Skip to content

device-identity-provisioning: add keypair discovery and rename to Att…#98

Open
fdamato wants to merge 3 commits into
opencomputeproject:mainfrom
fdamato:fadamato/device_identity_prov_attested_csr_discovery
Open

device-identity-provisioning: add keypair discovery and rename to Att…#98
fdamato wants to merge 3 commits into
opencomputeproject:mainfrom
fdamato:fadamato/device_identity_prov_attested_csr_discovery

Conversation

@fdamato

@fdamato fdamato commented May 27, 2026

Copy link
Copy Markdown
Collaborator

…ested CSR

…ested CSR

Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
Comment thread specifications/device-identity-provisioning/spec.ocp
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
- KeyPairID 0 sentinel: drop version pin, clarify 0 is not a valid KeyPairID
- Make discovery/CSR responses always attested; remove SignerSlotIDParam
  attestation toggle (Bit [4]) and conditional signing language
- Remove standard issuer claim requirement from discovery EAT
- Note KeyPairID values match SPDM; add pointer to CDDL definition
- VENDOR_DEFINED_REQUEST 'of SPDM 1.3 and later'
- kid is SHA-384 of the Attestation Key cert chain (same as SPDM DIGEST)
- diag: update kid comments and extend nonces to 32 bytes

Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
@fdamato fdamato requested review from bhenning10, bluegate010, parvathib and xiaoyuruan and removed request for xiaoyuruan June 11, 2026 02:33
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/spec.ocp Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/cddl/attested-csr-eat.cddl Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
Comment thread specifications/device-identity-provisioning/diag/attested-csr-eat-example.diag Outdated
@fdamato

fdamato commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator Author

Following up on our earlier discussion on attesting components involved in Attested CSR key derivation.

Recap

  • The current OID list does not map 1:1 across all RoTs.
  • This can force vendors to define custom OIDs for valid DICE derivation inputs not covered by OCP.
  • A single fixed bitfield is cheaper, but may be too rigid for vendor-specific needs.

Proposal

Define a CDDL map: OID -> Bitfield.

  1. OCP global OID (required)
    One OCP-defined OID maps to a common high-level bitfield:

    • UDS
    • FIELD_ENTROPY
    • OWNER_PROVISIONED_NON_CONFIDENTIAL_FUSE
    • VENDOR_PROVISIONED_NON_CONFIDENTIAL_FUSE
    • FIRST_MUTABLE_CODE
    • RUNTIME_FIRMWARE
  2. Vendor OIDs (optional)
    Vendors may add their own OIDs with vendor-specific bitfields for additional derivation components.

Why this helps

  • Keeps encoding compact (bitfields).
  • Preserves a mandatory baseline all operators can interpret.
  • Allows extensibility without requiring every vendor to mint OIDs just to participate.

Would this approach work for the team? Happy to hear objections or gaps.

@xiaoyuruan

Copy link
Copy Markdown

I think it's a good idea starting point, Fabrizio.
We can make the global set more comprehensive and cover all common components, so most adopters other than Caliptra would not need to define their own list.

Following up on our earlier discussion on attesting components involved in Attested CSR key derivation.

Recap

  • The current OID list does not map 1:1 across all RoTs.
  • This can force vendors to define custom OIDs for valid DICE derivation inputs not covered by OCP.
  • A single fixed bitfield is cheaper, but may be too rigid for vendor-specific needs.

Proposal

Define a CDDL map: OID -> Bitfield.

  1. OCP global OID (required)
    One OCP-defined OID maps to a common high-level bitfield:

    • UDS
    • FIELD_ENTROPY
    • OWNER_PROVISIONED_NON_CONFIDENTIAL_FUSE
    • VENDOR_PROVISIONED_NON_CONFIDENTIAL_FUSE
    • FIRST_MUTABLE_CODE
    • RUNTIME_FIRMWARE
  2. Vendor OIDs (optional)
    Vendors may add their own OIDs with vendor-specific bitfields for additional derivation components.

Why this helps

  • Keeps encoding compact (bitfields).
  • Preserves a mandatory baseline all operators can interpret.
  • Allows extensibility without requiring every vendor to mint OIDs just to participate.

Would this approach work for the team? Happy to hear objections or gaps.

@fdamato fdamato force-pushed the fadamato/device_identity_prov_attested_csr_discovery branch from 4cebb43 to bd80546 Compare July 1, 2026 21:27
… review fixes

Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
@fdamato fdamato force-pushed the fadamato/device_identity_prov_attested_csr_discovery branch from bd80546 to a5ef301 Compare July 1, 2026 22:51
@fdamato fdamato requested a review from xiaoyuruan July 1, 2026 22:54

@xiaoyuruan xiaoyuruan left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Friday WG reviewed this PR and approved it. Great job Fabrizio!

Comment thread specifications/device-identity-provisioning/spec.ocp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants