Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cert tweaks to names and TCB info #1725

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions FROZEN_IMAGES.sha384sum
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# WARNING: Do not update this file without the approval of the Caliptra TAC
91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3 caliptra-rom-no-log.bin
105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03 caliptra-rom-with-log.bin
e4a45236589f76070b0e6eb09995693a49579c4ca8949078f2f007c93e1e423a90e9fa719ac593df1d98174ab448502d caliptra-rom-no-log.bin
b5e10dcbc719846cb1e4b72857dcf1c25395de0ba7f297e3296eadd8893440e3d72e4f98f6167d327baeb6b2c7c9a1dc caliptra-rom-with-log.bin
2 changes: 1 addition & 1 deletion fmc/tests/fmc_integration_tests/test_rtalias.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ fn test_fht_info() {
let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 786);
assert_eq!(fht.fmcalias_tbs_size, 771);
assert_eq!(fht.ldevid_tbs_addr, 0x50003C00);
assert_eq!(fht.fmcalias_tbs_addr, 0x50004000);
assert_eq!(fht.pcr_log_addr, 0x50004800);
Expand Down
25 changes: 2 additions & 23 deletions libcaliptra/examples/generic/idev_csr_array.h
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,7 @@
// Generated from test/tests/caliptra_integration_tests/smoke_testdata/idev_csr.der

