Allow for more RoT/SP image variants in the TUF repo (#6867)

It's useful to be able to package extra images for other use
cases (e.g. manufacturing) in the same TUF repo. Allow this
by making a few adjustments

- Require all SP images to have a unique `name` instead of
a unique `board`. We will still select by `board` via
wicketd meaning the actual runtime behavior should still be the same.

- Add an extra check for the RoT to make sure the board name
in the caboose matches the image selection at run time. This
lets us package an `oxide-rot-1` and `oxide-rot-1-selfsigned`
signed with the same keys in the same repository. We only
allow one board name per signing key.

- The RoT bootloader does not need this type of flexibility so
ensure we only allow one entry per signing key.

The same restrictions for versions still apply.

Co-authored-by: Laura Abbott <[email protected]>

Author: labbott

tufaceous-lib/src/assemble/manifest.rs

@@ -93,12 +93,9 @@ impl ArtifactManifest {
                         ArtifactSource::File(base_dir.join(path))
                     }
                     DeserializedArtifactSource::Fake { size } => {
-                        let fake_data = FakeDataAttributes::new(
-                            &data.name,
-                            kind,
-                            &data.version,
-                        )
-                        .make_data(size as usize);
+                        let fake_data =
+                            FakeDataAttributes::new(kind, &data.version)
+                                .make_data(size as usize);
                         ArtifactSource::Memory(fake_data.into())
                     }
                     DeserializedArtifactSource::CompositeHost {
@@ -128,19 +125,11 @@ impl ArtifactManifest {
                             mtime_source,
                         )?;
                         phase_1.with_entry(
-                            FakeDataAttributes::new(
-                                "fake-phase-1",
-                                kind,
-                                &data.version,
-                            ),
+                            FakeDataAttributes::new(kind, &data.version),
                             |entry| builder.append_phase_1(entry),
                         )?;
                         phase_2.with_entry(
-                            FakeDataAttributes::new(
-                                "fake-phase-2",
-                                kind,
-                                &data.version,
-                            ),
+                            FakeDataAttributes::new(kind, &data.version),
                             |entry| builder.append_phase_2(entry),
                         )?;
                         ArtifactSource::Memory(builder.finish()?.into())
@@ -173,19 +162,11 @@ impl ArtifactManifest {
                             mtime_source,
                         )?;
                         archive_a.with_entry(
-                            FakeDataAttributes::new(
-                                "fake-rot-archive-a",
-                                kind,
-                                &data.version,
-                            ),
+                            FakeDataAttributes::new(kind, &data.version),
                             |entry| builder.append_archive_a(entry),
                         )?;
                         archive_b.with_entry(
-                            FakeDataAttributes::new(
-                                "fake-rot-archive-b",
-                                kind,
-                                &data.version,
-                            ),
+                            FakeDataAttributes::new(kind, &data.version),
                             |entry| builder.append_archive_b(entry),
                         )?;
                         ArtifactSource::Memory(builder.finish()?.into())
@@ -261,18 +242,13 @@ impl ArtifactManifest {
 
 #[derive(Debug)]
 struct FakeDataAttributes<'a> {
-    name: &'a str,
     kind: KnownArtifactKind,
     version: &'a SemverVersion,
 }
 
 impl<'a> FakeDataAttributes<'a> {
-    fn new(
-        name: &'a str,
-        kind: KnownArtifactKind,
-        version: &'a SemverVersion,
-    ) -> Self {
-        Self { name, kind, version }
+    fn new(kind: KnownArtifactKind, version: &'a SemverVersion) -> Self {
+        Self { kind, version }
     }
 
     fn make_data(&self, size: usize) -> Vec<u8> {
@@ -298,12 +274,14 @@ impl<'a> FakeDataAttributes<'a> {
         };
 
         // For our purposes sign = board represents what we want for the RoT
-        // and we don't care about the SP at this point
+        // and we don't care about the sign value for the SP
+        // We now have an assumption that board == name for our production
+        // images
         let caboose = CabooseBuilder::default()
             .git_commit("this-is-fake-data")
             .board(board)
             .version(self.version.to_string())
-            .name(self.name)
+            .name(board)
             .sign(board)
             .build();