Skip to content

Commit

Permalink
Cleanup inconsistent wording around "obfuscation" in main spec (#177)
Browse files Browse the repository at this point in the history
  • Loading branch information
@FerralCoder
FerralCoder authored Feb 28, 2024
1 parent 39e4722 commit ff00eb6
Showing 1 changed file with 8 additions and 8 deletions.
16 changes: 8 additions & 8 deletions doc/Caliptra.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,14 +217,14 @@ An example of when an owner must protect assets is moving from secure mode to in

| Asset category | Asset | Security property | Attack profile | Attack path | Mitigation |
| :------------- | :--------- | :---------------- | :------------- | :---------- | :--------- |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Malicious manufacturing spoofing of UDS Seeds | UDS obfuscation/encryption with class RTL key |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Malicious manufacturing spoofing of UDS Seeds | UDS obfuscation with class RTL key |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Invasive attack (fuse analysis) | Shield fuse IP |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Boot path tampering while retrieving UDS values | UDS obfuscation/encryption with class RTL key |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Boot path tampering while retrieving UDS values | UDS obfuscation with class RTL key |
| Fuse/OTP high value secrets | UDS Seed | Confidentiality and integrity | Expert | Attempting to derive die specific keys by knowing UDS | Confine unobfuscated UDS and subsequent derivations to key vault |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Malicious manufacturing spoofing on field entropy | Field entropy obfuscation and encryption with class RTL key |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Malicious manufacturing spoofing on field entropy | Field entropy obfuscation with class RTL key |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Invasive attack (fuse analysis) | Shield fuse IP |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Boot path tampering while retrieving field entropy values | Field entropy obfuscation and encryption with class RTL key |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Attempting to derive die specific keys by knowing field entropy | Confine field entropy and subsequent derivations to key vault |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Boot path tampering while retrieving field entropy values | Field entropy obfuscation with class RTL key |
| Fuse/OTP high value secrets | Field entropy | Confidentiality and integrity | Expert | Attempting to derive die specific keys by knowing field entropy | Confine unobfuscated field entropy and subsequent derivations to key vault |
| Fuse/OTP high value secrets | FW authentication keys | Integrity | Proficient | Glitching | 1. Redundant decision making on critical code execution<br>2. Error check before consuming values from fuses<br>3. Environmental monitoring and protection |
| Fuse/OTP high value secrets | Versioning information from fuses | Integrity | Proficient | Glitching | Environmental monitoring and protection |
| Fuse/OTP high value secrets | IDEVID CERT chain | Integrity | Proficient | Glitching | 1. Environmental monitoring and protection<br>2. Error check before consuming values from fuse in various ways |
Expand Down Expand Up @@ -288,7 +288,7 @@ Caliptra must provide its runtime (RT) code with a cryptographic identity in acc

A combination of mask ROM and HW macros must implement the DICE key derivation and power-on latch, hiding the UDS and only making the CDI-derived signing key visible to firmware.

The Caliptra UDS is stored as ciphertext in fuses, encrypted at rest by an obfuscation secret[^2] known only to the Caliptra ROM. Once read by Caliptra ROM at boot, the decrypted UDS is then used to derive the IDevID identity.
The Caliptra UDS is stored as ciphertext in fuses, obfuscated at rest by a secret obfuscation key[^2] known only to the Caliptra ROM. Once read by Caliptra ROM at boot, the unobfuscated UDS is then used to derive the IDevID identity.

