Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[update] Updating authorization manifest README.md and Runtime README… #1865

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[update] Updating authorization manifest README.md and Runtime README… #1865

wants to merge 1 commit into from

Conversation

mhatrevi
Copy link
Collaborator

….md files

@mhatrevi mhatrevi force-pushed the vmhatre/update-auth-man-doc branch from 3614d01 to cbcbfba Compare December 21, 2024 00:37
swenson
swenson approved these changes Dec 21, 2024
View reviewed changes
Copy link
Contributor

@swenson swenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

jhand2
jhand2 reviewed Dec 23, 2024
View reviewed changes
Copy link
Collaborator

@jhand2 jhand2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, mostly just have structural comments

runtime/README.md

The Caliptra-Endorsed Local Verifier could be required by the owner only or both the vendor and the owner.

The main difference between Caliptra-Endorsed Aggregated Measured Boot and Caliptra-Endorsed Local Verifier is if the SoC RoT is relying on the Measurement Manifest for SoC Secure Boot services as opposed as using it as an additional verification.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I think this sentence is a bit confusing. Which case is which?

runtime/README.md

### Unique Measurement Manifest Signing Keys

In order to reduce usage of the Caliptra FW Signing keys, the measurement manifest will be signed by new key pairs: one for the owner and possibly one for the vendor. These new key pairs are endorsed once by the Caliptra FW signing keys, the signature being in the Measurement Manifest, thus allowing the measurement manifest keys to be used independently of the Caliptra FW signing keys.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit

Suggested change
In order to reduce usage of the Caliptra FW Signing keys, the measurement manifest will be signed by new key pairs: one for the owner and possibly one for the vendor. These new key pairs are endorsed once by the Caliptra FW signing keys, the signature being in the Measurement Manifest, thus allowing the measurement manifest keys to be used independently of the Caliptra FW signing keys.
In order to reduce usage of the Caliptra FW Signing keys, the measurement manifest will be signed by new key pairs: one for the owner and optionally one for the vendor. These new key pairs are endorsed once by the Caliptra FW signing keys, the signature being in the Measurement Manifest, thus allowing the measurement manifest keys to be used independently of the Caliptra FW signing keys.

runtime/README.md

### Caliptra Measurement Manifest Vendor Public Key Authenticity

The Measurement Manifest MUST have an endorsement by the Caliptra Vendor Public Key. In order to fulfill this requirement, the Vendor has 2 options:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes it seem like the vendor has to sign the measurement manifest. But then below it says they can choose not to endorse it.

runtime/README.md
@@ -58,7 +58,100 @@ Caliptra Runtime Firmware will share driver code with ROM and FMC where
possible; however, it will have its own copies of all of these drivers linked into
the Runtime Firmware binary.

## Maibox commands
## Manifest-Based Image Authorization (new in 1.2)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section should link the to auth manifest readme so the reader can easily find more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhand2 jhand2 jhand2 left review comments

@swenson swenson swenson approved these changes

@fdamato fdamato Awaiting requested review from fdamato fdamato is a code owner

@rusty1968 rusty1968 Awaiting requested review from rusty1968 rusty1968 is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 is a code owner

@vsonims vsonims Awaiting requested review from vsonims vsonims is a code owner

Assignees
No one assigned
Labels
Caliptra v1.2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mhatrevi @swenson @jhand2