search

lowRISC / opentitan

OpenTitan: Open source silicon root of trust
https://www.opentitan.org
Apache License 2.0
2.53k stars 754 forks source link

[rom_ext, ownership] Consider tracking previous owners #24429

Open cfrantz opened 1 month ago

cfrantz commented 1 month ago

Description

As part of ownership transfer, consider tracking the previous owner.

Ideas:

  1. Keep a hash of the previous owner's key.
  2. Keep a hash-chain of all previous owners: Upon each ownership transfer: prev_owner_hash = HASH(prev_owner_key || prev_owner_hash)

Given a list of all previous owner public keys, the prev_owner_hash could be independently verified.

cdgori commented 2 weeks ago

I can imagine wanting to know the chain of ownership, for sure, to make it clear what has happened - the truly paranoid might want to make sure that "everything" has been reverted/swapped during the transfer.

I can also imagine wanting an ownership-transferred part to be indistinguishable from one that was "factory-assigned" for lack of a better term.

I slightly lean towards the second case - since we ought to be very confident that the ownership transfer works and no residual data/artifacts of the prior owner remain.

Or, there may be some more basic reason for tracking the ownership chain that I'm missing, which is quite possible.