Diff: Runtime Specification

@@ -1,10 +1,10 @@
1	1	<div style="font-size: 0.85em; color: #656d76; margin-bottom: 1em; padding: 0.5em; background: #f6f8fa; border-radius: 4px;">
2		-📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/cddb376171e1e39f16484b44965a68e93fcb461a/runtime/README.md" target="_blank">chipsalliance/caliptra-sw/runtime/README.md</a> @ <code>cddb376</code>
	2	+📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/51ff0a89f169bbf8e06acb49b31db555e99fefb6/runtime/README.md" target="_blank">chipsalliance/caliptra-sw/runtime/README.md</a> @ <code>51ff0a8</code>
3	3	</div>
4	4
5		-# Caliptra Runtime Firmware v1.0
6		-
7		-This specification describes the Caliptra Runtime Firmware.
	5	+# Caliptra Runtime Firmware v1.1
	6	+
	7	+This specification describes the Caliptra Runtime Firmware.
8	8
9	9	## Runtime Firmware environment
10	10
@@ -27,12 +27,12 @@
27	27	After booting, Caliptra Runtime Firmware is responsible for the following.
28	28
29	29	* Wait for mailbox interrupts. On mailbox interrupt, Runtime Firmware:
30		- * Reads command from mailbox
31		- * Executes command
32		- * Writes response to mailbox and sets necessary status registers
33		- * Sleeps until next interrupt
	30	+ * Reads command from mailbox
	31	+ * Executes command
	32	+ * Writes response to mailbox and sets necessary status registers
	33	+ * Sleeps until next interrupt
34	34	* On panic, Runtime Firmware:
35		- * Saves diagnostic information
	35	+ * Saves diagnostic information
36	36
37	37	Callers must wait until Caliptra is no longer busy to call a mailbox command.
38	38
@@ -123,11 +123,11 @@
123	123
124	124	Table: `CAPABILITIES` output arguments
125	125
126		-\| Name \| Type \| Description
127		-\| -------- \| -------- \| ---------------
128		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
129		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
130		-\| capabilities \| u8[16] \| Firmware capabilities
	126	+\| Name \| Type \| Description
	127	+\| -------- \| -------- \| ---------------
	128	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	129	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	130	+\| capabilities \| u8[16] \| Firmware capabilities
131	131
132	132	### GET\_IDEV\_CERT
133	133
@@ -137,22 +137,22 @@
137	137
138	138	Table: `GET_IDEV_CERT` input arguments
139	139
140		-\| Name \| Type \| Description
141		-\| -------- \| -------- \| ---------------
142		-\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
143		-\| signature\_r \| u8[48] \| R portion of signature of the cert.
144		-\| signature\_s \| u8[48] \| S portion of signature of the cert.
145		-\| tbs\_size \| u32 \| Size of the TBS.
146		-\| tbs \| u8[916] \| TBS, with a maximum size of 916. Only bytes up to tbs_size are used.
	140	+\| Name \| Type \| Description
	141	+\| -------- \| -------- \| ---------------
	142	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	143	+\| signature\_r \| u8[48] \| R portion of signature of the cert.
	144	+\| signature\_s \| u8[48] \| S portion of signature of the cert.
	145	+\| tbs\_size \| u32 \| Size of the TBS.
	146	+\| tbs \| u8[916] \| TBS, with a maximum size of 916. Only bytes up to tbs_size are used.
147	147
148	148	Table: `GET_IDEV_CERT` output arguments
149	149
150		-\| Name \| Type \| Description
151		-\| -------- \| -------- \| ---------------
152		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
153		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
154		-\| cert\_size \| u32 \| Length in bytes of the cert field in use for the IDevId certificate.
155		-\| cert \| u8[1024] \| DER-encoded IDevID CERT.
	150	+\| Name \| Type \| Description
	151	+\| -------- \| -------- \| ---------------
	152	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	153	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	154	+\| cert\_size \| u32 \| Length in bytes of the cert field in use for the IDevId certificate.
	155	+\| cert \| u8[1024] \| DER-encoded IDevID CERT.
