External Mailbox (MCI Mailbox) Commands Spec

Overview

This document outlines the external mailbox commands that enable SoC agents to interact with the MCU via MCI mailbox. These commands support a wide range of functionalities, including querying device-specific information, retrieving debug and attestation logs, managing certificates, utilizing cryptographic services and secure debugging in production environment.

  • Device Identification and Capabilities

    • Retrieve firmware versions, unique device identifiers, and device capabilities to ensure compatibility and proper configuration.
    • Query device-specific information such as chip identifiers or subsystem details.
  • Debugging and Diagnostics

    • Retrieve debug logs to analyze device behavior, diagnose issues, and monitor runtime states.
    • Clear logs to reset diagnostic data and maintain storage efficiency.
  • Certificate Management

    • Export Certificate Signing Requests (CSRs) for device keys to facilitate secure provisioning.
    • Import signed certificates to establish a trusted certificate chain for device authentication.
  • Cryptographic Services

    • AES encryption and decryption
    • SHA hashing
    • Random number generation
    • Digital signing
    • Signature verification
    • Key exchange
  • Debug Unlock Mechanisms

    • Facilitate secure debugging in production environments
    • Ensure controlled access to debugging features

Mailbox Commands List

NameCommand CodeDescription
MC_FIRMWARE_VERSION0x4D46_5756 ("MFWV")Retrieves the version of the target firmware.
MC_DEVICE_CAPABILITIES0x4D43_4150 ("MCAP")Retrieve the device capabilities.
MC_DEVICE_ID0x4D44_4944 ("MDID")Retrieves the device ID.
MC_DEVICE_INFO0x4D44_494E ("MDIN")Retrieves information about the target device.
MC_EXPORT_IDEV_CSR0x4D49_4352 ("MICR")Exports the IDEVID Self-Signed Certificate Signing Request.
MC_IMPORT_IDEV_CERT0x4D49_4943 ("MIIC")Allows SoC to import DER-encoded IDevId certificate on every boot.
MC_GET_LOG0x4D47_4C47 ("MGLG")Retrieves the internal log for the RoT.
MC_CLEAR_LOG0x4D43_4C47 ("MCLG")Clears the log in the RoT subsystem.
MC_SHA_INIT0x4D43_5349 ("MCSI")Starts the computation of a SHA hash of data.
MC_SHA_UPDATE0x4D43_5355 ("MCSU")Continues a SHA computation started by MC_SHA_INIT or another MC_SHA_UPDATE.
MC_SHA_FINAL0x4D43_5346 ("MCSF")Finalizes the computation of a SHA and produces the hash of all the data.
MC_AES_ENCRYPT_INIT0x4D43_4349 ("MCCI")Starts an AES encryption operation.
MC_AES_ENCRYPT_UPDATE0x4D43_4355 ("MCMU")Continues an AES encryption operation started by MC_AES_ENCRYPT_INIT.
MC_AES_DECRYPT_INIT0x4D43_414A ("MCAJ")Starts an AES-256 decryption operation.
MC_AES_DECRYPT_UPDATE0x4D43_4155 ("MCAU")Continues an AES decryption operation started by MC_AES_DECRYPT_INIT.
MC_AES_GCM_ENCRYPT_INIT0x4D43_4749 ("MCGI")Starts an AES-256-GCM encryption operation.
MC_AES_GCM_ENCRYPT_UPDATE0x4D43_4755 ("MCGU")Continues an AES-GCM encryption operation started by MC_AES_GCM_ENCRYPT_INIT.
MC_AES_GCM_ENCRYPT_FINAL0x4D43_4746 ("MCGF")Finalizes the AES-GCM encryption operation and produces the final ciphertext and tag.
MC_AES_GCM_DECRYPT_INIT0x4D43_4449 ("MCDI")Starts an AES-256-GCM decryption operation.
MC_AES_GCM_DECRYPT_UPDATE0x4D43_4455 ("MCDU")Continues an AES-GCM decryption operation started by MC_AES_GCM_DECRYPT_INIT.
MC_AES_GCM_DECRYPT_FINAL0x4D43_4446 ("MCDF")Finalizes the AES-GCM decryption operation and verifies the tag.
MC_ECDH_GENERATE0x4D43_4547 ("MCEG")Computes the first half of an Elliptic Curve Diffie-Hellman exchange.
MC_ECDH_FINISH0x4D43_4546 ("MCEF")Computes the second half of an Elliptic Curve Diffie-Hellman exchange.
MC_RANDOM_STIR0x4D43_5253 ("MCRS")Adds additional entropy to the internal deterministic random bit generator.
MC_RANDOM_GENERATE0x4D43_5247 ("MCRG")Generates random bytes from the internal RNG.
MC_IMPORT0x4D43_494D ("MCIM")Imports a specified key and returns a CMK for it.
MC_DELETE0x4D43_444C ("MCDL")Deletes the object stored with the given mailbox ID.
MC_ECDSA384_SIG_VERIFY0x4D45_4356 ("MECV")Verifies an ECDSA P-384 signature.
MC_LMS_SIG_VERIFY0x4D4C_4D56 ("MLMV")Verifies an LMS signature.
MC_ECDSA_SIGN0x4D45_4353 ("MECS")Requests to sign a SHA-384 digest with the DPE leaf certificate.
MC_MLDSA_SIGN0x4D4C_4D53 ("MMLS")Requests to sign a SHA-384 digest with the DPE leaf certificate using MLDSA.
MC_PRODUCTION_DEBUG_UNLOCK_REQ0x4D44_5552 ("MDUR")Requests debug unlock in a production environment.
MC_PRODUCTION_DEBUG_UNLOCK_TOKEN0x4D44_5554 ("MDUT")Sends the debug unlock token.