#include <stdint.h>
#define IDEV_CSR_LEN 443
#define IDEV_CSR_LEN 444
uint8_t idev_csr_bytes[IDEV_CSR_LEN] = {
48, 130, 1, 183, 48, 130, 1, 62, 2, 1, 0, 48, 105, 49, 28, 48, 26, 6,
3, 85, 4, 3, 12, 19, 67, 97, 108, 105, 112, 116, 114, 97, 32, 49, 46,
48, 32, 73, 68, 101, 118, 73, 68, 49, 73, 48, 71, 6, 3, 85, 4, 5, 19,
64, 56, 69, 51, 67, 49, 65, 48, 53, 56, 70, 55, 48, 52, 65, 49, 49, 56,
50, 49, 70, 55, 66, 52, 56, 68, 51, 52, 48, 65, 69, 70, 57, 57, 68, 68,
65, 66, 65, 68, 67, 49, 48, 57, 48, 68, 55, 52, 68, 48, 53, 55, 70, 69,
67, 67, 70, 55, 51, 50, 57, 52, 69, 68, 54, 48, 118, 48, 16, 6, 7, 42, 134,
72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 215, 180, 133, 242,
159, 17, 92, 28, 179, 4, 107, 132, 11, 69, 137, 181, 120, 98, 245, 235, 249,
157, 132, 111, 190, 63, 210, 209, 67, 150, 245, 246, 154, 55, 154, 89, 172,
197, 162, 174, 200, 54, 158, 203, 101, 144, 68, 55, 180, 188, 124, 217, 165,
168, 64, 60, 91, 177, 145, 82, 35, 170, 134, 190, 242, 193, 188, 146, 20, 95, 252,
39, 193, 37, 198, 219, 250, 212, 156, 145, 232, 72, 197, 68, 172, 127, 14, 149, 214,
205, 140, 172, 251, 146, 63, 166, 160, 86, 48, 84, 6, 9, 42, 134, 72, 134, 247, 13,
1, 9, 14, 49, 71, 48, 69, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2
, 1, 5, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 2, 4, 48, 31, 6, 6, 103, 129, 5, 5,
4, 4, 4, 21, 48, 19, 4, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 48, 10, 6, 8, 42,
134, 72, 206, 61, 4, 3, 3, 3, 103, 0, 48, 100, 2, 48, 124, 116, 253, 40, 206, 15, 249, 233, 218, 239
,144, 132, 165, 175, 192, 66, 209, 226, 8, 132, 103, 214, 106, 232, 220, 70, 204, 2, 29, 128, 218, 55, 80,
145, 238, 117, 9, 237, 21, 85, 15, 49, 21, 35, 201, 187, 230, 225, 2, 48, 36, 253, 27, 91, 71, 204, 20, 74, 102,
165, 187, 231, 4, 116, 240, 33, 54, 55, 244, 158, 93, 205, 161, 66, 191, 246, 130, 92, 161, 244, 81, 67, 226, 151,
252, 149, 206, 86, 177, 103, 225, 191, 225, 38, 58, 206, 161, 243,
0x30, 0x82, 0x01, 0xb8, 0x30, 0x82, 0x01, 0x3e, 0x02, 0x01, 0x00, 0x30, 0x69, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x43, 0x61, 0x6c, 0x69, 0x70, 0x74, 0x72, 0x61, 0x20, 0x31, 0x2e, 0x78, 0x20, 0x49, 0x44, 0x65, 0x76, 0x49, 0x44, 0x31, 0x49, 0x30, 0x47, 0x06, 0x03, 0x55, 0x04, 0x05, 0x13, 0x40, 0x38, 0x45, 0x33, 0x43, 0x31, 0x41, 0x30, 0x35, 0x38, 0x46, 0x37, 0x30, 0x34, 0x41, 0x31, 0x31, 0x38, 0x32, 0x31, 0x46, 0x37, 0x42, 0x34, 0x38, 0x44, 0x33, 0x34, 0x30, 0x41, 0x45, 0x46, 0x39, 0x39, 0x44, 0x44, 0x41, 0x42, 0x41, 0x44, 0x43, 0x31, 0x30, 0x39, 0x30, 0x44, 0x37, 0x34, 0x44, 0x30, 0x35, 0x37, 0x46, 0x45, 0x43, 0x43, 0x46, 0x37, 0x33, 0x32, 0x39, 0x34, 0x45, 0x44, 0x36, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xd7, 0xb4, 0x85, 0xf2, 0x9f, 0x11, 0x5c, 0x1c, 0xb3, 0x04, 0x6b, 0x84, 0x0b, 0x45, 0x89, 0xb5, 0x78, 0x62, 0xf5, 0xeb, 0xf9, 0x9d, 0x84, 0x6f, 0xbe, 0x3f, 0xd2, 0xd1, 0x43, 0x96, 0xf5, 0xf6, 0x9a, 0x37, 0x9a, 0x59, 0xac, 0xc5, 0xa2, 0xae, 0xc8, 0x36, 0x9e, 0xcb, 0x65, 0x90, 0x44, 0x37, 0xb4, 0xbc, 0x7c, 0xd9, 0xa5, 0xa8, 0x40, 0x3c, 0x5b, 0xb1, 0x91, 0x52, 0x23, 0xaa, 0x86, 0xbe, 0xf2, 0xc1, 0xbc, 0x92, 0x14, 0x5f, 0xfc, 0x27, 0xc1, 0x25, 0xc6, 0xdb, 0xfa, 0xd4, 0x9c, 0x91, 0xe8, 0x48, 0xc5, 0x44, 0xac, 0x7f, 0x0e, 0x95, 0xd6, 0xcd, 0x8c, 0xac, 0xfb, 0x92, 0x3f, 0xa6, 0xa0, 0x56, 0x30, 0x54, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e, 0x31, 0x47, 0x30, 0x45, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x05, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x1f, 0x06, 0x06, 0x67, 0x81, 0x05, 0x05, 0x04, 0x04, 0x04, 0x15, 0x30, 0x13, 0x04, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xed, 0x8e, 0x44, 0x4e, 0x3c, 0x7f, 0x6f, 0x96, 0x4a, 0x5d, 0xcb, 0xe1, 0xea, 0x08, 0xa0, 0x57, 0xf5, 0xd7, 0xb5, 0x6d, 0xce, 0x72, 0x9e, 0xb8, 0x8c, 0x88, 0x38, 0xf6, 0x50, 0x35, 0x90, 0xbd, 0x6b, 0x59, 0xdb, 0x29, 0x52, 0x13, 0x2e, 0xfc, 0xa8, 0xb6, 0x8d, 0x8a, 0x33, 0xd3, 0x2a, 0xcf, 0x02, 0x30, 0x6d, 0x40, 0x6a, 0x1f, 0x7c, 0x9e, 0x74, 0x8f, 0x28, 0xdc, 0x14, 0x73, 0xe0, 0x96, 0x92, 0xd8, 0x74, 0xfa, 0x30, 0x58, 0x04, 0x54, 0x84, 0x77, 0xe9, 0x52, 0x3a, 0x0d, 0x63, 0xfa, 0xf3, 0x1a, 0x68, 0xc3, 0x88, 0x07, 0x50, 0xa7, 0x5d, 0x6f, 0xf7, 0xa9, 0xda, 0x98, 0xf7, 0x8c, 0x48, 0x2a,
};
11 changes: 7 additions & 4 deletions rom/dev/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,13 @@ fn main() {
use x509_parser::signature_value::EcdsaSigValue;