156	156
157	157	### POPULATE\_IDEV\_CERT
158	158
@@ -164,18 +164,18 @@
164	164
165	165	Table: `POPULATE_IDEV_CERT` input arguments
166	166
167		-\| Name \| Type \| Description
168		-\| -------- \| -------- \| ---------------
169		-\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	167	+\| Name \| Type \| Description
	168	+\| -------- \| -------- \| ---------------
	169	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
170	170	\| cert\_size \| u32 \| Size of the DER-encoded IDevId certificate.
171		-\| cert \| u8[1024] \| DER-encoded IDevID CERT.
	171	+\| cert \| u8[1024] \| DER-encoded IDevID CERT.
172	172
173	173	Table: `POPULATE_IDEV_CERT` output arguments
174	174
175		-\| Name \| Type \| Description
176		-\| -------- \| -------- \| ---------------
177		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
178		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	175	+\| Name \| Type \| Description
	176	+\| -------- \| -------- \| ---------------
	177	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	178	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
179	179
180	180	### GET\_IDEV\_INFO
181	181
@@ -191,10 +191,10 @@
191	191
192	192	Table: `GET_IDEV_INFO` output arguments
193	193
194		-\| Name \| Type \| Description
195		-\| -------- \| -------- \| ---------------
196		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
197		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	194	+\| Name \| Type \| Description
	195	+\| -------- \| -------- \| ---------------
	196	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	197	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
198	198	\| idev\_pub\_x \| u8[48] \| X portion of ECDSA IDevId key.
199	199	\| idev\_pub\_y \| u8[48] \| Y portion of ECDSA IDevId key.
200	200
@@ -212,12 +212,12 @@
212	212
213	213	Table: `GET_LDEV_CERT` output arguments
214	214
215		-\| Name \| Type \| Description
216		-\| -------- \| -------- \| ---------------
217		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
218		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
219		-\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
220		-\| data \| u8[...] \| DER-encoded LDevID certificate.
	215	+\| Name \| Type \| Description
	216	+\| -------- \| -------- \| ---------------
	217	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	218	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	219	+\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
	220	+\| data \| u8[...] \| DER-encoded LDevID certificate.
221	221
222	222	### GET\_FMC\_ALIAS\_CERT
223	223
@@ -233,12 +233,12 @@
233	233
234	234	Table: `GET_FMC_ALIAS_CERT` output arguments
235	235
236		-\| Name \| Type \| Description
237		-\| -------- \| -------- \| ---------------
238		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
239		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
240		-\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
241		-\| data \| u8[...] \| DER-encoded FMC alias certificate.
	236	+\| Name \| Type \| Description
	237	+\| -------- \| -------- \| ---------------
	238	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	239	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	240	+\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
	241	+\| data \| u8[...] \| DER-encoded FMC alias certificate.
242	242
243	243	### GET\_RT\_ALIAS\_CERT
244	244
@@ -254,17 +254,20 @@
254	254
255	255	Table: `GET_RT_ALIAS_CERT` output arguments
256	256
257		-\| Name \| Type \| Description
258		-\| -------- \| -------- \| ---------------
259		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
260		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
261		-\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
262		-\| data \| u8[...] \| DER-encoded Runtime alias certificate.
	257	+\| Name \| Type \| Description
	258	+\| -------- \| -------- \| ---------------
	259	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	260	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	261	+\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
	262	+\| data \| u8[...] \| DER-encoded Runtime alias certificate.
263	263
264	264	### ECDSA384\_SIGNATURE\_VERIFY
265	265
266	266	Verifies an ECDSA P-384 signature. The hash to be verified is taken from
267	267	Caliptra's SHA384 accelerator peripheral.
	268	+
	269	+In the event of an invalid signature, the mailbox command will report CMD_FAILURE
	270	+and the cause will be logged as a non-fatal error.
268	271
269	272	Command Code: `0x5349_4756` ("SIGV")
270	273
@@ -280,6 +283,47 @@
280	283
281	284	Table: `ECDSA384_SIGNATURE_VERIFY` output arguments
282	285
	286	+\| Name \| Type \| Description
	287	+\| -------- \| -------- \| ---------------
	288	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	289	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	290	+
	291	+### LMS\_SIGNATURE\_VERIFY
	292	+
	293	+Verifies an LMS signature. The hash to be verified is taken from
	294	+Caliptra's SHA384 accelerator peripheral.
