search

chipsalliance / caliptra-sw

Caliptra software (ROM, FMC, runtime firmware), and libraries/tools needed to build and test
Apache License 2.0
53 stars 39 forks source link

Manifest Based Image Authorization #1571

Closed mhatrevi closed 1 month ago

mhatrevi commented 3 months ago

This change contains the Manifest based Image Authorization feature. Design document: https://docs.google.com/document/d/1BofLEAzeszgAGVcaEjTxM7tDxwIq9KhVXuqGUlrg1sc/edit#heading=h.z8ehugjyw5jp

nquarton commented 2 months ago

I think this also needs the commands documented in the runtime readme

mhatrevi commented 1 month ago

This is pretty hard to review as-is. Would you be able to split up this change as:

  1. RT spec change
  2. auth manifest tool
  3. Runtime commands for using auth manifest

I think these are all pretty independent of each other

Not sure how that reduces the complexity of the review. These changes are related to each other and IMO, should be in a single PR. For ease of code review, I would suggest the following order of folders to review:

  1. auth-manifest
  2. runtime
  3. Remaining folders
mhatrevi commented 1 month ago

Just 2 opens in previous comments (should dpe_result be added to AuthorizeAndStash response, can we add the command and response args to the RT readme?)

Added the commands to RT Readme. For the DPE result, deferring to John for guidance.

mhatrevi commented 1 month ago

This PR will be broken down into the following two tasks:

  1. Manifest tooling
  2. Runtime changes for image authorization.

Closing this PR as such.