Update Caliptra FMC_Alias / RT_Alias TCBInfo #579
Conversation
fdamato
requested review from
JohnTraverAmd,
bluegate010,
clundin25,
jhand2,
mhatrevi,
nquarton,
swenson and
zhalvorsen
| | | | [1] SHA384 digest of FMC | ||
|
|
||
| Caliptra does not generate an Alias<sub>FMC</sub> CSR. Owners that wish to endorse Alias<sub>FMC</sub> must do so with proprietary flows. | ||
| | | | Owner Public Key Hash |
There was a problem hiding this comment.
In 1.x, we included both the owner pub key hash from fuses and from the manifest (due to the fact this does not have to be fused). Should we be including both here?
There was a problem hiding this comment.
This measurement should only refer to the part state, so we shouldn`t capture what comes from the Manifest, which is endorsed by the Vendor/Owner key, whose digest is rooted in the fuse (which is captured here).
There was a problem hiding this comment.
I forgot about this piece of the manifest info. Are we going to still attest to both?
There was a problem hiding this comment.
For consistency with the conversation we had today, I would say let’s keep it for now. We’ll file a RFC to remove ‘non-fuse’ entries in a later release.
|
|
||
| Caliptra does not generate an Alias<sub>FMC</sub> CSR. Owners that wish to endorse Alias<sub>FMC</sub> must do so with proprietary flows. | ||
| | | | Owner Public Key Hash | ||
| | | | PK Index (ECC/LMS) |
There was a problem hiding this comment.
I think we decided today we would include this in the vendor info because it is the vendor key index
There was a problem hiding this comment.
You’re correct. It has to go in the vendor tcbinfo. I’ll fix this.
Details at: chipsalliance/caliptra-sw#2282