Skip to content

Commit

Permalink
Cert tweaks to names and TCB info (#1725)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nquarton
nquarton committed Dec 13, 2024
1 parent 4791682 commit ce66fbc
Show file tree
Hide file tree
Showing 24 changed files with 161 additions and 141 deletions.
4 changes: 2 additions & 2 deletions FROZEN_IMAGES.sha384sum
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# WARNING: Do not update this file without the approval of the Caliptra TAC
91b951fbe655919a1e123b86add18ab604d049f6d2b2bbefac4cd554a4411eaf22247973c47490e243b9a5b1d197feb3 caliptra-rom-no-log.bin
105cda4bbc0f2f0096d058eda9090670da0d90c8e3066cb44027843e9a490db61933b524ca78fe78351a7fd26a124c03 caliptra-rom-with-log.bin
9537318fd30c3e3d341cffab5721ba3242810be85e79ed9dc644c47c062555ef7519fb48857745e7ccb9917ac1fe120a caliptra-rom-no-log.bin
e4e74d2d1c4794b950a548072fc8dc4c9ab64aba7a01ae400e9fe66c64b43f715e72dc430e7318496009ebedd0412bc6 caliptra-rom-with-log.bin
2 changes: 1 addition & 1 deletion fmc/tests/fmc_integration_tests/test_rtalias.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ fn test_fht_info() {
let data = hw.mailbox_execute(TEST_CMD_READ_FHT, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 786);
assert_eq!(fht.fmcalias_tbs_size, 753);
assert_eq!(fht.ldevid_tbs_addr, 0x50003C00);
assert_eq!(fht.fmcalias_tbs_addr, 0x50004000);
assert_eq!(fht.pcr_log_addr, 0x50004800);
Expand Down
52 changes: 29 additions & 23 deletions libcaliptra/examples/generic/idev_csr_array.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,34 @@
// Generated from test/tests/caliptra_integration_tests/smoke_testdata/idev_csr.der

