add TL entries for Open-DICE #41
Conversation
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
| * - tag_id | ||
| - 0x3 | ||
| - 0x0 | ||
| - The tag_id field must be set to **0x200**. |
There was a problem hiding this comment.
I'd like to request @manish-pandey-arm to confirm these tag_ids are the best suited, or whether we should use lower values.
There was a problem hiding this comment.
I'd say it's too greedy to start a new block of 256. I think TF-A can live with 2 blocks of 16 for now, so we could start this range at 0x120. What do others think?
There was a problem hiding this comment.
Going back to #38 , i can't see the reasoning why this tag was moved from generic range to 0x200 ? It is a good candidate to stay in generic range.
As mentioned by Dan, i don't think TF-A going to consume more than 32 entries, so 0x120 should be a safe value (if we decide to keep in non-generic range)
There was a problem hiding this comment.
Both options work for me:
- Starting at 0x120
- Using the generic range, in which case 8, 9 and 10 are the lowest three that are available - 7 is already taken by the heap carve-outs Add Mbed-TLS crypto heap info entry #45
Let me know what is your preference.
There was a problem hiding this comment.
@danh-arm @manish-pandey-arm @jmarinho @apalos
I believe I have addressed all the outstanding comments except for this one.
There was a problem hiding this comment.
I would prefer it to be in generic range starting at 0x7 as Mbed-TLS heap has now been moved to TF-A range (0x105) https://github.com/FirmwareHandoff/firmware_handoff/pull/45/files
| * - tag_id | ||
| - 0x3 | ||
| - 0x0 | ||
| - The tag_id field must be set to **0x200**. |
There was a problem hiding this comment.
I'd say it's too greedy to start a new block of 256. I think TF-A can live with 2 blocks of 16 for now, so we could start this range at 0x120. What do others think?
source/transfer_list.rst
Outdated
| This entry type holds one certificate of the Open DICE certificate chain. | ||
|
|
||
| No specific certificate format is mandated. | ||
| Examples of certificate formats include X.509, CWT, and C509. |
There was a problem hiding this comment.
Please spell out CWT (or just remove if you agree with my previous point). References would be nice too.
There was a problem hiding this comment.
I will expand CWT and add a reference.
source/transfer_list.rst
Outdated
|
|
||
| This entry type holds one certificate of the Open DICE certificate chain. | ||
|
|
||
| No specific certificate format is mandated. |
There was a problem hiding this comment.
... but the format must be self-describing. Actually the Open DICE spec mandates either x509 or CWT. Wouldn't it be best to just refer to that section of the spec instead of re-specifying here?
There was a problem hiding this comment.
I'll add a ref to the relevant section in the Open DICE spec.
source/transfer_list.rst
Outdated
| This entry type holds the "Attestation CDI" described in [Open-DICE]_. | ||
|
|
||
| The CDI computed by the Sender's boot stage SHALL be added to the TL. | ||
| The CDI received from the previous boot stage (i.e., DICE layer) MUST NOT be forwarded. |
There was a problem hiding this comment.
I think we need a comment here about what the receiver should do with the profile_id, e.g. use this to generate a CDI that is compatible with the previous layer's CDI as per the Android OpenDICE spec.
There was a problem hiding this comment.
I think we need a comment here about what the receiver should do with the profile_id, e.g. use this to generate a CDI that is compatible with the previous layer's CDI as per the Android OpenDICE spec.
What is the behaviour in case
source/transfer_list.rst
Outdated
| This entry type holds the "Sealing CDI" described in [Open-DICE]_. | ||
|
|
||
| The CDI computed by the Sender's boot stage SHALL be added to the TL. | ||
| The CDI received from the previous boot stage (i.e., DICE layer) MUST NOT be forwarded. |
There was a problem hiding this comment.
Ditto a comment about the profile_id would be good. Or you could put this in the "Profile Identifiers" section.
There was a problem hiding this comment.
OK, I'll add it here so that all requirements are kept together.
source/transfer_list.rst
Outdated
| * - profile_id | ||
| - 0x4 | ||
| - 0x8 | ||
| - the Open DICE profile identifier (See :numref:`opendice_profile_id` for the allowed values) |
There was a problem hiding this comment.
In the rendered version, this says 2.7.9 but the section is a 4th level heading without numbering. Maybe change the ref to the section name instead?
There was a problem hiding this comment.
If I make html the reference is generated correctly.
For the avoidance of doubt, I will change this into a reference to the table itself.
source/transfer_list.rst
Outdated
| * - profile_id | ||
| - 0x4 | ||
| - 0x8 | ||
| - the Open DICE profile identifier (See :numref:`opendice_profile_id` for the allowed values) |
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
| Entries related to Open DICE | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| These entries contain [Open-DICE]_ information elements that must be transferred between boot stages in a DICE architecture where a DICE Protection Environment (DPE) is not used. |
There was a problem hiding this comment.
It is good that you have expanded the acronyms but can you do the same for DICE, please!
|
|
||
| These entries contain [Open-DICE]_ information elements that must be transferred between boot stages in a DICE architecture where a DICE Protection Environment (DPE) is not used. | ||
|
|
||
| This includes the Compound Device Identifier (CDI) used for attestation and the CDI used for sealing, as well as the accumulated certificate chain. |
There was a problem hiding this comment.
I think it is better to wrap to at most 80cols
source/transfer_list.rst
Outdated
| This entry type holds the "Sealing CDI" described in [Open-DICE]_. | ||
|
|
||
| The CDI computed by the Sender's boot stage SHALL be added to the TL. | ||
| The CDI received from the previous boot stage (i.e., DICE layer) MUST NOT be forwarded. |
source/transfer_list.rst
Outdated
| This entry type holds one certificate of the Open DICE certificate chain. | ||
|
|
||
| No specific certificate format is mandated. | ||
| Examples of certificate formats include X.509, CWT, and C509. |
There was a problem hiding this comment.
How do you know which format is being used? Why not select one format?
| * - tag_id | ||
| - 0x3 | ||
| - 0x0 | ||
| - The tag_id field must be set to **0x200**. |
| * - tag_id | ||
| - 0x3 | ||
| - 0x0 | ||
| - The tag_id field must be set to **0x200**. |
|
|
||
| This entry type holds the "Attestation CDI" described in [Open-DICE]_. | ||
|
|
||
| The CDI computed by the Sender's boot stage SHALL be added to the TL. |
There was a problem hiding this comment.
This use of SHALL, MUST and MUST NOT seems new for this spec.
I suggest using lower case, since people will either read it or they won't. Capitals don't help with that.
If we say 'must' or 'should' then I think it is important to say why, e.g. because otherwise xxx will happen
| * - cert | ||
| - data_size - 0x4 | ||
| - 0xc | ||
| - Holds the certificate for the next layer, produced by the current layer |
There was a problem hiding this comment.
'certifcate' is vague...what format are these in? Please add enough detail so that people know how to create the info
This PR is a rework of #38 which: