RFC: Support DPE export-cdi in Caliptra

[jhand2]

Planned Release: RT 1.2

Background

The main DPE spec has a concept of “cdi-export” that works in roughly this way:

• Call DeriveChild with export-cdi=true and create-certificate=true
• DPE will derive the following (using the profile defined functions from “Profile Attributes”)
  • cdi = dice-derivation()
  • priv, pub = asymmetric-derivation(cdi)
• DPE will create an Embedded CA (ECA) certificate for pub
• DPE will return certificate and cdi to the caller
• DPE will not retain the context. This means the exported key can no longer be used inside of DPE.

This document describes how this feature will be implemented in Caliptra.

This feature is analogous to the CertifyKey(IsCA=true) flag that Caliptra DPE currently supports. The purpose of this design is to align the Caliptra implementation with the main DPE spec. If this is adopted, the existing export mechanism will be removed, as it does not align with the main DPE spec.

Design

Caliptra KeyVault does not allow exporting CDIs. Furthermore, one of the primary goals of Caliptra is to hold onto all key material to prevent leaking that key material. Therefore, I propose that Caliptra does not actually export the raw CDI. Instead, it will put the CDI in a defined KeyVault slot and export a random token.

The caller can then use the exported key via a simple SIGN_WITH_EXPORTED mailbox command.

Inputs:

• Random token exported by DPE
• Data to be signed

Outputs:

• Signature

SIGN_WITH_EXPORTED will only be callable from PL0.

Use-case

Caliptra would like to support CA for certificates that it constructs. This is particularly useful for Confidential Compute, in cases where details of the leaf certificate are very protocol-specific.

This is the only mechanism a caller can use to get Caliptra to produce a DPE certificate with IsCA=True.