From 589cf91cfa2d4b2fb1de4061fc732ed927769bf2 Mon Sep 17 00:00:00 2001
From: Chris Frantz <cfrantz@google.com>
Date: Tue, 10 Sep 2024 16:32:40 -0700
Subject: [PATCH 1/2] [rom_ext, ownership] Add fake ECDSA application keys

Add `prod`, `dev` and `test` ECDSA keys for testing.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 01c4d716b49e86307edcb8648f0f3283745e1791)
(cherry picked from commit f9493550da01ad84ccd256dddc90db2d8e118267)
---
 .../lib/ownership/keys/fake/BUILD             |  41 ++++++++++++++++++
 .../keys/fake/app_dev_ecdsa_p256.der          | Bin 0 -> 138 bytes
 .../ownership/keys/fake/app_dev_ecdsa_p256.h  |  15 +++++++
 .../keys/fake/app_dev_ecdsa_p256.pub.der      | Bin 0 -> 91 bytes
 .../keys/fake/app_prod_ecdsa_p256.der         | Bin 0 -> 138 bytes
 .../ownership/keys/fake/app_prod_ecdsa_p256.h |  15 +++++++
 .../keys/fake/app_prod_ecdsa_p256.pub.der     | Bin 0 -> 91 bytes
 .../keys/fake/app_test_ecdsa_p256.der         | Bin 0 -> 138 bytes
 .../ownership/keys/fake/app_test_ecdsa_p256.h |  15 +++++++
 .../keys/fake/app_test_ecdsa_p256.pub.der     | Bin 0 -> 91 bytes
 .../keys/fake/app_unauthorized_ecdsa_p256.der | Bin 0 -> 138 bytes
 .../fake/app_unauthorized_ecdsa_p256.pub.der  | Bin 0 -> 91 bytes
 12 files changed, 86 insertions(+)
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.pub.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.pub.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.pub.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.pub.der

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
index 3c27b1b0bf3cd..4f768598cf75e 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
@@ -2,6 +2,8 @@
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
 
+load("//rules/opentitan:keyutils.bzl", "key_ecdsa")
+
 package(default_visibility = ["//visibility:public"])
 
 cc_library(
@@ -9,8 +11,11 @@ cc_library(
     testonly = True,
     hdrs = [
         "activate_ecdsa_p256.h",
+        "app_dev_ecdsa_p256.h",
         "app_dev_key_rsa_3072_exp_f4.h",
+        "app_prod_ecdsa_p256.h",
         "app_prod_key_rsa_3072_exp_f4.h",
+        "app_test_ecdsa_p256.h",
         "app_test_key_rsa_3072_exp_f4.h",
         "owner_ecdsa_p256.h",
         "unlock_ecdsa_p256.h",
@@ -65,3 +70,39 @@ filegroup(
     name = "app_prod_pub",
     srcs = ["app_prod_key_rsa_3072_exp_f4.pub.der"],
 )
+
+key_ecdsa(
+    name = "app_prod_ecdsa",
+    config = "EcdsaP256",
+    method = "local",
+    private_key = "app_prod_ecdsa_p256.der",
+    pub_key = "app_prod_ecdsa_p256.pub.der",
+    type = "ProdKey",
+)
+
+key_ecdsa(
+    name = "app_dev_ecdsa",
+    config = "EcdsaP256",
+    method = "local",
+    private_key = "app_dev_ecdsa_p256.der",
+    pub_key = "app_dev_ecdsa_p256.pub.der",
+    type = "DevKey",
+)
+
+key_ecdsa(
+    name = "app_test_ecdsa",
+    config = "EcdsaP256",
+    method = "local",
+    private_key = "app_test_ecdsa_p256.der",
+    pub_key = "app_test_ecdsa_p256.pub.der",
+    type = "TestKey",
+)
+
+key_ecdsa(
+    name = "app_unauthorized_ecdsa",
+    config = "EcdsaP256",
+    method = "local",
+    private_key = "app_unauthorized_ecdsa_p256.der",
+    pub_key = "app_unauthorized_ecdsa_p256.pub.der",
+    type = "TestKey",
+)
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.der
new file mode 100644
index 0000000000000000000000000000000000000000..ec5e6eb92b8e1f654888d53c389382b6fb0da1b8
GIT binary patch
literal 138
zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$ikGog?7ZAq#`
zb-qbI>s^QJ|EBu)WhGEN0@ev#uGN~ML<2$q1gv{6`E`MTKTh`c9x()yu9U!Q%C1{x
s)M6rK?%mWn44{u1kcK{X{V{%5MC;7{OXb8^-jGp9+y~nnQN^k|Qe28TiU0rr

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
new file mode 100644
index 0000000000000..e644ad1075a5b
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
+
+#define APP_DEV_ECDSA_P256                                                  \
+  {                                                                         \
+    0xddd43a0c, 0x622265ee, 0xae5b66d4, 0x94c06bca, 0x310493ae, 0x4ef6f61e, \
+        0x7581813f, 0xac7b2ff9, 0xc5aa3b52, 0x07db1c51, 0x905148dc,         \
+        0xe5c458de, 0xebccfe4b, 0x317e5744, 0x863e76fd, 0xa08f1a90,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000000000000000000000000000000..210607aa6eeb473659cf2a15afe2e1874978987f
GIT binary patch
literal 91
zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|e$u*8f@B*l6$f?VFq-%j9)a4rHHN7oBz`
uNh$T+-78i+3;LxdwAq#YHLMGFd41-e_tPU0_a+2-++n{h6L@r$br1m6r6xN7

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.der
new file mode 100644
index 0000000000000000000000000000000000000000..82ae4a26f574227d09e671318bad60f9b10ef71e
GIT binary patch
literal 138
zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$km)kN2$@@$t>
z(SD}9EKH?T9`AD`1GVN%uwBg<qIapGL<2$q1Tx-&zzy^8>R{GSiyBl1y!U7;apxwC
sBxP;!A0}I8Ye&>p^sH6NNJ`ny)MgVT+BJ!DGpU;$Sl!<fWF&zHuyv_7zyJUM