	295	+
	296	+In the event of an invalid signature, the mailbox command will report CMD_FAILURE
	297	+and the cause will be logged as a non-fatal error.
	298	+
	299	+The supported parameter set is limited to those used for the caliptra image signature:
	300	+Table: LMS parameters
	301	+\| Param Name \| Value \| Description
	302	+\| -------------- \| --------- \| ---------------
	303	+\| LMS algorithm type \| 12 \| 12 = LmsSha256N24H15
	304	+\| LM-OTS algorithm type \| 7 \| 7 = LmotsSha256N24W4
	305	+\| n \| 24 \| Bytes of output from sha256/192 hash function
	306	+\| w \| 4 \| Width (in bits) of the Winternitz coefficient
	307	+\| h \| 15 \| Height of the tree
	308	+
	309	+Command Code: `0x4C4D_5356` ("LMSV")
	310	+
	311	+Table: `LMS_SIGNATURE_VERIFY` input arguments
	312	+
	313	+\| Name \| Type \| Description
	314	+\| -------- \| -------- \| ---------------
	315	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	316	+\| pub\_key\_tree\_type \| u8[4] \| LMS public key algorithm type. Must equal 12.
	317	+\| pub\_key\_ots\_type \| u8[4] \| LM-OTS algorithm type. Must equal 7.
	318	+\| pub\_key\_id \| u8[16] \| "I" Private key identifier
	319	+\| pub\_key\_digest \| u8[24] \| "T[1]" Public key hash value
	320	+\| signature\_q \| u8[4] \| Leaf of the Merkle tree where the OTS public key appears
	321	+\| signature\_ots \| u8[1252] \| LM-OTS signature
	322	+\| signature\_tree\_type \| u8[4] \| LMS signature Algorithm type. Must equal 12.
	323	+\| signature\_tree\_path \| u8[360] \| Path through the tree from the leaf associated with the LM-OTS signature to the root
	324	+
	325	+Table: `LMS_SIGNATURE_VERIFY` output arguments
	326	+
283	327	\| Name \| Type \| Description
284	328	\| -------- \| -------- \| ---------------
285	329	\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
@@ -306,14 +350,13 @@
306	350	\| context \| u8[48] \| Context field for `svn`; e.g., a hash of the public key that authenticated the SVN.
307	351	\| svn \| u32 \| SVN passed to the DPE to be used in the derived child.
308	352
309		-
310	353	Table: `STASH_MEASUREMENT` output arguments
311	354
312		-\| Name \| Type \| Description
313		-\| -------- \| -------- \| ---------------
314		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
315		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
316		-\| dpe\_result \| u32 \| Result code of DPE DeriveContext command. Little endian.
	355	+\| Name \| Type \| Description
	356	+\| -------- \| -------- \| ---------------
	357	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	358	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	359	+\| dpe\_result \| u32 \| Result code of DPE DeriveContext command. Little endian.
317	360
318	361	### DISABLE\_ATTESTATION
319	362
@@ -340,10 +383,10 @@
340	383
341	384	Table: `DISABLE_ATTESTATION` output arguments
342	385
343		-\| Name \| Type \| Description
344		-\| -------- \| -------- \| ---------------
345		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
346		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	386	+\| Name \| Type \| Description
	387	+\| -------- \| -------- \| ---------------
	388	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	389	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
347	390
348	391	### INVOKE\_DPE\_COMMAND
349	392
@@ -356,18 +399,17 @@
356	399	\| Name \| Type \| Description
357	400	\| -------- \| -------- \| ---------------
358	401	\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	402	+\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
	403	+\| data \| u8[...] \| DPE command structure as defined in the DPE iRoT profile.
	404	+
	405	+Table: `INVOKE_DPE_COMMAND` output arguments
	406	+
	407	+\| Name \| Type \| Description
	408	+\| -------- \| -------- \| ---------------
	409	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	410	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
359	411	\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
360		-\| data \| u8[...] \| DPE command structure as defined in the DPE iRoT profile.
361		-
362		-
363		-Table: `INVOKE_DPE_COMMAND` output arguments
364		-
365		-\| Name \| Type \| Description
366		-\| -------- \| -------- \| ---------------
367		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
368		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
369		-\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
370		-\| data \| u8[...] \| DPE response structure as defined in the DPE iRoT profile.
