search

lowRISC / opentitan

OpenTitan: Open source silicon root of trust
https://www.opentitan.org
Apache License 2.0
2.5k stars 744 forks source link

[keymgr] Add support for more FW stages #22349

Open vsukhoml opened 5 months ago

vsukhoml commented 5 months ago

Description

Currently key manager only supports 3 stages, which are based on assumptions of firmware structure. However there are considerations that more stages would be needed, e.g. adding OS kernel as a separate stage and crypto service as another, or mixing in measurements of AP FW or other components.

Practically key manager implementation shall be parameterized so these stages can be easily added.

@timothytrippel

ballifatih commented 5 months ago

In integrated_dev branch, there is already Keymgr_DPE IP that already supports larger number of stages. It is also able to handle multiple key slots. However, it is not in the mature state yet and it is not part of the master branch. Just adding this info for reference:

https://github.com/lowRISC/opentitan/blob/integrated_dev/hw/ip/keymgr_dpe/doc/theory_of_operation.md

ballifatih commented 3 weeks ago

Labeling it as FutureRelease so that it does not get mixed into the EarlGrey-PROD bucket.