search

chipsalliance / Caliptra

Caliptra IP and firmware for integrated Root of Trust block
Apache License 2.0
118 stars 29 forks source link

Add evidence being reported #57

Closed varuns-nvidia closed 11 months ago

varuns-nvidia commented 1 year ago

Example of evidence so far, but is incomplete. Will likely want to do broad strokes in the main spec and then details in the ROM and Runtime specs.

Component | Type | Evidence | Measurer | Evidence Reporting | Measurement Reporting | Validity Period -- | -- | -- | -- | -- | -- | -- Caliptra | Hardware State | Lifecycle state | Caliptra ROM | FMC.DiceTcbInfo.OperationalFlags | PCR0 & PCR1 | Until next Power-Good   |   | Debug lock state | Caliptra ROM | FMC.DiceTcbInfo.OperationalFlags | PCR0 & PCR1 | Until next Power-Good   | ROM Policy Enforcement | Anti-rollback-disable state | Caliptra ROM | FMC.DiceTcbInfo.OperationalFlags | PCR0 & PCR1 | Until next Power-Good   |   | Vendor pub key hash | Caliptra ROM | FMC.DiceTcbInfo.FWID | PCR0 & PCR1 | Until next Power-Good   |   | Owner pub key hash | Caliptra ROM | FMC.DiceTcbInfo.FWID | PCR0 & PCR1 | Until next Power-Good   |   | Vendor ECC pub key idx | Caliptra ROM | FMC.DiceTcbInfo.FWID | PCR0 & PCR1 | Until next Power-Good   |   | Min SVN | Caliptra ROM | FMC.DiceTcbInfo.Svn | PCR0 & PCR1 | Until next Power-Good   | Running Firmware | FMC hash | Caliptra ROM | FMC.DiceTcbInfo.FWID | PCR0 & PCR1 | Until next Power-Good   |   | SVN | Caliptra ROM | FMC.DiceTcbInfo.Svn | PCR0 & PCR1 | Until next Power-Good   |   | RT hash | Caliptra FMC | RT.DiceTcbInfo.FWID.JourneyRT.DiceTcbInfo.FWID.CurrentRTU Event Log |   | Until next RT Update SoC Manager | Hardware State | ROM patches | SoC Manager ROM |   |   | Until next Power-Good   | ROM Policy Enforcement |   | SoC Manager ROM |   |   | Until next Power-Good   | Running Firmware | SoC Manager FMC hash | SoC Manager ROM |   |   | Until next Power-Good   |   | SoC Manager RT hash | SoC Manager FMC |   |   | Until next RT hitless update SoC Application CPUs | Running Firmware | Bootstrap hash | SoC Manager RT |   |   | Until next CPU reset   |   | App CPU firmware hash | Bootstrap |   |   | Until next CPU reset or App CPU firmware hitless update   |   | UEFI hash | App CPU firmware |   |   | Until next CPU reset or UEFI hitless update   |   | Realm manager hash | SoC Manager RT |   |   | Until next CPU reset or Realm manager hitless update Kirkland | Metadata | TPM identity pub key hash | UEFI |   | - | Until next CPU reset
andreslagarcavilla commented 1 year ago

Varun is there more work needed? Can we complete by 9/8 and then hand off to steph-morton, please.