Fabrizio Damato
Fabrizio Damato
We need a test suite to verify the correctness of the whole DICE Certificate Chain: from IDevID to RtAlias. The suite will at minimum include the following: - [x] -...
The HW Model Release Documentation should define a list of recommended tests that the integrator should execute to validate the Caliptra RTL in the SOC environment. Those tests should be...
Currently the caliptra_top_regs.h provided by RTL source include a 0x3xxxxxxx offset which can`t be consumed directly by the IP. Libcaliptra should mask those component out, before calling apb_write/read APIs
Caliptra RT FW should provide more Context Handles available to the PL0 PAUSER DPE Client. Currently, the totla number of Handles are 24: 8 allocated to PL0, 16 allocated to...
By reviewing the DICE Certificate TCBInfo(s) came across a couple of "minor" issues: - FMC Alias Certificate Hardcodes Vendor to "Caliptra" -> Recommendation is to leave this field empty -...
Caliptra Runtime Firmware directly maps DPE Clients to their associated PAUSER value, which DPE interprets as their LOCALITY. Caliptra assigns LOCALITY 0xFFFF_FFFF for itself, and use it to attest to...
Caliptra DICE Certificates do not include required extensions to indicate the key usage (see TCG DICE Certificate Profile Spec). - LDEVID shall contain: - tcg-dice-kp-identityLoc (because it is a Local...
Body: Currently, the Caliptra ROM engine attests to both Owner and Vendor controlled fuse measurements into a single digest, which is reported as TCBInfo extension to the FMC_Alias certificate. This...
### Add Recursive Update Flag and API in `derive_context` for Caliptra 2.x **Description** Introduce a flag in `derive_context` to control recursive updates, allowing only parent or child contexts to perform...
# Enhance DPE TCBInfo to include Vendor/Model Information for RATS Compliance ## Problem Statement The current Caliptra DICE/DPE TCBInfo implementation lacks critical information required for proper environment disambiguation and RATS...