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
new file mode 100644
index 0000000000000..6bb52decc3c74
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
+
+#define APP_PROD_ECDSA_P256                                                 \
+  {                                                                         \
+    0x265b676b, 0x656df11f, 0xe7268c24, 0xf7682b71, 0x1a5407bc, 0x60d64f8b, \
+        0x0df3f0ea, 0x32de82c0, 0x248107b0, 0xdddf1364, 0xa99b1d58,         \
+        0x35897333, 0x661324da, 0x4ad9cfd4, 0xac55ca48, 0x47d456f4,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000000000000000000000000000000..b83e450c8e797fe21c7df6a79e0142d20f74fc71
GIT binary patch
literal 91
zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|ZijYdXOD`NOM(YyRC*A?$m;XJ{8bSL;zp
t&HX5^7M-5$ekJV7n$S}oUN_HQNfTDNW!hP6ymGc|#NGSCDJqTZ8vwHrBme*a

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.der
new file mode 100644
index 0000000000000000000000000000000000000000..de282632d8fee16e728068ceda321e456d003ef7
GIT binary patch
literal 138
zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$j-6xv-GUDiK6
zGi=5VSh=|%;`8+=-7H^62JMzv>69s<L<2$q1mDZUY3+4Awd+0$^wR50-L*eA@jKbf
scaJecF3!>O!SB;;=C2bv4h=nRe7|>s*&Kk;x!|cjxcxSldm{`e#axLxH~;_u

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
new file mode 100644
index 0000000000000..ed382286df377
--- /dev/null
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
@@ -0,0 +1,15 @@
+// Copyright lowRISC contributors (OpenTitan project).
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
+
+#define APP_TEST_ECDSA_P256                                                 \
+  {                                                                         \
+    0xced1f3c1, 0x8f31432e, 0x3bd9cc77, 0xb53f37f1, 0xd2eb4cdd, 0xeb3e0bf4, \
+        0xed753db5, 0xdfcbc369, 0x230c28c5, 0xfd36977b, 0xe0a93eb8,         \
+        0x1c80d1b9, 0xbf7782d9, 0x0d3d6d7c, 0xaf133a0e, 0xefd36de6,         \
+  }
+
+#endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000000000000000000000000000000..b9d3a9278e895f84b53e7ae7a416012511827b7e
GIT binary patch
literal 91
zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|gb}eK_-NsqNO+cHCbsz4p1g)!zK0_02Qo
v{f5qZ=PrIe`2KS4v-QGOe7v@~HT%n(Zpt)V-1%Uo-HyLz)2o$vG>!rQS*0jl

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.der
new file mode 100644
index 0000000000000000000000000000000000000000..d7d93c285fc4d80c7bd7c71b97aa0b341fb36c50
GIT binary patch
literal 138
zcmXqLY-eI*Fc4;A*J|@PXUoLM#sOw9GqSVf8e}suGO{RqotGeeS#pZuJRxBQErZK~
zu?##5H<!&cu6lER>+ww09}8WWofud`0=TqfzJ1u)6kWj1Z0KS3(Yf{CgLdnVJ=tG<
qH*5{Aw{3kSaq`5Q&fvuttj}ynx+>1%88u};!>$sK5T?(2_|gFu2Q-%e

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/fake/app_unauthorized_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000000000000000000000000000000..45f840a58b1dd5f191c9860b8758459cb3a6c18e
GIT binary patch
literal 91
zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|dRLaB0bW`>?Yqx`3V8(8KJbbL+nc?baQ8
uvcLLn*cx1K+xkf2<cT+(!HX|gpV^RfRh-2$YRZ0wT_qkNOrQ7gr2_zY=_A$v

literal 0
HcmV?d00001


From bf73b7162716e5908298a6f92e7e36368373ae3c Mon Sep 17 00:00:00 2001
From: Chris Frantz <cfrantz@google.com>
Date: Tue, 10 Sep 2024 17:03:07 -0700
Subject: [PATCH 2/2] [rom_ext] Enable ECDSA verify of owner code

1. Add fake ECDSA keys to the test_owner configuration.
2. Enable ECDSA sigverify in rom_ext_verify.
3. Migrate one test (`rom_ext/e2e/verified_boot:keys`) to ECDSA keys.

The following changes are new (not part of the cherry pick):

4. Migrate `rom_ext/e2e/ownership/..` tests to ECDSA keys.
5. Migrate all execution environments in hw/top_earlgrey to ECDSA keys.

Signed-off-by: Chris Frantz <cfrantz@google.com>
(cherry picked from commit 6ab3872e5e9d49424b7256570bbd1f9401a16277)
Signed-off-by: Miguel Osorio <miguelosorio@google.com>
(cherry picked from commit cc1a3fc0923fc916548bb105e45ae08945478cbe)
---
 hw/top_earlgrey/BUILD                         |  22 +++-----
 .../silicon_creator/lib/ownership/datatypes.h |   9 ++++
 .../lib/ownership/keys/dummy/BUILD            |  15 ++++--
 .../keys/dummy/app_prod_ecdsa_p256.der        | Bin 0 -> 138 bytes
 .../keys/dummy/app_prod_ecdsa_p256.pub.der    | Bin 0 -> 91 bytes
 .../lib/ownership/keys/fake/BUILD             |  21 +++++---
 .../ownership/keys/fake/app_dev_ecdsa_p256.h  |  11 ++--
 .../ownership/keys/fake/app_prod_ecdsa_p256.h |  11 ++--
 .../ownership/keys/fake/app_test_ecdsa_p256.h |  11 ++--
 .../lib/ownership/test_owner.c                |  46 +++++++++--------
 .../rom_ext/e2e/ownership/BUILD               |  48 +++++++++---------
 .../rom_ext/e2e/ownership/defs.bzl            |  10 ++--
 .../rom_ext/e2e/verified_boot/BUILD           |  17 ++++---
 sw/device/silicon_creator/rom_ext/rom_ext.c   |  17 +++++--
 .../rom_ext/rom_ext_boot_policy.c             |   4 +-
 sw/host/opentitanlib/src/image/image.rs       |  30 +++++++----
 .../tests/ownership/flash_permission_test.rs  |   4 +-
 sw/host/tests/ownership/rescue_limit_test.rs  |   2 +-
 .../tests/ownership/rescue_permission_test.rs |   2 +-
 sw/host/tests/ownership/transfer_lib.rs       |   9 ++--
 sw/host/tests/ownership/transfer_test.rs      |   2 +-
 21 files changed, 164 insertions(+), 127 deletions(-)
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.der
 create mode 100644 sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.pub.der

