First Draft of Caliptra Trademark Audit #175
Conversation
|
CaliptraTrademarkAudit.md
Outdated
| * Show a Run of the tool to verify the RTL Release Hash (in development) | ||
| * Show the ROM hash from a release ROM hash |
There was a problem hiding this comment.
Show how? Does synthesis tooling provide input file hashes in build logs?
There was a problem hiding this comment.
we are developing a tool for this that would hash the required RTL files. It does not cover a case where an integrator is lying to us about what they are using. See PR here: chipsalliance/caliptra-sw#1283
CaliptraTrademarkAudit.md
Outdated
| * Show how the RTL was integrated into the device environment | ||
| * Show a Run of the tool to verify the RTL Release Hash (in development) | ||
| * Show the ROM hash from a release ROM hash | ||
| * Show the internal Caliptra FW signing process used to sign Caliptra FW |
There was a problem hiding this comment.
Process for generating the signatures doesn't seem relevent as long as key management for the signing key is done appropriately.
CaliptraTrademarkAudit.md
Outdated
|
|
||
| * Show how the RTL key is provided and ensure that it is not available to any FW. | ||
| * Describe the noise source for the RNG (indicating if Internal RNG or external RNG) | ||
| * External RNG description should be shown |
There was a problem hiding this comment.
what is being asked for here that is not covered by the previous line?
CaliptraTrademarkAudit.md
Outdated
| * Show how the FW signing key is created and protected | ||
| * If applicable, show LMS sign keys derivations and how HSM protects them | ||
| * If applicable, prove LMS verify. |
There was a problem hiding this comment.
These need to be phrased in terms of HSM-generated outputs that can be tested by the auditor (eg: proof-of-possession statement over the key)
CaliptraTrademarkAudit.md
Outdated
| * Show how SVNs fuses will be incremented. | ||
| * Show how keys revoke bits can be revoked. | ||
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. |
There was a problem hiding this comment.
Owner keys are not fused with ownership transfer
CaliptraTrademarkAudit.md
Outdated
| * Show how keys revoke bits can be revoked. | ||
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. | ||
| * Show how the IDevID Cert gets recreated on part. |
There was a problem hiding this comment.
this is redundant to a previous requirement to demonstrate a valid Caliptra IDevID cert chain
CaliptraTrademarkAudit.md
Outdated
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. | ||
| * Show how the IDevID Cert gets recreated on part. | ||
| * Show how external entities would interact with Calitpra (path through Security processor, direct access, etc.) |
There was a problem hiding this comment.
What is an "external entity"? User-mode software?
CaliptraTrademarkAudit.md
Outdated
| ## SOC Root of Trust | ||
|
|
||
| * Show that SOC RoT is sending SOC FMC measurements to Caliptra before running off-chip FW. | ||
| * Show the design for the SOC ROT Caliptra FW Storage and fetching |
There was a problem hiding this comment.
Would be clearer as "Show the design for the SOC ROT Storage and fetching of Caliptra FW" if that was the intent of the statement.
CaliptraTrademarkAudit.md
Outdated
|
|
||
| ## SOC Root of Trust | ||
|
|
||
| * Show that SOC RoT is sending SOC FMC measurements to Caliptra before running off-chip FW. |
There was a problem hiding this comment.
This does not fully capture the ordering requirements for FW measure/stash/execute. FW must be measured by it's associated RTM before that FW is executed. Measurements must be stashed before the RTM exits (ie: measurements taken by ROM must be stashed by ROM, measurements taken by FMC must be stashed by FMC, etc.)
CaliptraTrademarkAudit.md
Outdated
|
|
||
| * Indicate how the manufacturing process will flow. | ||
| * Show the UDS Seed creation | ||
| * Show the CSR extraction and signing |
There was a problem hiding this comment.
Potentially redundant, seems like a combination of the HSM/key-management requirements and the requirement to demonstrate valid DevID cert chains.
CaliptraTrademarkAudit.md
Outdated
There was a problem hiding this comment.
Many of these are not phrased as testable requirements, and it's not clear what would constitute pass/fail.
There was a problem hiding this comment.
Agreed. My goal here was to get a topic list together and then work on what the actual requirements would be for each topic.
|
|
||
| This document will describe the specific requirements to be reviewed by a 3rd party and attest to Caliptra TAC that the requirements have been met. | ||
|
|
||
| The goal of a Caliptra Trademark Audit would be to be compliant with OCP Safe Level 2 requirements using an OCP Safe approved auditor. |
There was a problem hiding this comment.
An additional goal of a ....
s/would/is/
s/Safe/S.A.F.E./
|
|
||
| Currently, this is a list of Topics to review for Trademark Compliance. Specific testable requirements will need to be spelled out subsequently. | ||
|
|
||
| * Each of these topics will have to be reviewed for an integration to get approval of Trademark Usage |
There was a problem hiding this comment.
I think "approval for TM usage" but English is my second language
| * Each of these topics will have to be reviewed for an integration to get approval of Trademark Usage | ||
|
|
||
| ## Caliptra IP | ||
|
|
There was a problem hiding this comment.
Preface sentence.
"A compliant integration must show:"
- bullet points
| ## Caliptra IP | ||
|
|
||
| * Show how the RTL was integrated into the device environment | ||
| * Show a Run of the tool to verify the RTL Release Hash (in development) |
There was a problem hiding this comment.
TODO here? Replace to link for source code of tool when ready
|
|
||
| * Show how the RTL was integrated into the device environment | ||
| * Show a Run of the tool to verify the RTL Release Hash (in development) | ||
| * Show the ROM hash from a release ROM hash |
There was a problem hiding this comment.
the ROM hash maps to a verifiable build of a tagged ROM release
| * External RNG description should be shown | ||
| * Show error handling integration | ||
| * Show how debugging will be enabled/disabled in production | ||
| * Show SRAM zeroization |
There was a problem hiding this comment.
process for SRAM zeroization
| ## SOC Run-Time | ||
|
|
||
| * Show how SVNs fuses will be incremented. | ||
| * Show how keys revoke bits can be revoked. |
There was a problem hiding this comment.
Typo, key revoke bits
| * Show how SVNs fuses will be incremented. | ||
| * Show how keys revoke bits can be revoked. | ||
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. |
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. | ||
| * Show how the IDevID Cert gets recreated on part. | ||
| * Show how external entities would interact with Calitpra (path through Security processor, direct access, etc.) |
There was a problem hiding this comment.
Do we need a specific PAUSER requirement. Show those are not spoofed and correctly bound to callers
| * Show how keys revoke bits can be revoked. | ||
| * Show how Run-Time Entropy will be fused. | ||
| * Show how owner key hash will be fused. | ||
| * Show how the IDevID Cert gets recreated on part. |
There was a problem hiding this comment.
on part? Is this sentence incomplete?
|
HSM section needs to include:
Manufacturing section needs to include:
|
First draft of the Caliptra Trademark Audit for discussion.