An Update on Caliptra.pdf

《An Update on Caliptra.pdf》由会员分享，可在线阅读，更多相关《An Update on Caliptra.pdf（13页珍藏版）》请在三个皮匠报告上搜索。

1、Project updateCaliptraOpen Source RoTSecurityCaliptra Project UpdateThordurBjrnsson,Security Architect,GooglePiotr Kwidzinski,Security Architect,AMDCaliptra RecapCaliptra News and UpdatesCHIPS AlliancePublic repositoriesLatest architecture updatesDICE Protection EnvironmentCall to actionAgendaCalipt

2、ra quick recapAn OCP specification for a silicon Root of Trust internal blockTargeting SoCs and ASICs in the hyperscaler/datacenter spaceGoals:implementation consistency,transparency,openness,reusabilityA multi-party collaborationAn open source implementation of the specificationThe first Security p

3、roject specification proposing a technology blockCheck our previous presentations:OCP Global Summit 2022Caliptra news and updatesCaliptra specification,RTL and Firmware source code made publicHome page:https:/caliptra.ioComments and contributions open for public(must sign CLA):https:/ Caliptra Workg

4、roup(Fridays 9am PST)Register at:https:/www.chipsalliance.org/workgroups/Caliptra 0.8 release available(as of April23)RTL(0.8 candidate):https:/ and FMC:https:/ changes approved by TAC:https:/ structureHigh level diagram TCG DICE Protection EnvironmentDPE:DICE-as-a-ServiceDPE holds keys and measurem

5、entsCallers hold DPE context handlesDPE derives and wields DICE keys on behalf of callersDPE can represent multiple DICE identitiesPrivileges granted by way of holding a context handleDPEInitial layerChild AChild BChild EChild FChild DChild CDPE contextDPE contextDPE contextCaliptra implements DPE i

6、RoT ProfileiRoT ROMiRoT FMCiRoT app fwDPESoC Manager ROMSoC Manager FMCSoC Manager app fwApp CPU firmwareUEFIRealm ManagerApp CPU bootstrapManages identities for SoC componentsNeeded commandsInitializeContextDeriveChildSignCertifyKey(w/DPE-derived leaf key)Des