diff --git a/hw/top_earlgrey/BUILD b/hw/top_earlgrey/BUILD
index ea6f0634c199d..e4a69e89efbda 100644
--- a/hw/top_earlgrey/BUILD
+++ b/hw/top_earlgrey/BUILD
@@ -102,7 +102,7 @@ fpga_cw310(
     name = "fpga_cw310_rom_ext",
     testonly = True,
     base = ":fpga_cw310_test_rom",
-    ecdsa_key = CLEAR_KEY_SET,
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "fpga_cw310_rom_ext",
     libs = [
         "//sw/device/lib/arch:boot_stage_owner",
@@ -119,7 +119,6 @@ fpga_cw310(
     },
     rom = "//sw/device/silicon_creator/rom:mask_rom",
     rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
-    rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_test_private_key_0": "test_key_0"},
 )
 
 fpga_cw310(
@@ -156,7 +155,7 @@ fpga_cw310(
     name = "fpga_hyper310_rom_ext",
     testonly = True,
     base = ":fpga_hyper310_rom_with_fake_keys",
-    ecdsa_key = CLEAR_KEY_SET,
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "fpga_hyper310_rom_ext",
     libs = [
         "//sw/device/lib/arch:boot_stage_owner",
@@ -172,7 +171,6 @@ fpga_cw310(
         "assemble": "{rom_ext}@0 {firmware}@0x10000",
     },
     rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
-    rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_test_private_key_0": "test_key_0"},
 )
 
 # FPGA configuration used to emulate silicon targets. This rule can be used by
@@ -203,7 +201,7 @@ fpga_cw310(
     name = "fpga_cw310_sival_rom_ext",
     testonly = True,
     base = ":fpga_hyper310_rom_ext",
-    ecdsa_key = CLEAR_KEY_SET,
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "fpga_cw310_sival_rom_ext",
     libs = [
         "//sw/device/lib/arch:boot_stage_owner",
@@ -211,7 +209,6 @@ fpga_cw310(
     ],
     otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized",
     rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
-    rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_prod_private_key_0": "prod_key_0"},
     tags = ["cw310_sival_rom_ext"],
 )
 
@@ -311,7 +308,7 @@ fpga_cw340(
     name = "fpga_cw340_rom_ext",
     testonly = True,
     base = ":fpga_cw340_rom_with_fake_keys",
-    ecdsa_key = CLEAR_KEY_SET,
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "fpga_cw340_rom_ext",
     libs = [
         "//sw/device/lib/arch:boot_stage_owner",
@@ -327,7 +324,6 @@ fpga_cw340(
         "assemble": "{rom_ext}@0 {firmware}@0x10000",
     },
     rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
-    rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_test_private_key_0": "test_key_0"},
 )
 
 # FPGA configuration used to emulate silicon targets. This rule can be used by
@@ -358,7 +354,7 @@ fpga_cw340(
     name = "fpga_cw340_sival_rom_ext",
     testonly = True,
     base = ":fpga_cw340_rom_ext",
-    ecdsa_key = CLEAR_KEY_SET,
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "fpga_cw340_sival_rom_ext",
     libs = [
         "//sw/device/lib/arch:boot_stage_owner",
@@ -366,7 +362,6 @@ fpga_cw340(
     ],
     otp = "//hw/top_earlgrey/data/otp/sival_skus:otp_img_prod_manuf_personalized",
     rom_ext = "//sw/device/silicon_creator/rom_ext:rom_ext_slot_a",
-    rsa_key = {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_prod_private_key_0": "prod_key_0"},
     tags = ["cw340_sival_rom_ext"],
 )
 
@@ -417,7 +412,8 @@ silicon(
         "--interface={interface}",
     ],
     design = "earlgrey",
-    ecdsa_key = CLEAR_KEY_SET,
+    # TODO(moidx): Switch to real keys once these have been generated.
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
     exec_env = "silicon_owner_sival_rom_ext",
     extract_sw_logs = "//util/device_sw_utils:extract_sw_logs_db",
     flash_scramble_tool = "//util/design:gen-flash-img",
@@ -440,10 +436,6 @@ silicon(
         "//signing:test_keys": "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_a",
         "//conditions:default": "//sw/device/silicon_creator/rom_ext/sival:rom_ext_fake_prod_signed_slot_a",
     }),
-    rsa_key = select({
-        "//signing:test_keys": {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_test_private_key_0": "test_key_0"},
-        "//conditions:default": {"//sw/device/silicon_creator/rom_ext/sival/keys:keyset": "earlgrey_z0_sival_1"},
-    }),
     test_cmd = """
         --exec="transport init"
         --exec="bootstrap --clear-uart=true {firmware}"
diff --git a/sw/device/silicon_creator/lib/ownership/datatypes.h b/sw/device/silicon_creator/lib/ownership/datatypes.h
index e661c5635e741..e18d4c1c4b5a5 100644
--- a/sw/device/silicon_creator/lib/ownership/datatypes.h
+++ b/sw/device/silicon_creator/lib/ownership/datatypes.h
@@ -182,6 +182,15 @@ OT_ASSERT_MEMBER_OFFSET(owner_application_key_t, usage_constraint, 44);
 OT_ASSERT_MEMBER_OFFSET(owner_application_key_t, data, 48);
 OT_ASSERT_SIZE(owner_application_key_t, 464);
 
+enum {
+  kTlvLenApplicationKeyRsa =
+      offsetof(owner_application_key_t, data) + sizeof(sigverify_rsa_key_t),
+  kTlvLenApplicationKeySpx =
+      offsetof(owner_application_key_t, data) + sizeof(sigverify_spx_key_t),
+  kTlvLenApplicationKeyEcdsa =
+      offsetof(owner_application_key_t, data) + sizeof(ecdsa_p256_public_key_t),
+};
+
 // clang-format off
 /**
  * Bitfields for the `access` word of flash region configs.
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD b/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD
index 34a88196e4964..f8dd52bde35d8 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD
+++ b/sw/device/silicon_creator/lib/ownership/keys/dummy/BUILD
@@ -1,6 +1,7 @@
 # Copyright lowRISC contributors (OpenTitan project).
 # Licensed under the Apache License, Version 2.0, see LICENSE for details.
 # SPDX-License-Identifier: Apache-2.0
+load("//rules/opentitan:keyutils.bzl", "key_ecdsa")
 
 package(default_visibility = ["//visibility:public"])
 
@@ -25,11 +26,15 @@ filegroup(
 )
 
 filegroup(
-    name = "app_prod",
-    srcs = ["app_prod_rsa_3072_exp_f4.der"],
+    name = "app_prod_ecdsa_pub",
+    srcs = ["app_prod_ecdsa_p256.pub.der"],
 )
 
