Open varuns-nvidia opened 1 year ago
If you want to make sure that PCR signing is truly a hardware function and cannot be affected by rogue/buggy/hacked FW, then the key should be created and locked by ROM.
Question about the requirements:
For 2, I would recommend endorsing with LDevID
If we do that, I don't think there's benefit in making the signing key random on each boot. I don't have any specific objections, just don't think any security value is gained.
HW PCR signing (key slot 7) currently uses the same private key as FMC Alias. This poses problems:
To mitigate, recommending that either ROM or FMC generate a new key pair for HW PCR signing. The public key could be exposed as a certificate or as TCI evidence for the Caliptra Runtime.
@Bryankel @vsonims @bluegate010 @JohnTraverAmd @jhand2 for comment.