Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caliptra integrator requirements out-of-date #291

Closed
varuns-nvidia opened this issue Nov 10, 2023 · 5 comments
Closed

Caliptra integrator requirements out-of-date #291

varuns-nvidia opened this issue Nov 10, 2023 · 5 comments
Assignees
@varuns-nvidia
Labels
1.0 spec final docs documentation Improvements or additions to documentation

Comments

@varuns-nvidia
Copy link
Contributor

https:/chipsalliance/caliptra-rtl/blob/main/docs/CaliptraIntegrationSpecification.md#soc-integration-requirements
Has outdated items like CSR signing key.
Scrub against main spec to ensure all requirements are captured (IDevID certificate requirements is one example gap)
@varuns-nvidia varuns-nvidia self-assigned this Nov 10, 2023
@bharatpillilli
Copy link
Collaborator

There is an ongoing PR to add couple of rows for to that table and we will also remove the CSR signing key rows...what else HW integ requirements exist for IDevID?

@varuns-nvidia
Copy link
Contributor Author

The high-level problem is that the main spec doesn't explicitly call out requirements to integrators. Scrubbing through it, here's what I think we need to add here:

  1. Explicitly note what fuses need to be backed by physical fuses. For example, owner_pk_hash can come from flash instead, but field entropy threat model assumes fuse.
  2. Must program the IDevID certificate with fields defined per https:/chipsalliance/Caliptra/blob/main/doc/Caliptra.md#idevid-certificate
  3. Must use internal TRNG for production
  4. Add https:/chipsalliance/Caliptra/blob/main/doc/Caliptra.md#fuse-requirements
  5. Clarify the powergood reset intention with regard to firmware recovery flows

@bharatpillilli
Copy link
Collaborator

@varuns-nvidia - I think number#3 point above is a change in POR from what we have been stating. Not everyone has been conveying to us exactly how they intend to implement TRNG. I would rather say "suggest" than "must".

@varuns-nvidia
Copy link
Contributor Author

@varuns-nvidia - I think number#3 point above is a change in POR from what we have been stating. Not everyone has been conveying to us exactly how they intend to implement TRNG. I would rather say "suggest" than "must".

Fair, can interpret the change here as non-mandatory chipsalliance/Caliptra@52c7100

@FerralCoder FerralCoder added the documentation Improvements or additions to documentation label Dec 6, 2023
akash-singh-NV added a commit to akash-singh-NV/caliptra-rtl that referenced this issue Dec 18, 2023
@akash-singh-NV
Updated SOC Integration Requirements - chipsalliance#291
a993048
akash-singh-NV added a commit to akash-singh-NV/caliptra-rtl that referenced this issue Dec 18, 2023
@akash-singh-NV
Updated SOC Integration Requirements - chipsalliance#291
c163e4d
@akash-singh-NV akash-singh-NV mentioned this issue Dec 18, 2023
Merged
andreslagarcavilla pushed a commit that referenced this issue Jan 10, 2024
@akash-singh-NV
Updated HW Integration Requirements (#357)
532fed5 
* Updated SOC Integration Requirements - #291

* Updated SOC Integration Requirements - #291

* Addressed Editorial feedback for PR#357

* Addressed Editorial feedback for PR#357

* Replaced "Deobfuscation key" references with "Obfuscation key"
@andreslagarcavilla
Copy link
Collaborator

Is this bug resolved now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@varuns-nvidia varuns-nvidia

Labels
1.0 spec final docs documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andreslagarcavilla @bharatpillilli @FerralCoder @varuns-nvidia