sree-revoori1
commented
9 months ago I don't think this is possible. When I try to erase the FMC CDI or FMC priv key, I get an DRIVER_KV_ERASE_USE_LOCK_SET_FAILURE error as expected.
Closed jhand2 closed 8 months ago
sree-revoori1
commented
9 months ago I don't think this is possible. When I try to erase the FMC CDI or FMC priv key, I get an DRIVER_KV_ERASE_USE_LOCK_SET_FAILURE error as expected.
jhand2
commented
8 months ago Ok, makes sense. Closing.
During disable attestation we clear the RT alias key. Ideally we would also clear the FMC alias key, but since it is locked I don't know if this is possible.
Also, either we would need to repopulate the FMC CDI/privkey once we delete it (if possible) or make FMC tolerate the fact that it's not populated.
We should experiment on verlator and/or FPGA to see if this works.