Command Format

MC_FIRMWARE_VERSION

Retrieves the version of the target firmware.

Command Code: 0x4D46_5756 ("MFWV")

Table: MC_FIRMWARE_VERSION input arguments

NameTypeDescription
chksumu32
indexu32- 00h = Caliptra core firmware
- 01h = MCU runtime firmware
- 02h = SoC firmware
Additional indexes are firmware-specific

Table: MC_FIRMWARE_VERSION output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
versionu8[32]Firmware Version Number in ASCII format

MC_DEVICE_CAPABILITIES

Retrieve the device capabilites.

Command Code: 0x4D43_4150 ("MCAP")

Table: MC_DEVICE_CAPABILITIES input arguments

NameTypeDescription
chksumu32

Table: MC_DEVICE_CAPABILITIES output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
capsu8[32]- Bytes [0:7]: Reserved for Caliptra RT
- Bytes [8:11]: Reserved for Caliptra FMC
- Bytes [12:15]: Reserved for Caliptra ROM
- Bytes [16:23]: Reserved for MCU RT
- Bytes [24:27]: Reserved for MCU ROM
- Bytes [28:31]: Reserved

MC_DEVICE_ID

Retrieves the device ID.

Command Code: 0x4D44_4944 ("MDID")

Table: MC_DEVICE_ID input arguments

NameTypeDescription
chksumu32

Table: MC_DEVICE_ID output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
vendor_idu16Vendor ID; LSB
device_idu16Device ID; LSB
subsystem_vendor_idu16Subsystem Vendor ID; LSB
subsystem_idu16Subsystem ID; LSB

MC_DEVICE_INFO

Retrieves information about the target device.

Command Code: 0x4D44_494E ("MDIN")

Table: MC_DEVICE_INFO input arguments

NameTypeDescription
chksumu32
indexu32Information Index:
- 00h = Unique Chip Identifier
Additional indexes are firmware-specific

Table: MC_DEVICE_INFO output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
data_sizeu32Size of the requested data in bytes
datau8[data_size]Requested information in binary format

MC_EXPORT_IDEV_CSR

Exports the IDEVID Self-Signed Certificate Signing Request.

Command Code: 0x4D49_4352 ("MICR")

Table: MC_EXPORT_IDEV_CSR input arguments

NameTypeDescription
chksumu32
indexu32Information Index:
- 00h = IDEVID ECC CSR
- 01h = IDEVID MLDSA CSR

Table: MC_EXPORT_IDEV_CSR output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
data_sizeu32Length in bytes of the valid data in the data field.
datau8[data_size]DER-encoded IDevID certificate signing request.

MC_IMPORT_IDEV_CERT

Allows SoC to import DER-encoded IDevId certificate on every boot. The IDevId certificate is added to the start of the certificate chain.

Command Code: 0x4D49_4943 ("MIIC")

Table: MC_IMPORT_IDEV_CERT input arguments

NameTypeDescription
chksumu32
cert_sizeu32Size of the DER-encoded IDevID certificate.
certu8[1024]DER-encoded IDevID certificate.

Table: MC_IMPORT_IDEV_CERT output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error.

MC_GET_LOG

Retrieves the internal log for the RoT. There are two types of logs available: the Debug Log, which contains RoT application information and machine state, and the Attestation Measurement Log, which is similar to the TCG log.

