Open vsukhoml opened 5 months ago
In integrated_dev branch, there is already Keymgr_DPE IP that already supports larger number of stages. It is also able to handle multiple key slots. However, it is not in the mature state yet and it is not part of the master branch. Just adding this info for reference:
https://github.com/lowRISC/opentitan/blob/integrated_dev/hw/ip/keymgr_dpe/doc/theory_of_operation.md
Labeling it as FutureRelease so that it does not get mixed into the EarlGrey-PROD bucket.
Description
Currently key manager only supports 3 stages, which are based on assumptions of firmware structure. However there are considerations that more stages would be needed, e.g. adding OS kernel as a separate stage and crypto service as another, or mixing in measurements of AP FW or other components.
Practically key manager implementation shall be parameterized so these stages can be easily added.
@timothytrippel