-filegroup(
-    name = "app_prod_pub",
-    srcs = ["app_prod_rsa_3072_exp_f4.pub.der"],
+key_ecdsa(
+    name = "app_prod_ecdsa",
+    config = "EcdsaP256",
+    method = "local",
+    private_key = "app_prod_ecdsa_p256.der",
+    pub_key = "app_prod_ecdsa_p256.pub.der",
+    type = "ProdKey",
 )
diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.der
new file mode 100644
index 0000000000000000000000000000000000000000..1885983789b93f288a6e8fa9b1fbd267a9e8b9bc
GIT binary patch
literal 138
zcmV;50CoQ`frkPC05B5<2P%e0&OHJF1_&yKNX|V20S5$aFlzz<0R$kQz3-t2wsPLV
zqAr^Y(wJ=t8N366BbNkotochl!fzI#L<2$q1buyyW=nK4MTk!52}hg<+<rC76*~4M
sRf~46%;IF0ZA1N`%?V^JAoz^W1VkG2Cj-x#mvcwCnQbtg>E~+>?0pP1jQ{`u

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.pub.der b/sw/device/silicon_creator/lib/ownership/keys/dummy/app_prod_ecdsa_p256.pub.der
new file mode 100644
index 0000000000000000000000000000000000000000..419aa55e08185d82a4ef6fb42b4cd4259153dea7
GIT binary patch
literal 91
zcmXqrG!SNE*J|@PXUoLM#sOw9GqN)~F|gFuPD=AGF?Q|nd%@{Ghy6~S>1k1`Z>pi)
uW$Vs7N|~1H{CDA5&J<mRA3f(;T%^9JGoPO|z1V%{%v^)HFP~@gy#WALgd?&5

literal 0
HcmV?d00001

diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
index 4f768598cf75e..02060a68d6b9b 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/BUILD
@@ -12,11 +12,8 @@ cc_library(
     hdrs = [
         "activate_ecdsa_p256.h",
         "app_dev_ecdsa_p256.h",
-        "app_dev_key_rsa_3072_exp_f4.h",
         "app_prod_ecdsa_p256.h",
-        "app_prod_key_rsa_3072_exp_f4.h",
         "app_test_ecdsa_p256.h",
-        "app_test_key_rsa_3072_exp_f4.h",
         "owner_ecdsa_p256.h",
         "unlock_ecdsa_p256.h",
     ],
@@ -62,13 +59,23 @@ filegroup(
 )
 
 filegroup(
-    name = "app_prod",
-    srcs = ["app_prod_key_rsa_3072_exp_f4.der"],
+    name = "app_ecdsa_prod",
+    srcs = ["app_prod_ecdsa_p256.der"],
 )
 
 filegroup(
-    name = "app_prod_pub",
-    srcs = ["app_prod_key_rsa_3072_exp_f4.pub.der"],
+    name = "app_prod_ecdsa_pub",
+    srcs = ["app_prod_ecdsa_p256.pub.der"],
+)
+
+filegroup(
+    name = "app_dev",
+    srcs = ["app_dev_ecdsa_p256.der"],
+)
+
+filegroup(
+    name = "app_dev_pub",
+    srcs = ["app_dev_ecdsa_p256.pub.der"],
 )
 
 key_ecdsa(
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
index e644ad1075a5b..d5e65463e780d 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h
@@ -5,11 +5,12 @@
 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
 
-#define APP_DEV_ECDSA_P256                                                  \
-  {                                                                         \
-    0xddd43a0c, 0x622265ee, 0xae5b66d4, 0x94c06bca, 0x310493ae, 0x4ef6f61e, \
-        0x7581813f, 0xac7b2ff9, 0xc5aa3b52, 0x07db1c51, 0x905148dc,         \
-        0xe5c458de, 0xebccfe4b, 0x317e5744, 0x863e76fd, 0xa08f1a90,         \
+#define APP_DEV_ECDSA_P256                                 \
+  {                                                        \
+    .x = {0xddd43a0c, 0x622265ee, 0xae5b66d4, 0x94c06bca,  \
+          0x310493ae, 0x4ef6f61e, 0x7581813f, 0xac7b2ff9}, \
+    .y = {0xc5aa3b52, 0x07db1c51, 0x905148dc, 0xe5c458de,  \
+          0xebccfe4b, 0x317e5744, 0x863e76fd, 0xa08f1a90}, \
   }
 
 #endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_DEV_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
index 6bb52decc3c74..7533b3e2bf67c 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h
@@ -5,11 +5,12 @@
 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
 
-#define APP_PROD_ECDSA_P256                                                 \
-  {                                                                         \
-    0x265b676b, 0x656df11f, 0xe7268c24, 0xf7682b71, 0x1a5407bc, 0x60d64f8b, \
-        0x0df3f0ea, 0x32de82c0, 0x248107b0, 0xdddf1364, 0xa99b1d58,         \
-        0x35897333, 0x661324da, 0x4ad9cfd4, 0xac55ca48, 0x47d456f4,         \
+#define APP_PROD_ECDSA_P256                                \
+  {                                                        \
+    .x = {0x265b676b, 0x656df11f, 0xe7268c24, 0xf7682b71,  \
+          0x1a5407bc, 0x60d64f8b, 0x0df3f0ea, 0x32de82c0}, \
+    .y = {0x248107b0, 0xdddf1364, 0xa99b1d58, 0x35897333,  \
+          0x661324da, 0x4ad9cfd4, 0xac55ca48, 0x47d456f4}, \
   }
 
 #endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_PROD_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
index ed382286df377..cd418ed0581ff 100644
--- a/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
+++ b/sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h
@@ -5,11 +5,12 @@
 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
 
-#define APP_TEST_ECDSA_P256                                                 \
-  {                                                                         \
-    0xced1f3c1, 0x8f31432e, 0x3bd9cc77, 0xb53f37f1, 0xd2eb4cdd, 0xeb3e0bf4, \
-        0xed753db5, 0xdfcbc369, 0x230c28c5, 0xfd36977b, 0xe0a93eb8,         \
-        0x1c80d1b9, 0xbf7782d9, 0x0d3d6d7c, 0xaf133a0e, 0xefd36de6,         \
+#define APP_TEST_ECDSA_P256                                \
+  {                                                        \
+    .x = {0xced1f3c1, 0x8f31432e, 0x3bd9cc77, 0xb53f37f1,  \
+          0xd2eb4cdd, 0xeb3e0bf4, 0xed753db5, 0xdfcbc369}, \
+    .y = {0x230c28c5, 0xfd36977b, 0xe0a93eb8, 0x1c80d1b9,  \
+          0xbf7782d9, 0x0d3d6d7c, 0xaf133a0e, 0xefd36de6}, \
   }
 