Command Code: 0x4D47_4C47 ("MGLG")

Table: MC_GET_LOG input arguments

NameTypeDescription
chksumu32Checksum over input data
log typeu32Type of log to retrieve:
- 0 = Debug Log
- 1 = Attestation Log

Table: MC_GET_LOG output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error.
data_sizeu32Size of the log data in bytes
datau8[data_size]Log contents

Debug Log Format:

The debug log reported by the device has no specified format, as this can vary between different devices and is not necessary for attestation. It is expected that diagnostic utilities for the device will be able to understand the exposed log information. A recommended entry format is provided here:

OffsetDescription
1:7Log Entry Header
8:9Format of the entry (e.g., 1 for current format)
10Severity of the entry
11Identifier for the component that generated the message
12Identifier for the entry message
13:16Message-specific argument
17:20Message-specific argument

MC_CLEAR_LOG

Clears the log in the RoT subsystem.

Command Code: 0x4D43_4C47 ("MCLG")

Table: MC_CLEAR_LOG input arguments

NameTypeDescription
chksumu32Checksum over input data
log typeu32Type of log to retrieve:
- 0 = Debug Log
- 1 = Attestation Log

Table: MC_CLEAR_LOG output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error.

MC_ECDSA384_SIG_VERIFY

Verifies an ECDSA P-384 signature. The hash to be verified is taken from the input.

Command Code: 0x4D45_4356 ("MECV")

Table: MC_ECDSA384_SIG_VERIFY input arguments

NameTypeDescription
chksumu32Checksum over other input arguments, computed by the caller. Little endian.
pub_key_xu8[48]X portion of the ECDSA verification key.
pub_key_yu8[48]Y portion of the ECDSA verification key.
signature_ru8[48]R portion of the signature to verify.
signature_su8[48]S portion of the signature to verify.
hashu8[48]SHA-384 digest to verify.

Table: MC_ECDSA384_SIG_VERIFY output arguments

NameTypeDescription
chksumu32Checksum over other output arguments, computed by responder. Little endian.
fips_statusu32Indicates if the command is FIPS approved or an error.

MC_LMS_SIG_VERIFY

Verifies an LMS signature. The hash to be verified is taken from the input.

Command Code: 0x4D4C_4D56 ("MLMV")

Table: MC_LMS_SIG_VERIFY input arguments

NameTypeDescription
chksumu32Checksum over other input arguments, computed by the caller. Little endian.
pub_key_tree_typeu8[4]LMS public key algorithm type. Must equal 12.
pub_key_ots_typeu8[4]LM-OTS algorithm type. Must equal 7.
pub_key_idu8[16]"I" Private key identifier
pub_key_digestu8[24]"T[1]" Public key hash value
signature_qu8[4]Leaf of the Merkle tree where the OTS public key appears
signature_otsu8[1252]LM-OTS signature
signature_tree_typeu8[4]LMS signature Algorithm type. Must equal 12.
signature_tree_pathu8[360]Path through the tree from the leaf associated with the LM-OTS signature to the root
hashu8[48]SHA384 digest to verify.

Table: MC_LMS_SIG_VERIFY output arguments

NameTypeDescription
chksumu32Checksum over other output arguments, computed by MCU. Little endian.
fips_statusu32Indicates if the command is FIPS approved or an error.

MC_ECDSA_SIGN

Requests to sign SHA-384 digest with DPE leaf cert.

Command Code: 0x4D45_4353 ("MECS")

Table: MC_ECDSA384_SIGN input arguments

NameTypeDescription
chksumu32Checksum over other input arguments, computed by the caller. Little endian.
digestu8[48]SHA-384 digest to be signed.

Table: MC_ECDSA384_SIGN output arguments

NameTypeDescription
chksumu32Checksum over other output arguments, computed by MCU. Little endian.
fips_statusu32Indicates if the command is FIPS approved or an error.
derived_pubkey_xu8[48]The X BigNum of the ECDSA public key associated with the signing key.
derived_pubkey_yu8[48]The Y BigNum of the ECDSA public key associated with the signing key.
signature_ru8[48]The R BigNum of an ECDSA signature.
signature_su8[48]The S BigNum of an ECDSA signature.

MC_MLDSA_SIGN

Request to sign the SHA-384 digest with DPE leaf cert.

Command Code: 0x4D4C_4D53 ("MMLS")

Table: MC_MLDSA_SIGN input arguments

NameTypeDescription
chksumu32Checksum over other input arguments, computed by the caller. Little endian.
digestu8[48]SHA-384 digest to be signed.