#include <stdint.h>
#define IDEV_CSR_LEN 443
#define IDEV_CSR_LEN 444
uint8_t idev_csr_bytes[IDEV_CSR_LEN] = {
48, 130, 1, 183, 48, 130, 1, 62, 2, 1, 0, 48, 105, 49, 28, 48, 26, 6,
3, 85, 4, 3, 12, 19, 67, 97, 108, 105, 112, 116, 114, 97, 32, 49, 46,
48, 32, 73, 68, 101, 118, 73, 68, 49, 73, 48, 71, 6, 3, 85, 4, 5, 19,
64, 56, 69, 51, 67, 49, 65, 48, 53, 56, 70, 55, 48, 52, 65, 49, 49, 56,
50, 49, 70, 55, 66, 52, 56, 68, 51, 52, 48, 65, 69, 70, 57, 57, 68, 68,
65, 66, 65, 68, 67, 49, 48, 57, 48, 68, 55, 52, 68, 48, 53, 55, 70, 69,
67, 67, 70, 55, 51, 50, 57, 52, 69, 68, 54, 48, 118, 48, 16, 6, 7, 42, 134,
72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 98, 0, 4, 215, 180, 133, 242,
159, 17, 92, 28, 179, 4, 107, 132, 11, 69, 137, 181, 120, 98, 245, 235, 249,
157, 132, 111, 190, 63, 210, 209, 67, 150, 245, 246, 154, 55, 154, 89, 172,
197, 162, 174, 200, 54, 158, 203, 101, 144, 68, 55, 180, 188, 124, 217, 165,
168, 64, 60, 91, 177, 145, 82, 35, 170, 134, 190, 242, 193, 188, 146, 20, 95, 252,
39, 193, 37, 198, 219, 250, 212, 156, 145, 232, 72, 197, 68, 172, 127, 14, 149, 214,
205, 140, 172, 251, 146, 63, 166, 160, 86, 48, 84, 6, 9, 42, 134, 72, 134, 247, 13,
1, 9, 14, 49, 71, 48, 69, 48, 18, 6, 3, 85, 29, 19, 1, 1, 255, 4, 8, 48, 6, 1, 1, 255, 2
, 1, 5, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 2, 4, 48, 31, 6, 6, 103, 129, 5, 5,
4, 4, 4, 21, 48, 19, 4, 17, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 48, 10, 6, 8, 42,
134, 72, 206, 61, 4, 3, 3, 3, 103, 0, 48, 100, 2, 48, 124, 116, 253, 40, 206, 15, 249, 233, 218, 239
,144, 132, 165, 175, 192, 66, 209, 226, 8, 132, 103, 214, 106, 232, 220, 70, 204, 2, 29, 128, 218, 55, 80,
145, 238, 117, 9, 237, 21, 85, 15, 49, 21, 35, 201, 187, 230, 225, 2, 48, 36, 253, 27, 91, 71, 204, 20, 74, 102,
165, 187, 231, 4, 116, 240, 33, 54, 55, 244, 158, 93, 205, 161, 66, 191, 246, 130, 92, 161, 244, 81, 67, 226, 151,
252, 149, 206, 86, 177, 103, 225, 191, 225, 38, 58, 206, 161, 243,
0x30, 0x82, 0x01, 0xb8, 0x30, 0x82, 0x01, 0x3e, 0x02, 0x01, 0x00, 0x30, 0x69, 0x31, 0x1c, 0x30,
0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x43, 0x61, 0x6c, 0x69, 0x70, 0x74, 0x72, 0x61,
0x20, 0x31, 0x2e, 0x78, 0x20, 0x49, 0x44, 0x65, 0x76, 0x49, 0x44, 0x31, 0x49, 0x30, 0x47, 0x06,
0x03, 0x55, 0x04, 0x05, 0x13, 0x40, 0x38, 0x45, 0x33, 0x43, 0x31, 0x41, 0x30, 0x35, 0x38, 0x46,
0x37, 0x30, 0x34, 0x41, 0x31, 0x31, 0x38, 0x32, 0x31, 0x46, 0x37, 0x42, 0x34, 0x38, 0x44, 0x33,
0x34, 0x30, 0x41, 0x45, 0x46, 0x39, 0x39, 0x44, 0x44, 0x41, 0x42, 0x41, 0x44, 0x43, 0x31, 0x30,
0x39, 0x30, 0x44, 0x37, 0x34, 0x44, 0x30, 0x35, 0x37, 0x46, 0x45, 0x43, 0x43, 0x46, 0x37, 0x33,
0x32, 0x39, 0x34, 0x45, 0x44, 0x36, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xd7, 0xb4,
0x85, 0xf2, 0x9f, 0x11, 0x5c, 0x1c, 0xb3, 0x04, 0x6b, 0x84, 0x0b, 0x45, 0x89, 0xb5, 0x78, 0x62,
0xf5, 0xeb, 0xf9, 0x9d, 0x84, 0x6f, 0xbe, 0x3f, 0xd2, 0xd1, 0x43, 0x96, 0xf5, 0xf6, 0x9a, 0x37,
0x9a, 0x59, 0xac, 0xc5, 0xa2, 0xae, 0xc8, 0x36, 0x9e, 0xcb, 0x65, 0x90, 0x44, 0x37, 0xb4, 0xbc,
0x7c, 0xd9, 0xa5, 0xa8, 0x40, 0x3c, 0x5b, 0xb1, 0x91, 0x52, 0x23, 0xaa, 0x86, 0xbe, 0xf2, 0xc1,
0xbc, 0x92, 0x14, 0x5f, 0xfc, 0x27, 0xc1, 0x25, 0xc6, 0xdb, 0xfa, 0xd4, 0x9c, 0x91, 0xe8, 0x48,
0xc5, 0x44, 0xac, 0x7f, 0x0e, 0x95, 0xd6, 0xcd, 0x8c, 0xac, 0xfb, 0x92, 0x3f, 0xa6, 0xa0, 0x56,
0x30, 0x54, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e, 0x31, 0x47, 0x30,
0x45, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01,
0x01, 0xff, 0x02, 0x01, 0x05, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x1f, 0x06, 0x06, 0x67, 0x81, 0x05, 0x05, 0x04, 0x04, 0x04,
0x15, 0x30, 0x13, 0x04, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
0x03, 0x03, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xed, 0x8e, 0x44, 0x4e, 0x3c, 0x7f,
0x6f, 0x96, 0x4a, 0x5d, 0xcb, 0xe1, 0xea, 0x08, 0xa0, 0x57, 0xf5, 0xd7, 0xb5, 0x6d, 0xce, 0x72,
0x9e, 0xb8, 0x8c, 0x88, 0x38, 0xf6, 0x50, 0x35, 0x90, 0xbd, 0x6b, 0x59, 0xdb, 0x29, 0x52, 0x13,
0x2e, 0xfc, 0xa8, 0xb6, 0x8d, 0x8a, 0x33, 0xd3, 0x2a, 0xcf, 0x02, 0x30, 0x6d, 0x40, 0x6a, 0x1f,
0x7c, 0x9e, 0x74, 0x8f, 0x28, 0xdc, 0x14, 0x73, 0xe0, 0x96, 0x92, 0xd8, 0x74, 0xfa, 0x30, 0x58,
0x04, 0x54, 0x84, 0x77, 0xe9, 0x52, 0x3a, 0x0d, 0x63, 0xfa, 0xf3, 0x1a, 0x68, 0xc3, 0x88, 0x07,
0x50, 0xa7, 0x5d, 0x6f, 0xf7, 0xa9, 0xda, 0x98, 0xf7, 0x8c, 0x48, 0x2a,
};
11 changes: 7 additions & 4 deletions rom/dev/build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,13 @@ fn main() {
use x509_parser::signature_value::EcdsaSigValue;