 #endif  // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_OWNERSHIP_KEYS_FAKE_APP_TEST_ECDSA_P256_H_
diff --git a/sw/device/silicon_creator/lib/ownership/test_owner.c b/sw/device/silicon_creator/lib/ownership/test_owner.c
index 62a20af64f708..0fcbd0ed5a362 100644
--- a/sw/device/silicon_creator/lib/ownership/test_owner.c
+++ b/sw/device/silicon_creator/lib/ownership/test_owner.c
@@ -8,9 +8,9 @@
 #include "sw/device/silicon_creator/lib/drivers/flash_ctrl.h"
 #include "sw/device/silicon_creator/lib/error.h"
 #include "sw/device/silicon_creator/lib/ownership/keys/fake/activate_ecdsa_p256.h"
-#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_key_rsa_3072_exp_f4.h"
-#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_key_rsa_3072_exp_f4.h"
-#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_test_key_rsa_3072_exp_f4.h"
+#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_dev_ecdsa_p256.h"
+#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_prod_ecdsa_p256.h"
+#include "sw/device/silicon_creator/lib/ownership/keys/fake/app_test_ecdsa_p256.h"
 #include "sw/device/silicon_creator/lib/ownership/keys/fake/owner_ecdsa_p256.h"
 #include "sw/device/silicon_creator/lib/ownership/keys/fake/unlock_ecdsa_p256.h"
 #include "sw/device/silicon_creator/lib/ownership/owner_block.h"
@@ -36,59 +36,63 @@ rom_error_t test_owner_init(boot_data_t *bootdata, owner_config_t *config,
   owner_page[0].activate_key = (owner_key_t){ACTIVATE_ECDSA_P256};
   owner_page[0].unlock_key = (owner_key_t){UNLOCK_ECDSA_P256};
 
-  // Fill the data segment with the end tag (0x5a5a5a5a).
-  memset(owner_page[0].data, 0x5a, sizeof(owner_page[0].data));
-
-  // TODO: we're temporarily using RSA keys.
-  // We'll change these to ECDSA keys after the ECDSA changes from
-  // master are merged.
   owner_application_key_t *app = (owner_application_key_t *)owner_page[0].data;
-  app[0] = (owner_application_key_t){
+  *app = (owner_application_key_t){
       .header =
           {
               .tag = kTlvTagApplicationKey,
-              .length = sizeof(owner_application_key_t),
+              .length = kTlvLenApplicationKeyEcdsa,
           },
-      .key_alg = kOwnershipKeyAlgRsa,
+      .key_alg = kOwnershipKeyAlgEcdsaP256,
       .key_domain = kOwnerAppDomainTest,
       .key_diversifier = {0},
       .usage_constraint = 0,
       .data =
           {
-              .rsa = APP_TEST_KEY_RSA_3072_EXP_F4,
+              .ecdsa = APP_TEST_ECDSA_P256,
           },
   };
-  app[1] = (owner_application_key_t){
+
+  app = (owner_application_key_t *)((uintptr_t)app + app->header.length);
+  *app = (owner_application_key_t){
       .header =
           {
               .tag = kTlvTagApplicationKey,
-              .length = sizeof(owner_application_key_t),
+              .length = kTlvLenApplicationKeyEcdsa,
           },
-      .key_alg = kOwnershipKeyAlgRsa,
+      .key_alg = kOwnershipKeyAlgEcdsaP256,
       .key_domain = kOwnerAppDomainDev,
       .key_diversifier = {0},
       .usage_constraint = 0,
       .data =
           {
-              .rsa = APP_DEV_KEY_RSA_3072_EXP_F4,
+              .ecdsa = APP_DEV_ECDSA_P256,
           },
   };
-  app[2] = (owner_application_key_t){
+
+  app = (owner_application_key_t *)((uintptr_t)app + app->header.length);
+  *app = (owner_application_key_t){
       .header =
           {
               .tag = kTlvTagApplicationKey,
-              .length = sizeof(owner_application_key_t),
+              .length = kTlvLenApplicationKeyEcdsa,
           },
-      .key_alg = kOwnershipKeyAlgRsa,
+      .key_alg = kOwnershipKeyAlgEcdsaP256,
       .key_domain = kOwnerAppDomainProd,
       .key_diversifier = {0},
       .usage_constraint = 0,
       .data =
           {
-              .rsa = APP_PROD_KEY_RSA_3072_EXP_F4,
+              .ecdsa = APP_PROD_ECDSA_P256,
           },
   };
 
+  // Fill the remainder of the data segment with the end tag (0x5a5a5a5a).
+  app = (owner_application_key_t *)((uintptr_t)app + app->header.length);
+  size_t len = (uintptr_t)(owner_page[0].data + sizeof(owner_page[0].data)) -
+               (uintptr_t)app;
+  memset(app, 0x5a, len);
+
   ownership_page_seal(/*page=*/0);
 