Table: MC_MLDSA_SIGN output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error
pub_key_tree_typeu8[4]LMS public key algorithm type.
pub_key_ots_typeu8[4]LM-OTS algorithm type.
pub_key_idu8[16]Private key identifier.
pub_key_digestu8[24]Public key hash value.
signature_qu8[4]Leaf of the Merkle tree for the OTS key.
signature_otsu8[1252]LM-OTS signature.
signature_tree_pathu8[360]Path through the Merkle tree to the root.

MC_PRODUCTION_DEBUG_UNLOCK_REQ

Requests debug unlock in production environment.

Command Code: 0x4D44_5552 ("MDUR")

Table: MC_PRODUCTION_DEBUG_UNLOCK_REQ input arguments

NameTypeDescription
chksumu32
lengthu32Length of the message in DWORDs
unlock_levelu8Debug unlock Level (Number 1-8)
reservedu8[3]Reserved field

Table: MC_PRODUCTION_DEBUG_UNLOCK_REQ output arguments

NameTypeDescription
chksumu32Checksum over other output arguments.
fips_statusu32FIPS approved or an error
lengthu32Length of the message in DWORDs.
unique_device_identifieru8[32]Device identifier of the Caliptra device.
challengeu8[48]Random number challenge.

MC_PRODUCTION_DEBUG_UNLOCK_TOKEN

Sends the debug unlock token.

Command Code: 0x4D44_5554 ("MDUT")

Table: MC_PRODUCTION_DEBUG_UNLOCK_TOKEN input arguments

NameTypeDescription
chksumu32Checksum over other input arguments.
fips_statusu32FIPS approved or an error
lengthu32Length of the message in DWORDs.
unique_device_identifieru8[32]Device identifier of the Caliptra device.
unlock_levelu8Debug unlock level (1-8).
reservedu8[3]Reserved field.
challengeu8[48]Random number challenge.
ecc_public_keyu32[24]ECC public key in hardware format (little endian).
mldsa_public_keyu32[648]MLDSA public key in hardware format (little endian).
ecc_signatureu32[24]ECC P-384 signature of the message hashed using SHA2-384 (R and S coordinates).
mldsa_signatureu32[1157]MLDSA signature of the message hashed using SHA2-512 (4627 bytes + 1 reserved byte).

Table: MC_PRODUCTION_DEBUG_UNLOCK_TOKEN output arguments

NameTypeDescription
chksumu32
fips_statusu32FIPS approved or an error

Cryptographic Command Format

The MCI mailbox cryptographic commands are mapped to their corresponding Caliptra Mailbox Cryptographic commands. The mapping is detailed in the table below. For the specific format of each command, refer to the Mailbox Commands: Cryptographic Mailbox (2.0).

Table: mapping MCI Mailbox Crypto Commands to Caliptra Crypto Mailbox Commands

MCI Mailbox Crypto CommandsCaliptra Mailbox Crypto Commands
MC_SHA_INITCM_SHA_INIT
MC_SHA_UPDATECM_SHA_UPDATE
MC_SHA_FINALCM_SHA_FINAL
MC_AES_ENCRYPT_INITCM_AES_ENCRYPT_INIT
MC_AES_ENCRYPT_UPDATECM_AES_ENCRYPT_UPDATE
MC_AES_DECRYPT_INITCM_AES_DECRYPT_INIT
MC_AES_DECRYPT_UPDATECM_AES_DECRYPT_UPDATE
MC_AES_GCM_ENCRYPT_INITCM_AES_GCM_ENCRYPT_INIT
MC_AES_GCM_ENCRYPT_UPDATECM_AES_GCM_ENCRYPT_UPDATE
MC_AES_GCM_ENCRYPT_FINALCM_AES_GCM_ENCRYPT_FINAL
MC_AES_GCM_DECRYPT_INITCM_AES_GCM_DECRYPT_INIT
MC_AES_GCM_DECRYPT_UPDATECM_AES_GCM_DECRYPT_UPDATE
MC_AES_GCM_DECRYPT_FINALCM_AES_GCM_DECRYPT_FINAL
MC_ECDH_GENERATECM_ECDH_GENERATE
MC_ECDH_FINISHCM_ECDH_FINISH
MC_RANDOM_STIRCM_RANDOM_STIR
MC_RANDOM_GENERATECM_RANDOM_GENERATE
MC_IMPORTCM_IMPORT
MC_DELETECM_DELETE