let ws_dir = workspace_dir();
let ldev_file = std::fs::read(
ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der"),
)
.unwrap();
let ldev_file_path =
ws_dir.join("test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der");
println!(
"cargo:rerun-if-changed={}",
ldev_file_path.to_str().unwrap()
);
let ldev_file = std::fs::read(ldev_file_path).unwrap();

let mut parser = X509CertificateParser::new();
let (_, cert) = parser.parse(&ldev_file).unwrap();
Expand Down
2 changes: 1 addition & 1 deletion rom/dev/src/flow/cold_reset/fmc_alias.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,6 @@ impl FmcAliasLayer {
flags |= dice::FLAG_BIT_DEBUG;
}

flags.to_be_bytes()
flags.reverse_bits().to_be_bytes()
}
}
2 changes: 1 addition & 1 deletion rom/dev/tests/rom_integration_tests/test_fmcalias_derivation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -742,7 +742,7 @@ fn test_fht_info() {
let data = hw.mailbox_execute(0x1000_0003, &[]).unwrap().unwrap();
let fht = FirmwareHandoffTable::read_from_prefix(data.as_bytes()).unwrap();
assert_eq!(fht.ldevid_tbs_size, 552);
assert_eq!(fht.fmcalias_tbs_size, 786);
assert_eq!(fht.fmcalias_tbs_size, 753);
assert_eq!(fht.ldevid_tbs_addr, LDEVID_TBS_ORG);
assert_eq!(fht.fmcalias_tbs_addr, FMCALIAS_TBS_ORG);
assert_eq!(fht.pcr_log_addr, PCR_LOG_ORG);
Expand Down
2 changes: 1 addition & 1 deletion runtime/src/dpe_platform.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ impl Platform for DpePlatform<'_> {
&mut self,
out: &mut [u8; MAX_ISSUER_NAME_SIZE],
) -> Result<usize, PlatformError> {
const CALIPTRA_CN: &[u8] = b"Caliptra 1.0 Rt Alias";
const CALIPTRA_CN: &[u8] = b"Caliptra 1.x Rt Alias";
let mut issuer_writer = CertWriter::new(out, true);

// Caliptra RDN SerialNumber field is always a Sha256 hash
Expand Down
5 changes: 4 additions & 1 deletion test/src/x509.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,10 @@ impl DiceTcbInfo {
})
.transpose()?
.unwrap_or_default(),
flags: d.read_optional_implicit_element(7)?,
flags: d
.read_optional_implicit_element::<asn1::BitString>(7)?
.and_then(|b| b.as_bytes().try_into().ok())
.map(u32::from_be_bytes),
vendor_info: d
.read_optional_implicit_element::<&[u8]>(8)?
.map(|s| s.to_vec()),
Expand Down
26 changes: 13 additions & 13 deletions test/tests/caliptra_integration_tests/smoke_test.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@ fn retrieve_csr_test() {
let csr_txt = String::from_utf8(csr.to_text().unwrap()).unwrap();

// To update the CSR testdata:
// std::fs::write("tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap();
// std::fs::write("tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt", &csr_txt).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der", &csr_der).unwrap();

println!("csr: {}", csr_txt);

Expand Down Expand Up @@ -214,8 +214,8 @@ fn smoke_test() {
let ldev_cert_txt = String::from_utf8(ldev_cert.to_text().unwrap()).unwrap();

