An Update on Caliptra.pdf

1、Project updateCaliptraOpen Source RoTSecurityCaliptra Project UpdateThordurBjrnsson,Security Architect,GooglePiotr Kwidzinski,Security Architect,AMDCaliptra RecapCaliptra News and UpdatesCHIPS AlliancePublic repositoriesLatest architecture updatesDICE Protection EnvironmentCall to actionAgendaCalipt

2、ra quick recapAn OCP specification for a silicon Root of Trust internal blockTargeting SoCs and ASICs in the hyperscaler/datacenter spaceGoals:implementation consistency,transparency,openness,reusabilityA multi-party collaborationAn open source implementation of the specificationThe first Security p

3、roject specification proposing a technology blockCheck our previous presentations:OCP Global Summit 2022Caliptra news and updatesCaliptra specification,RTL and Firmware source code made publicHome page:https:/caliptra.ioComments and contributions open for public(must sign CLA):https:/ Caliptra Workg

4、roup(Fridays 9am PST)Register at:https:/www.chipsalliance.org/workgroups/Caliptra 0.8 release available(as of April23)RTL(0.8 candidate):https:/ and FMC:https:/ changes approved by TAC:https:/ structureHigh level diagram TCG DICE Protection EnvironmentDPE:DICE-as-a-ServiceDPE holds keys and measurem

5、entsCallers hold DPE context handlesDPE derives and wields DICE keys on behalf of callersDPE can represent multiple DICE identitiesPrivileges granted by way of holding a context handleDPEInitial layerChild AChild BChild EChild FChild DChild CDPE contextDPE contextDPE contextCaliptra implements DPE i

6、RoT ProfileiRoT ROMiRoT FMCiRoT app fwDPESoC Manager ROMSoC Manager FMCSoC Manager app fwApp CPU firmwareUEFIRealm ManagerApp CPU bootstrapManages identities for SoC componentsNeeded commandsInitializeContextDeriveChildSignCertifyKey(w/DPE-derived leaf key)Des