6575 - Caliptra - Subsystem Firmware Stack.pdf

《6575 - Caliptra - Subsystem Firmware Stack.pdf》由會員分享，可在線閱讀，更多相關《6575 - Caliptra - Subsystem Firmware Stack.pdf（15頁珍藏版）》請在三個皮匠報告上搜索。

1、Chris Swenson,Raghu Krishnamurthy,Bryan Kelly,Bharat PillilliCaliptra Subsystem Firmware StackCaliptra Subsystem Firmware StackChris Swenson,Raghu Krishnamurthy,Bryan Kelly,Bharat PillilliCyber Security&Data ProtectionCaliptra Subsystem Caliptra Core HW/FW+MCU HW/FWEnables Caliptra Integrators to bu

2、ild fully featured RoTCaliptra Subsystem OverviewCaliptra Core 2.0 Security FeaturesML-DSA(with Adams Bridge integration),PQC-aware DICE,AES Engine,Key Vault Extensions for PQC,PCR Signing with PQCCaliptra MCU FeaturesSubsystem Mode Support:AXI DMA Assist,Manufacturing&Product Debug Unlock,UDS progr

3、ammingIntegration of Lifecycle controller&Fuse controllerOCP Streaming boot support over I3CMCU&corresponding HW support for running SoC-specific FW(whose FW is loaded/bootstrapped by Caliptra Core)Caliptra MCU FW built on Caliptra Core 2.0FW released independentlyCaliptra Subsystem FeaturesOpen and

4、 ExtensibleDeveloped openly on GitHubProvided as SDK to build RoT ApplicationsExtensible and customizable by integratorsSecure&SafeFollows established security&isolation best practices Memory Safe Developed in RustConsistentConsistent implementation of Secure Boot,Measured Boot,Attestation,Recovery,

5、Streaming Boot,etc.Standards based:TCG,DMTF,OCP,PCIe CompliantOCP SAFE Audited(planned)Caliptra Trademark(planned)Design Principles of Caliptra Subsystem SDKCombination of Caliptra Core 2.x FW and MCU FWCaliptra Core 2.x provides the security servicesCaliptra MCU provides the RoT services for the So

6、C and PlatformCaliptra Subsystem FW StackCaliptra Core 2.x comprises of consortium-governed ROM,FMC and RuntimeCaliptra Core 2.x provides foundational security features for MCUQuantum-resilient DICEClassical and Post-Quantum Cryptography API supportDebug Unlock supportQuantum-resilient DPECaliptra C

7、ore 2.x FWMCU StackDevelopment ToolsEmulators,RTL Simulators&FPGAReference MCU ROMReference MCU ROM implemented in RustIllustrates integration b/w Caliptra Core 2.x and MCUTock KernelProvides user/kernel mode isolation via RISC-V PMPDriver model for extensibilityStacks&APIMCTP Base&PLDM BasePLDM Fir

8、mware Update(Type 5)OCP Recovery/Streaming BootSPDM-based AttestationPCIe IDE&TDISP supportSPI Flash BootImage LoadingOCP Device Ownership TransferMCU FW SDKROM DevelopmentMCU ROM is integrator specificAbility to extend the reference Rust ROM to build MCU-specific ROMDriversFlexible&async driver mod

9、el provided by Tock KernelSoC-specific drivers(UART,SPI,IDE/TDISP,etc.)SoC API&StacksAbility for SoC to provide their own stack and user-mode interfacesRoT ApplicationsAllows integrators to synthesize RoT applications specific to their use casesAllows extensibility points for integrator-specific mes

10、sage handlers for external communicationEnables running of legacy C code Allows multiple application isolation via Tock kernel&MMUMCU FW Integrator ExtensibilityMCU SDK will be reviewed,audited,and compliant to various standardsCurrent plan is to support compliance with:Caliptra TrademarkOCP SAFEFIP

11、S 140-3(for Caliptra Core 2.x)Provide ability to run FIPS ACVP test suiteCompliance&TrademarkFuture OCP Security ArchitectureYour ASICCPUPlatform Root of TrustBMCSPDMDC-SCM ModularityDPUGPUpRoTRot w/Caliptra(Core/Subsystem)Streaming boot endpointStreaming boot OOB pathSPDM attestationpathOOB busTrus

12、ted VerifierMCTPI3CUSBLegendCaliptra Subsystem Development PlanCaliptra Core 2.0 HW releaseCaliptra 2.0 HW ReleaseCaliptra Core 2.1 HW ReleaseCaliptra Subsystem 2.1 HW ReleaseI3C StackMCTP StackSPDM StackPLDM StackSPI StackCaliptra integrationOCP Recovery/Streaming BootFlash BootPLDM Firmware Update

13、SPDM AttestationFuse ProgrammingFPGA ValidationSoC Key RequestsTDISPDevice Ownership TransferOCP LOCKFeb,25Mar,25Apr,25June,25Aug,25Sept,25Sept,25HWMCU SDK FWPlease join us in co-developing an industry-compliant RoT SDKhttps:/caliptra.io/SpecsMain Caliptra specification 2.0Caliptra Subsystem Hardware SpecificationROM 2.x SpecificationFMC 2.x SpecificationRuntime 2.x SpecificationMCU Firmware and SDK specificationCall to ActionThank You!