// To update the ldev cert testdata:
// std::fs::write("tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap();
// std::fs::write("tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt", &ldev_cert_txt).unwrap();
// std::fs::write("tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der", ldev_cert_der).unwrap();

assert_eq!(
ldev_cert_txt.as_str(),
Expand Down Expand Up @@ -277,22 +277,22 @@ fn smoke_test() {
dice_tcb_info,
[
DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("Device".into()),
vendor: None,
model: None,
// This is from the SVN in the fuses (7 bits set)
svn: Some(0x107),
fwids: vec![DiceFwid {
hash_alg: asn1::oid!(2, 16, 840, 1, 101, 3, 4, 2, 2),
digest: device_info_hash.to_vec(),
},],

flags: Some(0x80000000),
flags: Some(0x00000001),
ty: Some(b"DEVICE_INFO".to_vec()),
..Default::default()
},
DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("FMC".into()),
vendor: None,
model: None,
// This is from the SVN in the image (9)
svn: Some(0x109),
fwids: vec![DiceFwid {
Expand Down Expand Up @@ -458,8 +458,8 @@ fn smoke_test() {
assert_eq!(
rt_dice_tcb_info,
Some(DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("RT".into()),
vendor: None,
model: None,
svn: Some(0x100),
fwids: vec![DiceFwid {
// RT
Expand Down Expand Up @@ -608,8 +608,8 @@ fn smoke_test() {
assert_eq!(
rt_dice_tcb_info2,
Some(DiceTcbInfo {
vendor: Some("Caliptra".into()),
model: Some("RT".into()),
vendor: None,
model: None,
svn: Some(0x100),
fwids: vec![DiceFwid {
// FMC
Expand Down
Binary file modified test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.der
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions test/tests/caliptra_integration_tests/smoke_testdata/fmc_alias_cert_redacted.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Issuer: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -30,7 +30,7 @@ Certificate:
2.23.133.5.4.4:
0....................
2.23.133.5.4.5:
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
X509v3 Subject Key Identifier:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
X509v3 Authority Key Identifier:
Expand Down
Binary file modified test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.der
View file
Binary file not shown.
14 changes: 7 additions & 7 deletions test/tests/caliptra_integration_tests/smoke_testdata/idevid_csr.txt
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Subject: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -25,9 +25,9 @@ Certificate Request:
0....................
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:64:02:30:7c:74:fd:28:ce:0f:f9:e9:da:ef:90:84:a5:af:
c0:42:d1:e2:08:84:67:d6:6a:e8:dc:46:cc:02:1d:80:da:37:
50:91:ee:75:09:ed:15:55:0f:31:15:23:c9:bb:e6:e1:02:30:
24:fd:1b:5b:47:cc:14:4a:66:a5:bb:e7:04:74:f0:21:36:37:
f4:9e:5d:cd:a1:42:bf:f6:82:5c:a1:f4:51:43:e2:97:fc:95:
ce:56:b1:67:e1:bf:e1:26:3a:ce:a1:f3
30:65:02:31:00:ed:8e:44:4e:3c:7f:6f:96:4a:5d:cb:e1:ea:
08:a0:57:f5:d7:b5:6d:ce:72:9e:b8:8c:88:38:f6:50:35:90:
bd:6b:59:db:29:52:13:2e:fc:a8:b6:8d:8a:33:d3:2a:cf:02:
30:6d:40:6a:1f:7c:9e:74:8f:28:dc:14:73:e0:96:92:d8:74:
fa:30:58:04:54:84:77:e9:52:3a:0d:63:fa:f3:1a:68:c3:88:
07:50:a7:5d:6f:f7:a9:da:98:f7:8c:48:2a
Binary file modified test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.der
View file
Binary file not shown.
16 changes: 8 additions & 8 deletions test/tests/caliptra_integration_tests/smoke_testdata/ldevid_cert.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
25:ee:ef:9a:4c:61:d4:b9:e3:d9:4b:ea:46:f9:a1:2a:c6:88:7c:e2
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Issuer: CN=Caliptra 1.x IDevID/serialNumber=8E3C1A058F704A11821F7B48D340AEF99DDABADC1090D74D057FECCF73294ED6
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Subject: CN=Caliptra 1.x LDevID/serialNumber=21EEEF9A4C61D4B9E3D94BEA46F9A12AC6887CE2188559F40FF95777E8014889
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -35,9 +35,9 @@ Certificate:
42:4F:3A:C7:45:DD:BD:50:15:05:7F:5B:F8:3E:9C:D6:48:10:B0:41
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:66:02:31:00:9b:0e:19:91:81:f6:90:a7:43:34:60:d8:1d:
69:c4:a5:63:52:a3:c8:93:cf:4c:11:be:e1:a1:8d:47:a6:b5:
63:78:42:3f:8a:85:f2:34:b4:ab:5a:18:01:f6:e7:ff:92:02:
31:00:e1:21:cf:21:fe:44:09:81:95:01:fd:29:ad:f5:29:a9:
01:6a:2e:a3:15:bf:65:ab:2a:e5:82:7c:ef:f1:b8:59:bd:7e:
60:cf:15:c7:2a:64:ea:cf:2b:7b:9b:ff:42:d3
30:65:02:30:27:24:23:0f:77:0a:b4:a9:95:dc:a1:96:e0:cd:
5d:f9:29:08:eb:80:7d:74:55:05:7a:22:b9:62:08:96:a2:7a:
08:21:3d:8a:c6:1f:3c:71:e0:8d:48:83:ab:9c:64:1a:02:31:
00:ad:8a:98:ea:e7:33:13:bb:02:b6:12:fa:24:ef:ae:f4:5b:
73:57:97:37:82:56:a8:e9:c8:b6:87:d9:2d:7d:43:bc:be:cd:
82:d3:0f:85:5a:15:56:8e:a2:08:f9:ec:ce
Binary file modified test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.der
View file
Binary file not shown.
6 changes: 3 additions & 3 deletions test/tests/caliptra_integration_tests/smoke_testdata/rt_alias_cert_redacted.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@ Certificate:
Serial Number:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
Signature Algorithm: ecdsa-with-SHA384
Issuer: CN=Caliptra 1.0 FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Issuer: CN=Caliptra 1.x FMC Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Validity
Not Before: Jan 1 00:00:00 2023 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=Caliptra 1.0 Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject: CN=Caliptra 1.x Rt Alias/serialNumber=DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
Expand All @@ -30,7 +30,7 @@ Certificate:
2.23.133.5.4.4:
0....................
2.23.133.5.4.1:
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
X509v3 Subject Key Identifier:
44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44:44
X509v3 Authority Key Identifier:
Expand Down
8 changes: 4 additions & 4 deletions x509/build/build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ fn gen_init_devid_csr(out_dir: &str) {
.add_basic_constraints_ext(true, 5)
.add_key_usage_ext(usage)
.add_ueid_ext(&[0xFF; 17]);
let template = bldr.tbs_template("Caliptra 1.0 IDevID");
let template = bldr.tbs_template("Caliptra 1.x IDevID");
CodeGen::gen_code("InitDevIdCsrTbs", template, out_dir);
}