### IDevID key

Expand Down Expand Up @@ -604,7 +604,7 @@ Caliptra RT generates the DPE certificate and endorses it with the Alias<sub>RT<
|Security state, device lifecycle state [2:0]| State | Definition | State transition requirement |
|------------------------------------------------|-------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- |
| 000b | DebugUnlocked and unprovisioned | This is Caliptra’s default state; it is used for development and early Caliptra bring up. This state is not used to provision the Caliptra assets. In this state:<br> - UDS and all other identity critical assets shall not be programmed in fuses. Un-programmed fuse bits shall be read as 0s (zero). The debug UDS shall be obfuscated and de-obfuscated using the debug obfuscation key.<br> - Obfuscation key: The debug obfuscation key shall be used.<br> - Caliptra JTAG is unlocked and allows microcontroller debug.<br> - Caliptra JTAG can access IP internal registers through FW. | Unprovisioned to any other state requires a cold boot cycle of Caliptra and SoC. |
| 101b | DebugLocked and manufacturing | Caliptra is commanded to enter this state during the secure HVM process. In this state:<br> - UDS and other identity critical assets shall be programmed into fuses. They are written into Caliptra fuse registers, similar to the ‘Secure’ state.<br> - All security assets shall be in production mode (production UDS and obfuscation shall be used).<br> - Caliptra JTAG shall be locked; microcontroller debug shall be disabled.<br> - Caliptra microcontroller can be interrupted through JTAG mailbox. | Manufacturing -> insecure state transition is possible without power cycle and Caliptra clears all of the security critical assets and registers before JTAG is opened. Manufacturing -> secured state is possible ONLY with a power cycle. See [Provisioning During Manufacturing](#provisioning-idevid-during-manufacturing) for details. |
| 101b | DebugLocked and manufacturing | Caliptra is commanded to enter this state during the secure HVM process. In this state:<br> - UDS and other identity critical assets shall be programmed into fuses. They are written into Caliptra fuse registers, similar to the ‘Secure’ state.<br> - All security assets shall be in production mode (production UDS and obfuscation key shall be used).<br> - Caliptra JTAG shall be locked; microcontroller debug shall be disabled.<br> - Caliptra microcontroller can be interrupted through JTAG mailbox. | Manufacturing -> insecure state transition is possible without power cycle and Caliptra clears all of the security critical assets and registers before JTAG is opened. Manufacturing -> secured state is possible ONLY with a power cycle. See [Provisioning During Manufacturing](#provisioning-idevid-during-manufacturing) for details. |
| 111b | DebugLocked and production | All security assets are in production mode. In this state:<br> - Production UDS and obfuscation key shall be used.<br> - CPU execution shall be enabled.<br> - All ‘backdoor’ functionality shall be disabled (for example, developer functions and functionality that could reveal sensitive information or result in escalation of privileges).<br> - Debug functions shall be disabled. Caliptra JTAG is locked – microcontroller debug shall be disabled. Caliptra microcontroller shall not be interruptible through JTAG mailbox.<br> - DFT functions shall be disabled. | DebugLocked -> debug unlocked possible without power cycle and Caliptra clears all of the security critical assets and registers before JTAG is opened. |
| 011b | DebugUnlocked and production | This state is used when debugging of Caliptra is required. When in this state: UDS and other identity critical assets are programmed into fuses. They may not have been written into Caliptra fuse registers if the insecure state entered before Caliptra is out of reset. If the insecure state transition happened after fuses are written to Caliptra, they are cleared when the security state transitions from secure/manufacturing -> insecure.<br> Caliptra state: All security assets are in debug mode (UDS and obfuscation key are in production state).<br> - UDS: Reverts to a ‘well-known’ debug value.<br> - Obfuscation key: Switched to debug key.<br> - Key Vault is also cleared.<br> - Caliptra JTAG is unlocked and allows microcontroller debug.<br> - Caliptra JTAG can access IP internal registers through FW or directly. | Debug unlocked -> debug locked is possible ONLY with a power cycle. |

Expand Down Expand Up @@ -1326,7 +1326,7 @@ The Caliptra Workgroup acknowledges the following individuals for their contribu

[^1]: Caliptra is Spanish for “root cap” and describes the deepest part of the root.

[^2]: This obfuscation secret may be a chip-class secret, or a chip-unique PUF, with the latter preferred.
[^2]: This obfuscation key may be a chip-class secret, or a chip-unique PUF, with the latter preferred.

[^3]: This memory should only be volatile in a power loss event. See details in the [reset flow section](#reset-flow).

Expand Down

0 comments on commit ff00eb6

Please sign in to comment.