当前位置:首页 > 报告详情

卡利普特拉的密码学.pdf

上传人: 明**** 编号:1011800 2025-12-21 20页 1,011.72KB

1、Christopher Swenson(Microsoft)Jeff Andersen(Google)Mojtaba Bisheh-Niasar(Microsoft)Cryptography in CaliptraCryptography in CaliptraChristopher Swenson(Microsoft)Jeff Andersen(Google)Mojtaba Bisheh-Niasar(Microsoft)SecurityIROT:DICE,DPEROTM:MeasurementsACROT:secure boot and updatesCryptographic servi

2、cesPost-quantumOutlineCaliptas identity is derived from two components:Unique Device Secret(UDS)384 bits in Caliptra 1.x(512 bits in Caliptra 2.x)Random number burned into fuses at manufacturing timeField Entropy(FE)o256 bits burned into fusesoBurned into fuses after manufacturingIdentityAdditional

3、secrets and keys are derived from UDS and FE to form layered identities confirming with Device Identity Composition Engine(DICE)Derivations use HMAC and HMAC-based counter KDF(NIST SP 800-108)UDS Initial Device Identity(IDevID)(fixed at manufacturing time)IDevID+FE Local Device Identity(LDevID)(prov

4、isioned later)LDevID FMC AliasFMC Alias RT AliasRT Alias DPE contextsDICEDICE forms identity in layersIDevID key endorses LDevID certificateLDevID key endorses FMC alias certificateFMC alias key endorse RT alias certificateRT alias key endorses additional identities using DICE Protection Environment

5、(DPE)In 2.x,separate cert chains are generated for ECDSA(P384)and MLDSA87DICE CertificatesDICE DerivationsCaliptra authorizes firmware of other components and stashes the hashes of that firmware as measurementsCaliptra 2.x can also directly measure and load firmware of other components using the Man

6、ufacturing Control Unit(MCU)32 Platform Configuration Registers(PCRs)hold the results of measurementsEach PCR is 384 bitsPCR_QUOTE mailbox command gets PCRs(signed by FMC alias key)MeasurementsPCRsPCR numberTypeExtend controlDescriptionPCR0CurrentROMHolds Caliptras FMC measurement and ROM policy con

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
明日何其多
明**...

该用户很懒,什么也没介绍

客服
商务合作
小程序
服务号
折叠