Expand All @@ -67,7 +67,7 @@ fn gen_local_devid_cert(out_dir: &str) {
.add_basic_constraints_ext(true, 4)
.add_key_usage_ext(usage)
.add_ueid_ext(&[0xFF; 17]);
let template = bldr.tbs_template("Caliptra 1.0 LDevID", "Caliptra 1.0 IDevID");
let template = bldr.tbs_template("Caliptra 1.x LDevID", "Caliptra 1.x IDevID");
CodeGen::gen_code("LocalDevIdCertTbs", template, out_dir);
}

Expand Down Expand Up @@ -98,7 +98,7 @@ fn gen_fmc_alias_cert(out_dir: &str) {
},
}],
);
let template = bldr.tbs_template("Caliptra 1.0 FMC Alias", "Caliptra 1.0 LDevID");
let template = bldr.tbs_template("Caliptra 1.x FMC Alias", "Caliptra 1.x LDevID");
CodeGen::gen_code("FmcAliasCertTbs", template, out_dir);
}

Expand All @@ -122,6 +122,6 @@ fn gen_rt_alias_cert(out_dir: &str) {
digest: &[0xCD; 48],
},
}]);
let template = bldr.tbs_template("Caliptra 1.0 Rt Alias", "Caliptra 1.0 FMC Alias");
let template = bldr.tbs_template("Caliptra 1.x Rt Alias", "Caliptra 1.x FMC Alias");
CodeGen::gen_code("RtAliasCertTbs", template, out_dir);
}
4 changes: 3 additions & 1 deletion x509/build/cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,11 @@ impl<Algo: SigningAlgorithm> CertTemplateBuilder<Algo> {
device_fwids: &[FwidParam],
fmc_fwids: &[FwidParam],
) -> Self {
// This method of finding the offsets is fragile. Especially for the 1 byte values.
// These may need to be updated to stay unique when the cert template is updated.
let flags: u32 = 0xC0C1C2C3;
let svn: u8 = 0xC4;
let svn_fuses: u8 = 0xC5;
let svn_fuses: u8 = 0xC6;

self.exts
.push(x509::make_fmc_dice_tcb_info_ext(
Expand Down
Loading

0 comments on commit ce66fbc

Please sign in to comment.