当前位置:首页 > 报告详情

设备所有权转移和无安全存储设备的加密绑定.pdf

上传人: 明**** 编号:1011969 2025-12-21 15页 984.33KB

1、James Zhang(NVIDIA)Chris Hillier(NVIDIA)Device Ownership Transfer and Cryptographic Binding for Device without Secure StorageDevice Ownership Transfer and Cryptographic Binding for Devices without Secure StorageJames Zhang(NVIDIA)Chris Hillier(NVIDIA)SecurityAbility for owner of the system to assert

2、 ownership through code signingAbility for ownership to be transferred without cumbersome process and handshakeOCP Device Ownership Transfer defines the general Archetypes,State Transition and Protocol for Device Ownership TransferVolatile Ownership TransferMutable Locking Ownership TransferRefresh-

3、What is Device Ownership Transfer?NVIDIA DOT architecture last presented at OCP Global Summit 2023Every NVIDIA Grace has shipped with DOT Volatile and Mutable LockingDespite success1there is always room for improvement and iterationTodays presentation focused on one problem spaceSupporting Mutable L

4、ocking DOT with devices that do not have non-volatile secure storageBrief Update Device Ownership Transfer1Definition of success Updated-Ownership Transfer State TransitionsMutable Locking requires non-volatile secure storage to keep ownership informationOptionsOTP FUSE not scalable,FUSE is very lim

5、itedIn-Silicon Non-OTP NVM not available for advanced nodesIn-Package NVM has complications,costWhat alternative options do we have?Problem Storage of Mutable Locked StateLimited/reasonable amount of OTP FUSE usageCan be used with flash-based boot or streaming bootCryptographic binding to establish

6、trustAdopted by Caliptra 2.1(Subsystem)Solution-Cryptographic BindingDevice starts uninitialized with no DOT BlobState TransitionTransit state to Locked(take ownership)DOT STATE FUSE burns 1 bitDOT Blob generated State TransitionDOT Blob GeneratedFUSE BurnDOT Blob authenticated d

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **NVIDIA Device Ownership Transfer (DOT) 架构**:NVIDIA的DOT架构允许系统所有者通过代码签名来声明所有权,并支持所有权的转移,无需繁琐的过程和握手。 - **DOT 架构特点**:包括Volatile Ownership Transfer和Mutable Locking Ownership Transfer。 - **DOT 应用**:NVIDIA Grace系列芯片已集成DOT,支持Volatile和Mutable Locking。 - **存储挑战**:Mutable Locking需要非易失性安全存储来保存所有权信息。 - **解决方案**:采用加密绑定技术,使用OTP FUSE作为存储,尽管有限,但可用于建立信任。 - **DOT Blob**:DOT Blob在设备启动时进行验证,以建立所有者的CAK(认证密钥)。 - **状态转换**:通过DOT STATE FUSE的位烧录来管理所有权状态转换。 - **安全性**:使用唯一设备密钥确保DOT Blob在不同设备上不被重复使用。 - **未来计划**:推动OCP DOT规范达到v1.0版本,并集成到Caliptra 2.1子系统和其他OCP规范中。
如何实现设备所有权转移?" 如何实现DOT的加密绑定?" 加密绑定如何助力设备管理?"
客服
商务合作
小程序
服务号
折叠