Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feasibility of granting ROM access to LDevID CDI after update-reset #668

Open
bluegate010 opened this issue Dec 18, 2024 · 0 comments
Open

Feasibility of granting ROM access to LDevID CDI after update-reset #668

bluegate010 opened this issue Dec 18, 2024 · 0 comments
Labels
2.0 feature request

Comments

@bluegate010
Copy link

In 1.x we prevent ROM from ever having access to the LDevID CDI again after cold-boot. We make this work for DICE by allowing ROM to access AliasFMC CDI upon update-reset, and enforcing that FMC cannot change across update-resets.

This is causing some issues with Stable Identity, where ideally ROM would have access to a stable secret on update-reset that it can use to derive stable keys for new FW. Without this feature we can still derive stable keys, but those keys will be based on the minimum SVN that has run since cold-boot, not the currently-running SVN. Update-resets that rev the SVN from X to X+1 will not yield new keys for the new firmware; a cold-reset would be required.

So: is it still advised that we cannot safely latch away a stable secret such that it becomes available again upon update-reset? Or could we alter ROM to preserve LDevID CDI?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.0 feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bluegate010