let ws_dir = workspace_dir();
let ldev_file = std::fs::read(
ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"),
)
.unwrap();
let ldev_file_path =
ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der");
println!(
"cargo:rerun-if-changed={}",
ldev_file_path.to_str().unwrap()
);
let ldev_file = std::fs::read(ldev_file_path).unwrap();

let mut parser = X509CertificateParser::new();
let (_, cert) = parser.parse(&ldev_file).unwrap();
Expand Down
2 changes: 1 addition & 1 deletion rom/dev/src/flow/cold_reset/fmc_alias.rs
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,6 @@ impl FmcAliasLayer {
flags |= dice::FLAG_BIT_DEBUG;
}

flags.to_be_bytes()
flags.reverse_bits().to_be_bytes()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do the bits need to be reversed? The constants seem to match the spec.

}
}
Original file line number Diff line number Diff line change
Expand Up @@ -743,7 +743,7 @@ fn test_fht_info() {
let data = hw.mailbox_execute(0x1000_0003, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 786);
assert_eq!(fht.fmcalias_tbs_size, 771);
assert_eq!(fht.ldevid_tbs_addr, LDEVID_TBS_ORG);
assert_eq!(fht.fmcalias_tbs_addr, FMCALIAS_TBS_ORG);
assert_eq!(fht.pcr_log_addr, PCR_LOG_ORG);
Expand Down
4 changes: 2 additions & 2 deletions rom/dev/tools/test-fmc/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,11 @@ pub fn main() {}
// Dummy RO data to max out FMC image size to 16K.
// Note: Adjust this value to account for new changes in this FMC image.
#[cfg(all(feature = "interactive_test_fmc", not(feature = "fake-fmc")))]
const PAD_LEN: usize = 4988; // TEST_FMC_INTERACTIVE
const PAD_LEN: usize = 4996; // TEST_FMC_INTERACTIVE
#[cfg(all(feature = "fake-fmc", not(feature = "interactive_test_fmc")))]
const PAD_LEN: usize = 5224; // FAKE_TEST_FMC_WITH_UART
#[cfg(all(feature = "interactive_test_fmc", feature = "fake-fmc"))]
const PAD_LEN: usize = 5452; // FAKE_TEST_FMC_INTERACTIVE
const PAD_LEN: usize = 5460; // FAKE_TEST_FMC_INTERACTIVE
#[cfg(not(any(feature = "interactive_test_fmc", feature = "fake-fmc")))]
const PAD_LEN: usize = 0;

Expand Down
2 changes: 1 addition & 1 deletion runtime/src/dpe_platform.rs
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ impl Platform for DpePlatform<'_> {
&mut self,
out: &mut [u8; MAX_ISSUER_NAME_SIZE],
) -> Result<usize, PlatformError> {
const CALIPTRA_CN: &[u8] = b"Caliptra 1.0 Rt Alias";
const CALIPTRA_CN: &[u8] = b"Caliptra 1.x Rt Alias";
let mut issuer_writer = CertWriter::new(out, true);

// Caliptra RDN SerialNumber field is always a Sha256 hash
Expand Down
5 changes: 4 additions & 1 deletion test/src/x509.rs
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ impl DiceTcbInfo {
})
.transpose()?
.unwrap_or_default(),
flags: d.read_optional_implicit_element(7)?,
flags: d
.read_optional_implicit_element::<asn1::BitString>(7)?
.and_then(|b| b.as_bytes().try_into().ok())
.map(u32::from_be_bytes),
vendor_info: d
.read_optional_implicit_element::<&[u8]>(8)?
.map(|s| s.to_vec()),
Expand Down
22 changes: 11 additions & 11 deletions test/tests/caliptra_integration_tests/smoke_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ fn retrieve_csr_test() {
let csr_txt = String::from_utf8(csr.to_text().unwrap()).unwrap();