   RETURN_IF_ERROR(owner_block_parse(&owner_page[0], config, keyring));
diff --git a/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD b/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD
index 17f22244a4372..6e42d199af85a 100644
--- a/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD
+++ b/sw/device/silicon_creator/rom_ext/e2e/ownership/BUILD
@@ -24,12 +24,12 @@ opentitan_binary(
     name = "boot_test",
     testonly = True,
     srcs = ["//sw/device/silicon_creator/rom_ext/e2e/verified_boot:boot_test"],
+    ecdsa_key = {
+        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa": "app_prod",
+    },
     exec_env = {
         "//hw/top_earlgrey:fpga_cw310_rom_ext": None,
     },
-    rsa_key = {
-        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
-    },
     deps = [
         "//sw/device/lib/base:status",
         "//sw/device/lib/testing/test_framework:ottf_main",
@@ -42,12 +42,12 @@ opentitan_binary(
     name = "flash_regions",
     testonly = True,
     srcs = ["flash_regions.c"],
+    ecdsa_key = {
+        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa": "app_prod",
+    },
     exec_env = {
         "//hw/top_earlgrey:fpga_cw310_rom_ext": None,
     },
-    rsa_key = {
-        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
-    },
     deps = [
         "//hw/top_earlgrey/sw/autogen:top_earlgrey",
         "//sw/device/lib/base:status",
@@ -59,6 +59,7 @@ opentitan_binary(
 # rom_ext_e2e_testplan.hjson%rom_ext_e2e_transfer_any_test
 ownership_transfer_test(
     name = "transfer_any_test",
+    ecdsa_key = {"//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa": "app_prod"},
     fpga = fpga_params(
         changes_otp = True,
         test_cmd = """
@@ -69,13 +70,10 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
     ),
-    rsa_key = {
-        "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
-    },
     deps = [
         "//sw/device/lib/base:status",
         "//sw/device/lib/testing/test_framework:ottf_main",
@@ -98,7 +96,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --expected-error=OwnershipInvalidSignature
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
@@ -120,7 +118,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --expected-error=OwnershipInvalidSignature
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
@@ -140,7 +138,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --config-kind=corrupt
             --dual-owner-boot-check=false
             --expected-error=OwnershipInvalidInfoPage
@@ -164,7 +162,7 @@ ownership_transfer_test(
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
             # NOTE: We use the wrong app key (fake instead of dummy) to test that we cannot boot
             # the test program after completing the transfer.
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa_pub)
             --expected-error=OwnershipKeyNotFound
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
@@ -185,7 +183,7 @@ ownership_transfer_test(
             --next-owner-key-pub=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key_pub)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
     ),
@@ -206,7 +204,7 @@ ownership_transfer_test(
             --next-owner-key-pub=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:owner_key_pub)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --dual-owner-boot-check=false
             --expected-error=OwnershipInvalidInfoPage
         """,
@@ -229,7 +227,7 @@ ownership_transfer_test(
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:activate_key)
             # NOTE: We rotate the `fake` test owner's application key to the dummy key to test that
             #       we can execute code with the new key.
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
     ),
@@ -239,6 +237,9 @@ ownership_transfer_test(
 # Part 1: Ensure a LockedUpdate with a new owner key is rejected.
 ownership_transfer_test(
     name = "bad_locked_update_test",
+    ecdsa_key = {
+        "//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "app_prod",
+    },
     fpga = fpga_params(
         changes_otp = True,
         test_cmd = """
@@ -250,15 +251,12 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa_pub)
             --dual-owner-boot-check=false
             --expected-error=OwnershipInvalidInfoPage
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
     ),
-    rsa_key = {
-        "//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod": "app_prod",
-    },
 )
 
 # rom_ext_e2e_testplan.hjson%rom_ext_e2e_bad_locked_update_test
@@ -279,7 +277,7 @@ ownership_transfer_test(
             #       uses for signing) to check that owner code execution is denied in the intermediate
             #       dual-owner state.
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --expected-error=OwnershipKeyNotFound
         """,
         test_harness = "//sw/host/tests/ownership:transfer_test",
@@ -303,7 +301,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
         """,
         test_harness = "//sw/host/tests/ownership:rescue_limit_test",
     ),
@@ -331,7 +329,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
         """,
         test_harness = "//sw/host/tests/ownership:rescue_permission_test",
     ),
@@ -355,7 +353,7 @@ ownership_transfer_test(
             --next-owner-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key)
             --next-unlock-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key)
             --next-activate-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key)
-            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub)
+            --next-application-key=$(location //sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub)
             --config-kind=with-flash-locked
             --rescue-after-activate={flash_regions}
         """,
diff --git a/sw/device/silicon_creator/rom_ext/e2e/ownership/defs.bzl b/sw/device/silicon_creator/rom_ext/e2e/ownership/defs.bzl
index 37a4cba8aa1fe..63c867f53aa0b 100644
--- a/sw/device/silicon_creator/rom_ext/e2e/ownership/defs.bzl
+++ b/sw/device/silicon_creator/rom_ext/e2e/ownership/defs.bzl
@@ -13,12 +13,12 @@ def ownership_transfer_test(
         exec_env = {
             "//hw/top_earlgrey:fpga_hyper310_rom_ext": None,
         },
-        rsa_key = {
-            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod": "app_prod",
+        ecdsa_key = {
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa": "app_prod",
         },
         data = [
             "//sw/device/silicon_creator/lib/ownership/keys/dummy:activate_key",
-            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_pub",
+            "//sw/device/silicon_creator/lib/ownership/keys/dummy:app_prod_ecdsa_pub",
             "//sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key",
             "//sw/device/silicon_creator/lib/ownership/keys/dummy:owner_key_pub",
             "//sw/device/silicon_creator/lib/ownership/keys/dummy:unlock_key",
@@ -26,7 +26,7 @@ def ownership_transfer_test(
             "//sw/device/silicon_creator/lib/ownership/keys/fake:activate_key",
             "//sw/device/silicon_creator/lib/ownership/keys/fake:owner_key",
             "//sw/device/silicon_creator/lib/ownership/keys/fake:owner_key_pub",
-            "//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_pub",
+            "//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa_pub",
         ],
         deps = [
             "//sw/device/lib/base:status",
@@ -39,7 +39,7 @@ def ownership_transfer_test(
         name = name,
         srcs = srcs,
         exec_env = exec_env,
-        rsa_key = rsa_key,
+        ecdsa_key = ecdsa_key,
         data = data,
         deps = deps,
         **kwargs
diff --git a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
index bb69b14a06d69..26fd251640241 100644
--- a/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
+++ b/sw/device/silicon_creator/rom_ext/e2e/verified_boot/BUILD
@@ -4,6 +4,7 @@
 
 load(
     "//rules/opentitan:defs.bzl",
+    "CLEAR_KEY_SET",
     "DEFAULT_TEST_FAILURE_MSG",
     "DEFAULT_TEST_SUCCESS_MSG",
     "EARLGREY_TEST_ENVS",
@@ -208,23 +209,23 @@ opentitan_test(
 )
 
