You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: auth-manifest/README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ The Caliptra SOC manifest has two main components: [Preamble](#preamble) and [Im
9
9
Those signatures are also stored in the Preamble.
10
10
The Caliptra firmware's ECC and PQC private keys endorse the manifest's public keys, and these endorsements (signatures) are part of the Preamble as well.
11
11
12
-
*Note: All fields are littleendian unless specified*
12
+
*Note: Do not treat the entire manifest as little endian. Scalar `u32`fields use little-endian layout. ECC key and signature fields are stored as big-endian `u32` words. Raw byte-array fields, such as image hashes, use the exact byte sequence produced by standard tools like OpenSSL unless a field description explicitly says otherwise.*
| Challenge | 48 | Random number sent in `AUTH_DEBUG_UNLOCK_CHALLENGE` mailbox command payload. |
369
-
| ECC Public Key | 96 | ECC P-384 public key used to verify the Message Signature <br> **X-Coordinate:** Public Key X-Coordinate (48 bytes) <br> **Y-Coordinate:** Public Key Y-Coordinate (48 bytes). See [Byte order of cryptographic fields](../runtime/README.md#byte-order-of-cryptographic-fields). |
370
-
| MLDSA Public Key | 2592 | MLDSA-87 public key used to verify the Message Signature. See [Byte order of cryptographic fields](../runtime/README.md#byte-order-of-cryptographic-fields). |
371
-
| ECC Signature | 96 | ECC P-384 signature of the Message hashed using SHA2-384. <br> **R-Coordinate:** Random Point (48 bytes) <br> **S-Coordinate:** Proof (48 bytes). See [Byte order of cryptographic fields](../runtime/README.md#byte-order-of-cryptographic-fields). |
372
-
| MLDSA Signature | 4628 | MLDSA-87 signature of the Message hashed using SHA2-512 (4627 bytes + 1 Reserved byte). See [Byte order of cryptographic fields](../runtime/README.md#byte-order-of-cryptographic-fields). |
369
+
| ECC Public Key | 96 | ECC P-384 public key used to verify the Message Signature <br> **X-Coordinate:** Public Key X-Coordinate (48 bytes) <br> **Y-Coordinate:** Public Key Y-Coordinate (48 bytes). See [Byte order of cryptographic fields](../../runtime/README.md#byte-order-of-cryptographic-fields). |
370
+
| MLDSA Public Key | 2592 | MLDSA-87 public key used to verify the Message Signature. See [Byte order of cryptographic fields](../../runtime/README.md#byte-order-of-cryptographic-fields). |
371
+
| ECC Signature | 96 | ECC P-384 signature of the Message hashed using SHA2-384. <br> **R-Coordinate:** Random Point (48 bytes) <br> **S-Coordinate:** Proof (48 bytes). See [Byte order of cryptographic fields](../../runtime/README.md#byte-order-of-cryptographic-fields). |
372
+
| MLDSA Signature | 4628 | MLDSA-87 signature of the Message hashed using SHA2-512 (4627 bytes + 1 Reserved byte). See [Byte order of cryptographic fields](../../runtime/README.md#byte-order-of-cryptographic-fields). |
373
373
374
374
7. On receiving this payload, ROM performs the following validations:
375
375
- Ensures the value in the `Length` field matches the size of the payload.
376
376
- Confirms that the `Debug unlock level` is not zero and does not exceed the value specified in the `SS_NUM_OF_PROD_DEBUG_UNLOCK_AUTH_PK_HASHES` register.
377
377
- Calculates the address of the public key hash fuse as follows: <br>
- Retrieves the SHA2-384 hash (48 bytes) from the calculated address using DMA assist.
380
-
- Computes the SHA2-384 hash of the message formed by concatenating the ECC and MLDSA public keys in the payload.
380
+
- Computes the SHA2-384 hash of the message formed by concatenating the ECC and MLDSA public keys in the payload. See [Production debug unlock public key hashes: byte ordering](#production-debug-unlock-public-key-hashes-byte-ordering) for the exact byte order and fuse programming details.
381
381
- Compares the retrieved and computed hashes. It the comparison fails, the ROM blocks the debug unlock request by setting the registers outlined in step 3.
382
382
- Upon hash comparison failure, the ROM exits the payload validation flow and completes the mailbox command.
383
383
@@ -1296,7 +1296,7 @@ and are also **not** subject to dword reversal.
1296
1296
1297
1297
For a detailed description of byte ordering conventions for all mailbox cryptographic fields
1298
1298
(including ECC, ML-DSA, and SHA digest fields with OpenSSL examples), see the
1299
-
[Byte order of cryptographic fields](../runtime/README.md#byte-order-of-cryptographic-fields)
1299
+
[Byte order of cryptographic fields](../../runtime/README.md#byte-order-of-cryptographic-fields)
1300
1300
section in the Runtime README.
1301
1301
1302
1302
### Computing public key hashes: step-by-step example
| chksum | u32 | Checksum over other input arguments, computed by the caller. Little endian. |
2883
-
| exported_cdi_handle | u8[32]| The Exported CDI handle returned by the DPE `DeriveContext` command. Little endian. |
2884
-
| tbs | u8[48]| The bytes to be signed. Little endian. |
2883
+
| exported_cdi_handle | u8[32]| The exported CDI handle returned by the DPE `DeriveContext` command. Opaque byte array; copy the bytes exactly as returned. |
2884
+
| tbs | u8[48]| The 48-byte SHA-384 digest to be signed. Raw byte array; no byte swapping is required.|
| chksum | u32 | Checksum over other input arguments, computed by the caller. Little endian. |
2907
-
| exported_cdi_handle | u8[32]| The Exported CDI handle returned by the DPE `DeriveContext` command. Little endian. |
2907
+
| exported_cdi_handle | u8[32]| The exported CDI handle returned by the DPE `DeriveContext` command. Opaque byte array; copy the bytes exactly as returned. |
2908
2908
2909
2909
The `exported_cdi` can be created by calling `DeriveContext` with the `export-cdi` and `create-certificate` flags.
0 commit comments