	412	+\| data \| u8[...] \| DPE response structure as defined in the DPE iRoT profile.
371	413
372	414	### QUOTE\_PCRS
373	415
@@ -390,6 +432,7 @@
390	432	\| Name \| Type \| Description
391	433	\| -------- \| -------- \| ---------------
392	434	\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	435	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
393	436	\| PCRs \| PcrValue[32] \| Values of all PCRs.
394	437	\| nonce \| u8[32] \| Return the nonce used as input for convenience.
395	438	\| digest \| u8[48] \| Return the digest over the PCR values and the nonce.
@@ -411,8 +454,12 @@
411	454	\| index \| u32 \| Index of the PCR to extend.
412	455	\| value \| u8[..] \| Value to extend into the PCR at `index`.
413	456
414		-
415		-`EXTEND_PCR` returns no output arguments.
	457	+Table: `EXTEND_PCR` output arguments
	458	+
	459	+\| Name \| Type \| Description
	460	+\| -------- \| -------- \| ---------------
	461	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	462	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
416	463
417	464	Note that extensions made into Caliptra's PCRs are _not_ appended to Caliptra's internal PCR log.
418	465
@@ -430,12 +477,12 @@
430	477
431	478	Table: `GET_PCR_LOG` output arguments
432	479
433		-\| Name \| Type \| Description
434		-\| -------- \| -------- \| ---------------
435		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
436		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
437		-\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
438		-\| data \| u8[...] \| Internal PCR event log.
	480	+\| Name \| Type \| Description
	481	+\| -------- \| -------- \| ---------------
	482	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	483	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	484	+\| data\_size \| u32 \| Length in bytes of the valid data in the data field.
	485	+\| data \| u8[...] \| Internal PCR event log.
439	486
440	487	See [pcr\_log.rs](../drivers/src/pcr_log.rs) for the format of the log.
441	488
@@ -456,7 +503,12 @@
456	503	\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
457	504	\| index \| u32 \| Index of the PCR for which to increment the reset counter.
458	505
459		-`INCREMENT_PCR_RESET_COUNTER` returns no output arguments.
	506	+Table: `INCREMENT_PCR_RESET_COUNTER` output arguments
	507	+
	508	+\| Name \| Type \| Description
	509	+\| -------- \| -------- \| ---------------
	510	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	511	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
460	512
461	513	### DPE\_TAG\_TCI
462	514
@@ -474,10 +526,10 @@
474	526
475	527	Table: `DPE_TAG_TCI` output arguments
476	528
477		-\| Name \| Type \| Description
478		-\| -------- \| -------- \| ---------------
479		-\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
480		-\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	529	+\| Name \| Type \| Description
	530	+\| -------- \| -------- \| ---------------
	531	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	532	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
481	533
482	534	### DPE\_GET\_TAGGED\_TCI
483	535
@@ -494,11 +546,12 @@
494	546
495	547	Table: `DPE_GET_TAGGED_TCI` output arguments
496	548
497		-\| Name \| Type \| Description
498		-\| -------- \| -------- \| ---------------
499		-\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
500		-\| tci\_cumulative \| u8[48] \| Hash of all of the input data provided to the context.
501		-\| tci\_current \| u8[48] \| Most recent measurement made into the context.
	549	+\| Name \| Type \| Description
	550	+\| -------- \| -------- \| ---------------
	551	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	552	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	553	+\| tci\_cumulative \| u8[48] \| Hash of all of the input data provided to the context.
	554	+\| tci\_current \| u8[48] \| Most recent measurement made into the context.
502	555
503	556	### FW\_INFO
504	557
@@ -517,6 +570,7 @@
517	570	\| Name \| Type \| Description
518	571	\| -------- \| -------- \| ---------------
519	572	\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	573	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
520	574	\| pl0_pauser \| u32 \| PAUSER with PL0 privileges (from image header).
521	575	\| runtime_svn \| u32 \| Runtime SVN.
522	576	\| min_runtime_svn \| u32 \| Min Runtime SVN.
