex", "humility-probes-core", "ihex", - "measurement-token", "num-traits", "parse_int", "path-slash", @@ -2359,6 +2358,7 @@ dependencies = [ "indicatif", "libc", "log", + "measurement-token", "multimap", "num-derive 0.4.2", "num-traits", @@ -2828,7 +2828,7 @@ dependencies = [ [[package]] name = "measurement-token" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/lpc55_support#936f7d55b76d35165816f6f876f9fa9390fd4f5a" +source = "git+https://github.com/oxidecomputer/lpc55_support#b507bc6d5dbebabc1d4c9b1ea3c8f24afd68fcae" [[package]] name = "memchr" diff --git a/cmd/auxflash/src/lib.rs b/cmd/auxflash/src/lib.rs index 768bc8dd..dbacbe13 100644 --- a/cmd/auxflash/src/lib.rs +++ b/cmd/auxflash/src/lib.rs @@ -353,7 +353,7 @@ impl<'a> AuxFlashHandler<'a> { } pub fn reset(&mut self) -> Result<()> { - self.core.reset() + self.core.reset_with_handoff(self.hubris) } pub fn auxflash_write_from_archive( diff --git a/cmd/flash/Cargo.toml b/cmd/flash/Cargo.toml index e5f2d042..b776f819 100644 --- a/cmd/flash/Cargo.toml +++ b/cmd/flash/Cargo.toml @@ -13,7 +13,6 @@ humility-probes-core = { workspace = true } cmd-auxflash = { workspace = true } clap = { workspace = true } anyhow = { workspace = true } -measurement-token = { workspace = true } parse_int = { workspace = true } num-traits = { workspace = true } tempfile = { workspace = true } diff --git a/cmd/flash/src/lib.rs b/cmd/flash/src/lib.rs index 381f49b5..a26b2db9 100644 --- a/cmd/flash/src/lib.rs +++ b/cmd/flash/src/lib.rs @@ -407,23 +407,8 @@ fn flashcmd(context: &mut ExecutionContext) -> Result<()> { std::thread::sleep(std::time::Duration::from_millis(delay)); } - // If this image uses handoff to send a measurement token between the RoT - // and SP, this won't work with a debugger physically attached. To prevent - // the SP from resetting itself, we write a different token which skips this - // reboot loop. The memory address and token values are pulled from the - // `measurement-token` crate in `lpc55_support`, which is also used in the - // SP firmware. - if hubris.manifest.features.iter().any(|s| s == "measurement-handoff") { - core.reset_and_halt(std::time::Duration::from_millis(25))?; - humility::msg!("skipping measurement token handoff"); - core.write_word_32( - measurement_token::SP_ADDR as u32, - measurement_token::SKIP, - )?; - core.run()?; - } else { - core.reset()?; - } + // Reset, using the handoff token if present in the archive + core.reset_with_handoff(hubris)?; // At this point, we can attempt to program the auxiliary flash. This has // to happen *after* the image is flashed and the core is reset, because it diff --git a/cmd/tofino-eeprom/src/lib.rs b/cmd/tofino-eeprom/src/lib.rs index 4dcc299d..1fbc7582 100644 --- a/cmd/tofino-eeprom/src/lib.rs +++ b/cmd/tofino-eeprom/src/lib.rs @@ -140,10 +140,6 @@ impl<'a> EepromHandler<'a> { humility::msg!("done"); Ok(()) } - - pub fn reset(&mut self) -> Result<()> { - self.core.reset() - } } //////////////////////////////////////////////////////////////////////////////// diff --git a/humility-core/Cargo.toml b/humility-core/Cargo.toml index dc5d877a..3d79d595 100644 --- a/humility-core/Cargo.toml +++ b/humility-core/Cargo.toml @@ -21,6 +21,7 @@ idol.workspace = true indexmap.workspace = true indicatif.workspace = true log.workspace = true +measurement-token.workspace = true multimap.workspace = true num-derive.workspace = true num-traits.workspace = true diff --git a/humility-core/src/core.rs b/humility-core/src/core.rs index 370c9255..05c20c72 100644 --- a/humility-core/src/core.rs +++ b/humility-core/src/core.rs @@ -69,6 +69,28 @@ pub trait Core { /// halt fn reset_and_halt(&mut self, dur: std::time::Duration) -> Result<()>; + /// Reset the chip, with special handling for measurement handoff + /// + /// If this image uses handoff to send a measurement token between the RoT + /// and SP, this won't work with a debugger physically attached. To prevent + /// the SP from resetting itself, we write a different token which skips + /// this reboot loop. The memory address and token values are pulled from + /// the `measurement-token` crate in `lpc55_support`, which is also used in + /// the SP firmware. + fn reset_with_handoff(&mut self, hubris: &HubrisArchive) -> Result<()> { + if hubris.manifest.features.iter().any(|s| s == "measurement-handoff") { + self.reset_and_halt(std::time::Duration::from_millis(25))?; + crate::msg!("skipping measurement token handoff"); + self.write_word_32( + measurement_token::SP_ADDR as u32, + measurement_token::SKIP, + )?; + self.run() + } else { + self.reset() + } + } + /// Called before starting a series of operations. May halt the target if /// the target does not allow operations while not halted. Should not be /// intermixed with [`halt`]/[`run`].