// To update the CSR testdata:
// std::fs::write("tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap();
// std::fs::write("tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap();

println!("csr: {}", csr_txt);

Expand Down Expand Up @@ -215,8 +215,8 @@ fn smoke_test() {
let ldev_cert_txt = String::from_utf8(ldev_cert.to_text().unwrap()).unwrap();

// To update the ldev cert testdata:
// std::fs::write("tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap();
// std::fs::write("tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap();

assert_eq!(
ldev_cert_txt.as_str(),
Expand Down Expand Up @@ -287,13 +287,13 @@ fn smoke_test() {
digest: device_info_hash.to_vec(),
},],

flags: Some(0x80000000),
flags: Some(0x00000001),
ty: Some(b"DEVICE_INFO".to_vec()),
..Default::default()
},
DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("FMC".into()),
vendor: None,
model: None,
// This is from the SVN in the image (9)
svn: Some(0x109),
fwids: vec![DiceFwid {
Expand Down Expand Up @@ -459,8 +459,8 @@ fn smoke_test() {
assert_eq!(
rt_dice_tcb_info,
Some(DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("RT".into()),
vendor: None,
model: None,
svn: Some(0x100),
fwids: vec![DiceFwid {
// RT
Expand Down Expand Up @@ -609,8 +609,8 @@ fn smoke_test() {
assert_eq!(
rt_dice_tcb_info2,
Some(DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("RT".into()),
vendor: None,
model: None,
svn: Some(0x100),
fwids: vec![DiceFwid {
// FMC
Expand Down
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Issuer: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -30,7 +30,7 @@ Certificate:
2.23.133.5.4.4:
0....................
2.23.133.5.4.5:
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
X509v3 Subject Key Identifier:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
X509v3 Authority Key Identifier:
Expand Down
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Subject: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -25,9 +25,9 @@ Certificate Request:
0....................
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:64:02:30:7c:74:fd:28:ce:0f:f9:e9:da:ef:90:84:a5:af:
c0:42:d1:e2:08:84:67:d6:6a:e8:dc:46:cc:02:1d:80:da:37:
50:91:ee:75:09:ed:15:55:0f:31:15:23:c9:bb:e6:e1:02:30:
24:fd:1b:5b:47:cc:14:4a:66:a5:bb:e7:04:74:f0:21:36:37:
f4:9e:5d:cd:a1:42:bf:f6:82:5c:a1:f4:51:43:e2:97:fc:95:
ce:56:b1:67:e1:bf:e1:26:3a:ce:a1:f3
30:65:02:31:00:ed:8e:44:4e:3c:7f:6f:96:4a:5d:cb:e1:ea:
08:a0:57:f5:d7:b5:6d:ce:72:9e:b8:8c:88:38:f6:50:35:90:
bd:6b:59:db:29:52:13:2e:fc:a8:b6:8d:8a:33:d3:2a:cf:02:
30:6d:40:6a:1f:7c:9e:74:8f:28:dc:14:73:e0:96:92:d8:74:
fa:30:58:04:54:84:77:e9:52:3a:0d:63:fa:f3:1a:68:c3:88:
07:50:a7:5d:6f:f7:a9:da:98:f7:8c:48:2a
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
25:ee:ef:9a:4c:61:d4:b9:e3:d9:4b:ea:46:f9:a1:2a:c6:88:7c:e2
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Issuer: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Subject: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -35,9 +35,9 @@ Certificate:
42:4F:3A:C7:45:DD:BD:50:15:05:7F:5B:F8:3E:9C:D6:48:10:B0:41
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:66:02:31:00:9b:0e:19:91:81:f6:90:a7:43:34:60:d8:1d:
69:c4:a5:63:52:a3:c8:93:cf:4c:11:be:e1:a1:8d:47:a6:b5:
63:78:42:3f:8a:85:f2:34:b4:ab:5a:18:01:f6:e7:ff:92:02:
31:00:e1:21:cf:21:fe:44:09:81:95:01:fd:29:ad:f5:29:a9:
01:6a:2e:a3:15:bf:65:ab:2a:e5:82:7c:ef:f1:b8:59:bd:7e:
60:cf:15:c7:2a:64:ea:cf:2b:7b:9b:ff:42:d3
30:65:02:30:27:24:23:0f:77:0a:b4:a9:95:dc:a1:96:e0:cd:
5d:f9:29:08:eb:80:7d:74:55:05:7a:22:b9:62:08:96:a2:7a:
08:21:3d:8a:c6:1f:3c:71:e0:8d:48:83:ab:9c:64:1a:02:31:
00:ad:8a:98:ea:e7:33:13:bb:02:b6:12:fa:24:ef:ae:f4:5b:
73:57:97:37:82:56:a8:e9:c8:b6:87:d9:2d:7d:43:bc:be:cd:
82:d3:0f:85:5a:15:56:8e:a2:08:f9:ec:ce
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Issuer: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject: CN=Caliptra 1.x Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -30,7 +30,7 @@ Certificate:
2.23.133.5.4.4:
0....................
2.23.133.5.4.1:
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the change that leads to the TCBInfo extension being shorter?