@@ -608,6 +662,59 @@
608	662	\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
609	663	\| fips_status \| u32 \| Indicates if the command is FIPS approved or an error
610	664
	665	+### ADD\_SUBJECT\_ALT\_NAME
	666	+
	667	+Provides a subject alternative name otherName. Whenever CERTIFY_KEY_EXTENDED is called with the
	668	+DMTF_OTHER_NAME flag after ADD_SUBJECT_ALT_NAME is called, the resulting DPE CSR or leaf certificate
	669	+will contain a subject alternative name extension containing the provided otherName, which must be a
	670	+DMTF device info. All such certificates produced by CERTIFY_KEY_EXTENDED will continue to have the
	671	+DMTF otherName subject alternative name extension until reset.
	672	+
	673	+Command Code: `0x414C_544E` ("ALTN")
	674	+
	675	+Table: `ADD_SUBJECT_ALT_NAME` input arguments
	676	+
	677	+\| Name \| Type \| Description
	678	+\| -------- \| -------- \| ---------------
	679	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	680	+\| dmtf\_device\_info\_size \| u32 \| The size of the DMTF Device Info UTF8String.
	681	+\| dmtf\_device\_info \| u8[128] \| The DMTF Device Info UTF8String.
	682	+
	683	+Table: `ADD_SUBJECT_ALT_NAME` output arguments
	684	+
	685	+\| Name \| Type \| Description
	686	+\| -------- \| -------- \| ---------------
	687	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	688	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	689	+
	690	+### CERTIFY\_KEY\_EXTENDED
	691	+
	692	+Produces a DPE leaf certificate or CSR containing custom extensions provided by the SoC.
	693	+
	694	+Command Code: `0x434B_4558` ("CKEX")
	695	+
	696	+Table: `CERTIFY_KEY_EXTENDED` input arguments
	697	+
	698	+\| Name \| Type \| Description
	699	+\| -------- \| -------- \| ---------------
	700	+\| chksum \| u32 \| Checksum over other input arguments, computed by the caller. Little endian.
	701	+\| certify\_key\_req \| u8[72] \| Certify Key Request.
	702	+\| flags \| u32 \| Flags determining which custom extensions to include in the certificate.
	703	+
	704	+Table: `CERTIFY_KEY_EXTENDED` input flags
	705	+
	706	+\| Name \| Offset
	707	+\| -------- \| ----------
	708	+\| DMTF_OTHER_NAME \| 1 << 31
	709	+
	710	+Table: `CERTIFY_KEY_EXTENDED` output arguments
	711	+
	712	+\| Name \| Type \| Description
	713	+\| -------- \| -------- \| ---------------
	714	+\| chksum \| u32 \| Checksum over other output arguments, computed by Caliptra. Little endian.
	715	+\| fips\_status \| u32 \| Indicates if the command is FIPS approved or an error.
	716	+\| certify\_key\_resp \| u8[2176] \| Certify Key Response.
	717	+
611	718	## Checksum
612	719
613	720	For every command except for FW_LOAD, the request and response feature a checksum. This
@@ -615,7 +722,7 @@
615	722
616	723	The checksum is a little-endian 32-bit value, defined as:
617	724
618		-```
	725	+```text
619	726	0 - (SUM(command code bytes) + SUM(request/response bytes))
620	727	```
621	728
@@ -689,6 +796,7 @@
689	796
690	797	### PAUSER privilege levels
691	798
	799	+Caliptra uses PAUSER as a HW mechanism to distinguish DPE Client localities.
692	800	Caliptra models PAUSER callers to its mailbox as having 1 of 2 privilege levels:
693	801
694	802	* PL0 - High privilege. Only 1 PAUSER in the SoC may be at PL0. The PL0 PAUSER
@@ -700,6 +808,11 @@
700	808	SHALL fail any calls to the DPE CertifyKey with format=X509 by PL1 callers.
701	809	PL1 callers should use the CSR format instead.
702	810
	811	+PAUSER and Locality map 1:1. Consequently, only the single DPE Client associated
	812	+with PL0 level, is authorized to invoke CertifyKey DPE command with format=x509.
	813	+All other DPE Clients have instead restricted privileges associated to PL1 (as
	814	+described above).
