Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pa] update to support Earlgrey A1 provisioning flow #4

Open
4 of 6 tasks
timothytrippel opened this issue Aug 13, 2024 · 0 comments
Open
4 of 6 tasks

[pa] update to support Earlgrey A1 provisioning flow #4

timothytrippel opened this issue Aug 13, 2024 · 0 comments
Assignees
@moidx
Labels
enhancement New feature or request

Comments

@timothytrippel
Copy link
Collaborator

timothytrippel commented Aug 13, 2024
edited
Loading

The PA proto (and thus the SPM proto) and service implementations should be updated to support the Earlgrey A1 provisioning flow include (at a minimum):

  • generating test unlock, test exit, and RMA unlock tokens / token hashes and wafer auth secrets
    • Add DeriveSymmetricKey RPC function stub to PA (this can be used to generate a raw token or the hashed form)
    • Implement and unit test the above
  • endorsing certificates
    • Add EndorseCerts RPC function stub to PA
    • Implement and unit test the above
@timothytrippel timothytrippel added the enhancement New feature or request label Aug 13, 2024
@timothytrippel timothytrippel self-assigned this Aug 13, 2024
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 20, 2024
@timothytrippel
[pa] add protos / stub for GenLcToken RPC
df57de3 
This adds protos and a function stub for the `GenLcToken` RPC call
which the PA must implement to support OpenTitan A1 provisioning flows.

This RPC function will generate test unlock/exit LC tokens and RMA
tokens to inject into an OpenTitan device during provisioning.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel mentioned this issue Sep 20, 2024
Merged
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 23, 2024
@timothytrippel
[pa] add protos / stub for GenLcToken RPC
39a7fd9 
This adds protos and a function stub for the `GenLcToken` RPC call
which the PA must implement to support OpenTitan A1 provisioning flows.

This RPC function will generate test unlock/exit LC tokens and RMA
tokens to inject into an OpenTitan device during provisioning.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 23, 2024
@timothytrippel
[pa] add protos / stub for GenWaferAuthSecret RPC
c2c9e19 
This adds protos and a function stub for the `GenWaferAuthSecret` RPC
which the PA must implement to support OpenTitan A1 provisioning flows.

This RPC function will generate a 256-bit wafer authentication secret
that will be injected into an OpenTitan device during CP provisioning.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 26, 2024
@timothytrippel
[pa] add protos / stub for DeriveSymmetricKey RPC
fa0c8f5 
This adds protos and a function stub for the `DeriveSymmetricKey` RPC call
which the PA must implement to support OpenTitan A1 provisioning flows.
This RPC will support:
- OpenTitan lifecycle token generation (in raw and hashed form)
- OpenTitan wafer authentication secret generation.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 27, 2024
@timothytrippel
[pa] add protos / stub for DeriveSymmetricKey RPC
18a799c 
This adds protos and a function stub for the `DeriveSymmetricKey` RPC call
which the PA must implement to support OpenTitan A1 provisioning flows.
This RPC will support:
- OpenTitan lifecycle token generation (in raw and hashed form)
- OpenTitan wafer authentication secret generation.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit that referenced this issue Sep 27, 2024
@timothytrippel
[pa] add protos / stub for DeriveSymmetricKey RPC
0536d38 
This adds protos and a function stub for the `DeriveSymmetricKey` RPC call
which the PA must implement to support OpenTitan A1 provisioning flows.
This RPC will support:
- OpenTitan lifecycle token generation (in raw and hashed form)
- OpenTitan wafer authentication secret generation.

This partially addresses #4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Sep 29, 2024
@timothytrippel
[spmutil] add KDF seed loading subcommands
7a75c62 
This adds KDF seed loading subcommands to support the KDF operations
that will be used to generate OpenTitan Earlgrey LC tokens and Wafer
Auth Secrets during provisioning.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel mentioned this issue Sep 29, 2024
Merged
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Oct 1, 2024
@timothytrippel
[spmutil] add KDF seed loading subcommands
6eb099f 
This adds KDF seed loading subcommands to support the KDF operations
that will be used to generate OpenTitan Earlgrey LC tokens and Wafer
Auth Secrets during provisioning.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit that referenced this issue Oct 1, 2024
@timothytrippel
[spmutil] add KDF seed loading subcommands
4a58569 
This adds KDF seed loading subcommands to support the KDF operations
that will be used to generate OpenTitan Earlgrey LC tokens and Wafer
Auth Secrets during provisioning.

This partially addresses #4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Oct 7, 2024
@timothytrippel
[se] add function to generate symmetric keys
8ff3569 
This adds a wrapper function to the Secure Element (SE) interface to
derive symmetric keys from pre-loaded secret seeds on the SE. This
function will back the DerriveSymmetricKey RPC available from the
ProvisioningAppliance. This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel mentioned this issue Oct 7, 2024
Merged
timothytrippel added a commit that referenced this issue Oct 8, 2024
@timothytrippel
[se] add function to generate symmetric keys
77f0408 
This adds a wrapper function to the Secure Element (SE) interface to
derive symmetric keys from pre-loaded secret seeds on the SE. This
function will back the DerriveSymmetricKey RPC available from the
ProvisioningAppliance. This partially addresses #4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Oct 8, 2024
@timothytrippel
[pa,spm] implement DeriveSymmetricKey RPC
9956b66 
This updates the PA and SPM to implement the `DeriveSymmetricKey` key
RPC function. This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel mentioned this issue Oct 8, 2024
Closed
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Oct 8, 2024
@timothytrippel
[pa,spm] implement DeriveSymmetricKey RPC
319e4a4 
This updates the PA and SPM to implement the `DeriveSymmetricKey` key
RPC function. This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit to timothytrippel/opentitan-provisioning that referenced this issue Oct 8, 2024
@timothytrippel
[spm] add ability to generate hashed OT LC tokens
545261a 
This updates the SPM to enable generating cSHAKE128 hashed OpenTitan
lifecycle tokens using the DeriveSymmetricKeys RPC function.

This partially addresses lowRISC#4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit that referenced this issue Oct 8, 2024
@timothytrippel
[pa,spm] implement DeriveSymmetricKey RPC
0490034 
This updates the PA and SPM to implement the `DeriveSymmetricKey` key
RPC function. This partially addresses #4.

Signed-off-by: Tim Trippel <[email protected]>
timothytrippel added a commit that referenced this issue Oct 8, 2024
@timothytrippel
[spm] add ability to generate hashed OT LC tokens
892487b 
This updates the SPM to enable generating cSHAKE128 hashed OpenTitan
lifecycle tokens using the DeriveSymmetricKeys RPC function.

This partially addresses #4.

Signed-off-by: Tim Trippel <[email protected]>
@timothytrippel timothytrippel changed the title [pa] update proto to support Earlgrey A1 provisioning flow [pa] update to support Earlgrey A1 provisioning flow Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moidx moidx

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moidx @timothytrippel