 _KEYS = {
-    "prod": {
-        "key": {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_prod_private_key_0": "prod_key_0"},
+    "dev": {
+        "key": {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_dev_ecdsa": "dev_key_0"},
         "exit_success": DEFAULT_TEST_SUCCESS_MSG,
         "exit_failure": DEFAULT_TEST_FAILURE_MSG,
     },
-    "test": {
-        "key": {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_test_private_key_0": "test_key_0"},
+    "prod": {
+        "key": {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_prod_ecdsa": "prod_key_0"},
         "exit_success": DEFAULT_TEST_SUCCESS_MSG,
         "exit_failure": DEFAULT_TEST_FAILURE_MSG,
     },
-    "dev": {
-        "key": {"//sw/device/silicon_creator/rom_ext/keys/fake:rom_ext_dev_private_key_0": "dev_key_0"},
+    "test": {
+        "key": {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_test_ecdsa": "test_key_0"},
         "exit_success": DEFAULT_TEST_SUCCESS_MSG,
         "exit_failure": DEFAULT_TEST_FAILURE_MSG,
     },
     "unauthorized": {
-        "key": {"//sw/device/silicon_creator/rom/keys/unauthorized/rsa:unauthorized_private_key_0": "unauthorized_key_0"},
+        "key": {"//sw/device/silicon_creator/lib/ownership/keys/fake:app_unauthorized_ecdsa": "unauthorized_key_0"},
         "exit_success": DEFAULT_TEST_FAILURE_MSG,
         "exit_failure": DEFAULT_TEST_SUCCESS_MSG,
     },
@@ -234,6 +235,7 @@ _KEYS = {
     opentitan_test(
         name = "key_{}".format(name),
         srcs = [":boot_test"],
+        ecdsa_key = keyinfo["key"],
         exec_env = {
             "//hw/top_earlgrey:fpga_cw340_rom_ext": None,
             "//hw/top_earlgrey:fpga_hyper310_rom_ext": None,
@@ -242,7 +244,6 @@ _KEYS = {
             exit_failure = keyinfo["exit_failure"],
             exit_success = keyinfo["exit_success"],
         ),
-        rsa_key = keyinfo["key"],
         deps = [
             "//sw/device/lib/base:status",
             "//sw/device/lib/testing/test_framework:ottf_main",
diff --git a/sw/device/silicon_creator/rom_ext/rom_ext.c b/sw/device/silicon_creator/rom_ext/rom_ext.c
index 26e8f6e986e45..d0b55c3daf2c4 100644
--- a/sw/device/silicon_creator/rom_ext/rom_ext.c
+++ b/sw/device/silicon_creator/rom_ext/rom_ext.c
@@ -193,9 +193,10 @@ static rom_error_t rom_ext_verify(const manifest_t *manifest,
                                   const boot_data_t *boot_data) {
   RETURN_IF_ERROR(rom_ext_boot_policy_manifest_check(manifest, boot_data));
   size_t kindex = 0;
+  ownership_key_alg_t key_alg = kOwnershipKeyAlgEcdsaP256;
   RETURN_IF_ERROR(owner_keyring_find_key(
-      &keyring, kOwnershipKeyAlgRsa,
-      sigverify_rsa_key_id_get(&manifest->rsa_modulus), &kindex));
+      &keyring, key_alg,
+      sigverify_ecdsa_p256_key_id_get(&manifest->ecdsa_public_key), &kindex));
 
   dbg_printf("app_verify: key=%u alg=%C domain=%C\r\n", kindex,
              keyring.key[kindex]->key_alg, keyring.key[kindex]->key_domain);
@@ -226,9 +227,9 @@ static rom_error_t rom_ext_verify(const manifest_t *manifest,
   memcpy(&boot_measurements.bl0, &act_digest, sizeof(boot_measurements.bl0));
 
   uint32_t flash_exec = 0;
-  return sigverify_rsa_verify(&manifest->rsa_signature,
-                              &keyring.key[kindex]->data.rsa, &act_digest,
-                              lc_state, &flash_exec);
+  return sigverify_ecdsa_p256_verify(&manifest->ecdsa_signature,
+                                     &keyring.key[kindex]->data.ecdsa,
+                                     &act_digest, &flash_exec);
 }
 
 /**
@@ -570,6 +571,12 @@ static rom_error_t rom_ext_start(boot_data_t *boot_data, boot_log_t *boot_log) {
   if (error == kErrorWriteBootdataThenReboot) {
     return error;
   }
+  // TODO(cfrantz): evaluate permissible ownership init failure conditions
+  // and change this to HARDENED_RETURN_IF_ERROR.
+  if (error == kErrorOk) {
+    dbg_printf("ownership_init: %x\r\n", error);
+  }
+
   // Configure SRAM execution as the owner requested.
   rom_ext_sram_exec(owner_config.sram_exec);
 
diff --git a/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c b/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c
index 3746b5b74d745..b399bc923a07e 100644
--- a/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c
+++ b/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c
@@ -32,8 +32,8 @@ rom_ext_boot_policy_manifests_t rom_ext_boot_policy_manifests_get(
 // TODO(#21204): Refactor to use `manifest_check` from `lib/manifest.h`.
 OT_WARN_UNUSED_RESULT
 static inline rom_error_t manifest_check_rom_ext(const manifest_t *manifest) {
-  // Major version must be `kManifestVersionMajor1`.
-  if (manifest->manifest_version.major != kManifestVersionMajor1) {
+  // Major version must be `kManifestVersionMajor2`.
+  if (manifest->manifest_version.major != kManifestVersionMajor2) {
     return kErrorManifestBadVersionMajor;
   }
 
diff --git a/sw/host/opentitanlib/src/image/image.rs b/sw/host/opentitanlib/src/image/image.rs
index 180d68d36c0b5..f6544e6db812a 100644
--- a/sw/host/opentitanlib/src/image/image.rs
+++ b/sw/host/opentitanlib/src/image/image.rs
@@ -404,13 +404,24 @@ impl Image {
 
         // TODO(moidx): Remove check once we have migrated away from RSA keys
         // and start using a key type field in the manifest.
-        ensure!(
-            manifest.manifest_version.major == CHIP_MANIFEST_VERSION_MAJOR2,
-            ImageError::InvalidManifestVersionforEcdsa(
-                manifest.manifest_version.major,
-                CHIP_MANIFEST_VERSION_MAJOR2
-            )
-        );
+        //
+        // Note(cfrantz): I have disabled this error return because we want to test
+        // manifests with bad version numbers.  I've replaced the error return with
+        // a log message.  As stated by moidx@, we'll remove this once we've
+        // completely migrated away from RSA keys.
+        // ensure!(
+        //     manifest.manifest_version.major == CHIP_MANIFEST_VERSION_MAJOR2,
+        //     ImageError::InvalidManifestVersionforEcdsa(
+        //         manifest.manifest_version.major,
+        //         CHIP_MANIFEST_VERSION_MAJOR2
+        //     )
+        // );
+        if manifest.manifest_version.major != CHIP_MANIFEST_VERSION_MAJOR2 {
+            log::error!(
+                "Invalid manifest version for ECDSA: {:?}",
+                manifest.manifest_version
+            );
+        }
 
         let mut manifest_def: ManifestSpec = (&*manifest).try_into()?;
 