	815	+
703	816	#### PAUSER privilege level active context limits
704	817
705	818	Each active context in DPE is activated from either PL0 or PL1 through the
@@ -710,12 +823,17 @@
710	823	To prevent this, we establish active context limits for each PAUSER
711	824	privilege level:
712	825
713		-* PL0 - 8 active contexts
	826	+* PL0 - 16 active contexts
714	827	* PL1 - 16 active contexts
715	828
716	829	If a DPE command were to activate a new context such that the total number of
717	830	active contexts in a privilege level is above its active context limit, the
718	831	InvokeDpe command should fail.
	832	+
	833	+At boot Caliptra Runtime FW consumes part of the PL0 active contexts (initially 16) to DeriveContext for:
	834	+ - RTFW Journey (RTFJ) Measurement (1)
	835	+ - Mailbox Valid Pauser digest (MBVP) (1)
	836	+ - ROM Stashed Measurements (max 8)
719	837
720	838	Further, it is not allowed for PL1 to call DeriveContext with the intent to change locality to PL0's locality; this would increase the number
721	839	of active contexts in PL0's locality, and hence allow PL1 to DOS PL0.
@@ -766,21 +884,21 @@
766	884
767	885	* Runtime Firmware SHALL initialize the default context in “internal-cdi” mode.
768	886	* Perform the following initial measurements:
769		- * Call DeriveContext with Caliptra Journey PCR
770		- * INPUT\_DATA = PCRX (RT journey PCR as defined in the FHT)
771		- * TYPE = “RTJM”
772		- * CONTEXT\_HANDLE = default context
773		- * TARGET\_LOCALITY = Caliptra locality (0xFFFFFFFF)
774		- * Call DeriveContext with mailbox valid PAUSERS
775		- * INPUT\_DATA = Hash of [CPTRA\_VALID\_PAUSER register](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.soc_ifc_reg.CPTRA_MBOX_VALID_PAUSER%5B0%5D).
776		- * TYPE = “MBVP”
777		- * CONTEXT\_HANDLE = default context
778		- * TARGET\_LOCALITY = PL0 PAUSER
779		- * Call DeriveContext for each STASH\_MEASUREMENT call made during Caliptra ROM execution
780		- * INPUT\_DATA = `measurement` parameter to STASH\_MEASUREMENT
781		- * TYPE = `type` parameter to STASH\_MEASUREMENT
782		- * CONTEXT\_HANDLE = default context
783		- * TARGET\_LOCALITY = PL0 PAUSER
	887	+ * Call DeriveContext with Caliptra Journey PCR
	888	+ * INPUT\_DATA = PCRX (RT journey PCR as defined in the FHT)
	889	+ * TYPE = “RTJM”
	890	+ * CONTEXT\_HANDLE = default context
	891	+ * TARGET\_LOCALITY = Caliptra locality (0xFFFFFFFF)
	892	+ * Call DeriveContext with mailbox valid PAUSERS
	893	+ * INPUT\_DATA = Hash of [CPTRA\_VALID\_PAUSER register](https://chipsalliance.github.io/caliptra-rtl/main/internal-regs/?p=clp.soc_ifc_reg.CPTRA_MBOX_VALID_PAUSER%5B0%5D).
	894	+ * TYPE = “MBVP”
	895	+ * CONTEXT\_HANDLE = default context
	896	+ * TARGET\_LOCALITY = PL0 PAUSER
	897	+ * Call DeriveContext for each STASH\_MEASUREMENT call made during Caliptra ROM execution
	898	+ * INPUT\_DATA = `measurement` parameter to STASH\_MEASUREMENT
	899	+ * TYPE = `type` parameter to STASH\_MEASUREMENT
	900	+ * CONTEXT\_HANDLE = default context
	901	+ * TARGET\_LOCALITY = PL0 PAUSER
784	902
785	903	### CDI derivation
786	904
@@ -858,4 +976,4 @@
858	976	\| \| VendorInfo \| Locality of the caller (analog for PAUSER)
859	977
860	978	\*MultiTcbInfo contains one TcbInfo for each TCI Node in the path from the
861		-current TCI Node to the root. Max of 24.
	979	+current TCI Node to the root. Max of 32.

Changes to Runtime Specification