varuns-nvidia
commented
3 weeks ago Do you recommend changing this for 1.x or 2.0?
Open fdamato opened 3 weeks ago
varuns-nvidia
commented
3 weeks ago Do you recommend changing this for 1.x or 2.0?
fdamato
commented
3 weeks ago Unless anyone have any objections, I`d target this fix for 1.1.
varuns-nvidia
commented
3 weeks ago ROM changes are still open for 1.1?
JohnTraverAmd
commented
3 weeks ago A 1.1 ROM went out. Another will have to go out for a few minor fixes. So expect a 1.1.1.
fdamato
commented
5 days ago One further recommendation is to replace all the DICE Certificate Subject Name from "Caliptra 1.0 .... " to "Caliptra 1.x ....". Currently, both Caliptra 1.0 and Caliptra 1.1 releases show "Caliptra 1.0" in their subject name
nquarton
commented
5 days ago This should all be addressed in https://github.com/chipsalliance/caliptra-sw/pull/1725
FMC Alias Cert Before FMC Alias Cert After RT Alias Cert Before RT Alias Cert After
Note this also changes the subject name in IDEV and LDEV certs from "Caliptra 1.0" -> "Caliptra 1.x" as suggested. I did not dump those certs.
By reviewing the DICE Certificate TCBInfo(s) came across a couple of "minor" issues:
FMC Alias Certificate Hardcodes Vendor to "Caliptra" -> Recommendation is to leave this field empty
FMC Alias Certificate Hardcodes Model to "FMC" -> Recommendation is to leave this field empty, Field "Type" already contains this info
FMC Alias Certificate Flags is not properly formatted in the BIT STRING ASN1 type as per DICE Attestation Architecture Specification
RT Alias Certificate Hardcodes Vendor to "Caliptra" -> Recommendation is to leave this field empty
RT Alias Certificate Hardcodes Model to "RT" -> Recommendation is to leave this field empty, Field "Type" already contains this info