Open fdamato opened 3 weeks ago
Do you recommend changing this for 1.x or 2.0?
Unless anyone have any objections, I`d target this fix for 1.1.
ROM changes are still open for 1.1?
A 1.1 ROM went out. Another will have to go out for a few minor fixes. So expect a 1.1.1.
One further recommendation is to replace all the DICE Certificate Subject Name from "Caliptra 1.0 .... " to "Caliptra 1.x ....". Currently, both Caliptra 1.0 and Caliptra 1.1 releases show "Caliptra 1.0" in their subject name
This should all be addressed in https://github.com/chipsalliance/caliptra-sw/pull/1725
FMC Alias Cert Before FMC Alias Cert After RT Alias Cert Before RT Alias Cert After
Note this also changes the subject name in IDEV and LDEV certs from "Caliptra 1.0" -> "Caliptra 1.x" as suggested. I did not dump those certs.
By reviewing the DICE Certificate TCBInfo(s) came across a couple of "minor" issues:
FMC Alias Certificate Hardcodes Vendor to "Caliptra" -> Recommendation is to leave this field empty
FMC Alias Certificate Hardcodes Model to "FMC" -> Recommendation is to leave this field empty, Field "Type" already contains this info
FMC Alias Certificate Flags is not properly formatted in the BIT STRING ASN1 type as per DICE Attestation Architecture Specification
RT Alias Certificate Hardcodes Vendor to "Caliptra" -> Recommendation is to leave this field empty
RT Alias Certificate Hardcodes Model to "RT" -> Recommendation is to leave this field empty, Field "Type" already contains this info