X509v3 Subject Key Identifier:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
X509v3 Authority Key Identifier:
Expand Down
8 changes: 4 additions & 4 deletions x509/build/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ fn gen_init_devid_csr(out_dir: &str) {
.add_basic_constraints_ext(true, 5)
.add_key_usage_ext(usage)
.add_ueid_ext(&[0xFF; 17]);
let template = bldr.tbs_template("Caliptra 1.0 IDevID");
let template = bldr.tbs_template("Caliptra 1.x IDevID");
CodeGen::gen_code("InitDevIdCsrTbs", template, out_dir);
}

Expand All @@ -67,7 +67,7 @@ fn gen_local_devid_cert(out_dir: &str) {
.add_basic_constraints_ext(true, 4)
.add_key_usage_ext(usage)
.add_ueid_ext(&[0xFF; 17]);
let template = bldr.tbs_template("Caliptra 1.0 LDevID", "Caliptra 1.0 IDevID");
let template = bldr.tbs_template("Caliptra 1.x LDevID", "Caliptra 1.x IDevID");
CodeGen::gen_code("LocalDevIdCertTbs", template, out_dir);
}

Expand Down Expand Up @@ -98,7 +98,7 @@ fn gen_fmc_alias_cert(out_dir: &str) {
},
}],
);
let template = bldr.tbs_template("Caliptra 1.0 FMC Alias", "Caliptra 1.0 LDevID");
let template = bldr.tbs_template("Caliptra 1.x FMC Alias", "Caliptra 1.x LDevID");
CodeGen::gen_code("FmcAliasCertTbs", template, out_dir);
}

Expand All @@ -122,6 +122,6 @@ fn gen_rt_alias_cert(out_dir: &str) {
digest: &[0xCD; 48],
},
}]);
let template = bldr.tbs_template("Caliptra 1.0 Rt Alias", "Caliptra 1.0 FMC Alias");
let template = bldr.tbs_template("Caliptra 1.x Rt Alias", "Caliptra 1.x FMC Alias");
CodeGen::gen_code("RtAliasCertTbs", template, out_dir);
}
4 changes: 3 additions & 1 deletion x509/build/cert.rs
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,11 @@ impl<Algo: SigningAlgorithm> CertTemplateBuilder<Algo> {
device_fwids: &[FwidParam],
fmc_fwids: &[FwidParam],
) -> Self {
// This method of finding the offsets is fragile. Especially for the 1 byte values.
// These may need to be updated to stay unique when the cert template is updated.
let flags: u32 = 0xC0C1C2C3;
let svn: u8 = 0xC4;
let svn_fuses: u8 = 0xC5;
let svn_fuses: u8 = 0xC6;

self.exts
.push(x509::make_fmc_dice_tcb_info_ext(
Expand Down
Loading
Loading