Open loiclefort opened 8 months ago
@neeraj-rv @andreaskurth
cc @rsahita
could we use compressed form of the ECC public keys (49 bytes) - but we would still need 193 bytes including all other fields (sig, id, metadata)
We could use the compressed form but computing the public key coordinates from the compressed key may impact boot time.
true - I presume that would be done using OTBN - couple questions - is that IP available early enough, and what would be the latency?
AFAIK the plan is to use software ECDSA in the ROM for risk mitigation in case there are any issues with OTBN.
There are some indications about the runtime cost when using OTBN and arguments about the different algorithms/key sizes in [RFC] Secure Boot Signature Options.
I think one potential option is to combine all the relevant keys wrapped in a single signature Assuming ECDSA-p256 for now (arguably same security level as current RSA)
ROT_CREATOR_AUTH_NON_RAW_MFW_CODESIGN_KEY : 64 B ROT_CREATOR_AUTH_ROM2_PATCH_SIGVERIFY_KEY : 64 B ROT_CREATOR_AUTH_KEYMANIFEST_KEY : 64 B ROT_CREATOR_AUTH_UNLOCK4XFER_KEY : 64 B DEV ID : 32 B METADATA : 16 B SIGNATURE : 64 B
TOTAL: : 368 B
This will enable it to stay within the currently allocated partition and do not need to use compressed keys
If we switch to p256 thats a good option. this will also free up some space for a cmac for the crwator auth identity cert provisioned
desc
Current allocation for all keys in Darjeeling OTP look like this: