You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Targeted Release: ROM 1.3
Impacted FW stages: ROM only
Background
If the CPTRA_DBG_MANUF_SERVICE_REGMFG_FLAG_GEN_IDEV_CSR bit is set, Caliptra ROM will generate/sign an IDevID CSR and write it to the mailbox. The SoC Manager must retrieve the CSR from the Caliptra mailbox before it can do anything else (e.g. call STASH_MEASUREMENT).
Proposal
The general expectation is that this flow is being done by SoC ROM. Instead of making SoC ROM deal with exporting the IDevID CSR, we should provide an option to retrieve the CSR at a later point. Proposal to achieve this:
If MFG_FLAG_GEN_IDEV_CSR is set, write IDevID CSR to temporary DCCM (can be cleared before ROM jumps to FMC)
Add ROM mailbox command to retrieve IDevID CSR
This allows SoC manager to retrieve the CSR at any point until it boots Caliptra mutable FW. Notably, it can stash measurements and load its mutable manufacturing fw which can deal with the CSR.
If CSR request bit was not set prior to ROM boot, this mailbox command will fail.
(Optional) Variation
There is a small change we could make where we persist the IDevID CSR in DCCM, add it's offset/size to the FHT, and add a mailbox command to RT to retrieve it. This is a bit more flexible and allows the SoC to retrieve the CSR at any time. But it seems unnecessary. If SoC manager is fetching/booting Caliptra firmware, surely it can handle storing the CSR somewhere.
The goal of this proposal is just to allow SoC ROM to be as simple as possible.
The text was updated successfully, but these errors were encountered:
I'm a fan of this proposal and the variation. Based on the recent discussions in OCP Security WG, CSRs are valuable for device users and not just device vendors. Allowing RT to retrieve IDevID CSR in a production lifecycle stage would be useful.
Targeted Release: ROM 1.3
Impacted FW stages: ROM only
Background
If the CPTRA_DBG_MANUF_SERVICE_REG
MFG_FLAG_GEN_IDEV_CSR
bit is set, Caliptra ROM will generate/sign an IDevID CSR and write it to the mailbox. The SoC Manager must retrieve the CSR from the Caliptra mailbox before it can do anything else (e.g. callSTASH_MEASUREMENT
).Proposal
The general expectation is that this flow is being done by SoC ROM. Instead of making SoC ROM deal with exporting the IDevID CSR, we should provide an option to retrieve the CSR at a later point. Proposal to achieve this:
MFG_FLAG_GEN_IDEV_CSR
is set, write IDevID CSR to temporary DCCM (can be cleared before ROM jumps to FMC)This allows SoC manager to retrieve the CSR at any point until it boots Caliptra mutable FW. Notably, it can stash measurements and load its mutable manufacturing fw which can deal with the CSR.
If CSR request bit was not set prior to ROM boot, this mailbox command will fail.
(Optional) Variation
There is a small change we could make where we persist the IDevID CSR in DCCM, add it's offset/size to the FHT, and add a mailbox command to RT to retrieve it. This is a bit more flexible and allows the SoC to retrieve the CSR at any time. But it seems unnecessary. If SoC manager is fetching/booting Caliptra firmware, surely it can handle storing the CSR somewhere.
The goal of this proposal is just to allow SoC ROM to be as simple as possible.
The text was updated successfully, but these errors were encountered: