设备所有权转移和无安全存储设备的加密绑定.pdf

《设备所有权转移和无安全存储设备的加密绑定.pdf》由会员分享，可在线阅读，更多相关《设备所有权转移和无安全存储设备的加密绑定.pdf（15页珍藏版）》请在三个皮匠报告上搜索。

1、James Zhang(NVIDIA)Chris Hillier(NVIDIA)Device Ownership Transfer and Cryptographic Binding for Device without Secure StorageDevice Ownership Transfer and Cryptographic Binding for Devices without Secure StorageJames Zhang(NVIDIA)Chris Hillier(NVIDIA)SecurityAbility for owner of the system to assert

2、 ownership through code signingAbility for ownership to be transferred without cumbersome process and handshakeOCP Device Ownership Transfer defines the general Archetypes,State Transition and Protocol for Device Ownership TransferVolatile Ownership TransferMutable Locking Ownership TransferRefresh-

3、What is Device Ownership Transfer?NVIDIA DOT architecture last presented at OCP Global Summit 2023Every NVIDIA Grace has shipped with DOT Volatile and Mutable LockingDespite success1there is always room for improvement and iterationTodays presentation focused on one problem spaceSupporting Mutable L

4、ocking DOT with devices that do not have non-volatile secure storageBrief Update Device Ownership Transfer1Definition of success Updated-Ownership Transfer State TransitionsMutable Locking requires non-volatile secure storage to keep ownership informationOptionsOTP FUSE not scalable,FUSE is very lim

5、itedIn-Silicon Non-OTP NVM not available for advanced nodesIn-Package NVM has complications,costWhat alternative options do we have?Problem Storage of Mutable Locked StateLimited/reasonable amount of OTP FUSE usageCan be used with flash-based boot or streaming bootCryptographic binding to establish

6、trustAdopted by Caliptra 2.1(Subsystem)Solution-Cryptographic BindingDevice starts uninitialized with no DOT BlobState TransitionTransit state to Locked(take ownership)DOT STATE FUSE burns 1 bitDOT Blob generated State TransitionDOT Blob GeneratedFUSE BurnDOT Blob authenticated d