@@ -472,8 +483,9 @@ impl Image {
         // key type.
         // TODO(moidx): Replace this with a key type field in the manifest once
         // support for RSA keys is removed.
-        manifest.manifest_version.major = CHIP_MANIFEST_VERSION_MAJOR2;
-        manifest.manifest_version.minor = CHIP_MANIFEST_VERSION_MINOR1;
+        if manifest.manifest_version.major == CHIP_MANIFEST_VERSION_MAJOR1 {
+            manifest.manifest_version.major = CHIP_MANIFEST_VERSION_MAJOR2;
+        }
         Ok(())
     }
 
diff --git a/sw/host/tests/ownership/flash_permission_test.rs b/sw/host/tests/ownership/flash_permission_test.rs
index be67d5d6c9be7..4c739127b3586 100644
--- a/sw/host/tests/ownership/flash_permission_test.rs
+++ b/sw/host/tests/ownership/flash_permission_test.rs
@@ -37,7 +37,7 @@ struct Opts {
     next_activate_key: PathBuf,
     #[arg(long, help = "Next Owner unlock private key (ECDSA P256)")]
     next_unlock_key: PathBuf,
-    #[arg(long, help = "Next Owner's application public key (RSA3K)")]
+    #[arg(long, help = "Next Owner's application public key (ECDSA P256)")]
     next_application_key: PathBuf,
 
     #[arg(
@@ -220,7 +220,7 @@ fn flash_permission_test(opts: &Opts, transport: &TransportWrapper) -> Result<()
         opts.timeout,
     )?;
     if capture[0].starts_with("BFV") {
-        return RomError(u32::from_str_radix(&capture[3], 16)?).into();
+        return RomError(u32::from_str_radix(&capture[2], 16)?).into();
     }
     let region = FlashRegion::find_all(&capture[1])?;
     // Flash SideA is the primary side and has protect_when_primary = true.
diff --git a/sw/host/tests/ownership/rescue_limit_test.rs b/sw/host/tests/ownership/rescue_limit_test.rs
index 728e6d569f375..82a26197857a6 100644
--- a/sw/host/tests/ownership/rescue_limit_test.rs
+++ b/sw/host/tests/ownership/rescue_limit_test.rs
@@ -37,7 +37,7 @@ struct Opts {
     next_activate_key: PathBuf,
     #[arg(long, help = "Next Owner unlock private key (ECDSA P256)")]
     next_unlock_key: PathBuf,
-    #[arg(long, help = "Next Owner's application public key (RSA3K)")]
+    #[arg(long, help = "Next Owner's application public key (ECDSA P256)")]
     next_application_key: PathBuf,
 
     #[arg(
diff --git a/sw/host/tests/ownership/rescue_permission_test.rs b/sw/host/tests/ownership/rescue_permission_test.rs
index 3f6f3234fafd4..94550e5cefdaf 100644
--- a/sw/host/tests/ownership/rescue_permission_test.rs
+++ b/sw/host/tests/ownership/rescue_permission_test.rs
@@ -35,7 +35,7 @@ struct Opts {
     next_activate_key: PathBuf,
     #[arg(long, help = "Next Owner unlock private key (ECDSA P256)")]
     next_unlock_key: PathBuf,
-    #[arg(long, help = "Next Owner's application public key (RSA3K)")]
+    #[arg(long, help = "Next Owner's application public key (ECDSA P256)")]
     next_application_key: PathBuf,
 
     #[arg(
diff --git a/sw/host/tests/ownership/transfer_lib.rs b/sw/host/tests/ownership/transfer_lib.rs
index 58b1b9c5baa61..743549117e0ce 100644
--- a/sw/host/tests/ownership/transfer_lib.rs
+++ b/sw/host/tests/ownership/transfer_lib.rs
@@ -9,8 +9,7 @@ use opentitanlib::app::TransportWrapper;
 use opentitanlib::chip::boot_log::BootLog;
 use opentitanlib::chip::boot_svc::{Message, UnlockMode};
 use opentitanlib::chip::helper::{OwnershipActivateParams, OwnershipUnlockParams};
-use opentitanlib::crypto::ecdsa::EcdsaPrivateKey;
-use opentitanlib::crypto::rsa::RsaPublicKey;
+use opentitanlib::crypto::ecdsa::{EcdsaPrivateKey, EcdsaPublicKey};
 use opentitanlib::ownership::{
     ApplicationKeyDomain, CommandTag, FlashFlags, KeyMaterial, OwnerApplicationKey, OwnerBlock,
     OwnerConfigItem, OwnerFlashConfig, OwnerFlashRegion, OwnerRescueConfig, OwnershipKeyAlg,
@@ -174,15 +173,15 @@ pub fn create_owner(
     let owner_key = EcdsaPrivateKey::load(owner_key)?;
     let activate_key = EcdsaPrivateKey::load(activate_key)?;
     let unlock_key = EcdsaPrivateKey::load(unlock_key)?;
-    let app_key = RsaPublicKey::from_pkcs1_der_file(app_key)?;
+    let app_key = EcdsaPublicKey::load(app_key)?;
     let mut owner = OwnerBlock {
         owner_key: KeyMaterial::Ecdsa(owner_key.public_key().try_into()?),
         activate_key: KeyMaterial::Ecdsa(activate_key.public_key().try_into()?),
         unlock_key: KeyMaterial::Ecdsa(unlock_key.public_key().try_into()?),
         data: vec![OwnerConfigItem::ApplicationKey(OwnerApplicationKey {
-            key_alg: OwnershipKeyAlg::Rsa,
+            key_alg: OwnershipKeyAlg::EcdsaP256,
             key_domain: ApplicationKeyDomain::Prod,
-            key: KeyMaterial::Rsa(app_key.try_into()?),
+            key: KeyMaterial::Ecdsa(app_key.try_into()?),
             ..Default::default()
         })],
         ..Default::default()
diff --git a/sw/host/tests/ownership/transfer_test.rs b/sw/host/tests/ownership/transfer_test.rs
index 2c5554ebef8c3..7da23e3b5550b 100644
--- a/sw/host/tests/ownership/transfer_test.rs
+++ b/sw/host/tests/ownership/transfer_test.rs
@@ -37,7 +37,7 @@ struct Opts {
     next_activate_key: PathBuf,
     #[arg(long, help = "Next Owner unlock private key (ECDSA P256)")]
     next_unlock_key: PathBuf,
-    #[arg(long, help = "Next Owner's application public key (RSA3K)")]
+    #[arg(long, help = "Next Owner's application public key (ECDSA P256)")]
     next_application_key: PathBuf,
 
     #[arg(