device-identity-provisioning: add keypair discovery and rename to Att…#98
Conversation
…ested CSR Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
- KeyPairID 0 sentinel: drop version pin, clarify 0 is not a valid KeyPairID - Make discovery/CSR responses always attested; remove SignerSlotIDParam attestation toggle (Bit [4]) and conditional signing language - Remove standard issuer claim requirement from discovery EAT - Note KeyPairID values match SPDM; add pointer to CDDL definition - VENDOR_DEFINED_REQUEST 'of SPDM 1.3 and later' - kid is SHA-384 of the Attestation Key cert chain (same as SPDM DIGEST) - diag: update kid comments and extend nonces to 32 bytes Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
|
Following up on our earlier discussion on attesting components involved in Attested CSR key derivation. Recap
ProposalDefine a CDDL map: OID -> Bitfield.
Why this helps
Would this approach work for the team? Happy to hear objections or gaps. |
|
I think it's a good idea starting point, Fabrizio.
|
4cebb43 to
bd80546
Compare
… review fixes Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
bd80546 to
a5ef301
Compare
xiaoyuruan
left a comment
There was a problem hiding this comment.
The Friday WG reviewed this PR and approved it. Great job Fabrizio!
…ested CSR