| @@ -1,17 +1,17 @@ |
| 1 | 1 | <div style="font-size: 0.85em; color: #656d76; margin-bottom: 1em; padding: 0.5em; background: #f6f8fa; border-radius: 4px;"> |
| 2 | | -📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/e56467181b5313e53cf6cdc92f705a4127480fc2/auth-manifest/README.md" target="_blank">chipsalliance/caliptra-sw/auth-manifest/README.md</a> @ <code>e564671</code> |
| 2 | +📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/9248d7956e8f6c9514eff3136fa532392d9ac5c1/auth-manifest/README.md" target="_blank">chipsalliance/caliptra-sw/auth-manifest/README.md</a> @ <code>9248d79</code> |
| 3 | 3 | </div> |
| 4 | 4 | |
| 5 | 5 | ## SOC Manifest |
| 6 | 6 | |
| 7 | | -The Caliptra SOC manifest has two main components: |
| 7 | +The Caliptra SOC manifest has two main components: [Preamble](#preamble) and [Image Metadata Collection](#image-metadata-collection) |
| 8 | 8 | |
| 9 | | -- ### **Preamble** |
| 9 | +### **Preamble** |
| 10 | 10 | |
| 11 | | - The Preamble section contains the authorization manifest **ECC** and **PQC (LMS or MLDSA)** public keys of the vendor and the owner. |
| 12 | | - These public keys correspond to the private keys that sign the Image Metadata Collection (IMC) section. |
| 13 | | - Those signatures are also stored in the Preamble. |
| 14 | | - The Caliptra firmware’s ECC and PQC private keys endorse the manifest’s public keys, and these endorsements (signatures) are part of the Preamble as well. |
| 11 | + The Preamble section contains the authorization manifest **ECC** and **PQC (LMS or MLDSA)** public keys of the vendor and the owner. |
| 12 | + These public keys correspond to the private keys that sign the [Image Metadata Collection (IMC)](#image-metadata-collection) section. |
| 13 | + Those signatures are also stored in the Preamble. |
| 14 | + The Caliptra firmware's ECC and PQC private keys endorse the manifest's public keys, and these endorsements (signatures) are part of the Preamble as well. |
| 15 | 15 | |
| 16 | 16 | *Note: All fields are little endian unless specified* |
| 17 | 17 | |
| @@ -36,7 +36,21 @@ |
| 36 | 36 | | **IMC Owner PQC Signature (LMS or MLDSA)** | 4628 | Owner PQC signature over the **IMC**.<br/>Same encoding rules as the other PQC signature fields (LMS or MLDSA; unused bytes zero-padded).<br/>If PQC validation is not required, this field **must be zeroed**. | |
| 37 | 37 | |
| 38 | 38 | |
| 39 | | -- ### **Image Metadata Entry** |
| 39 | +### **Image Metadata Collection** |
| 40 | + |
| 41 | +The Image Metadata Collection (IMC) is a collection of Image Metadata Entries (IMEs). |
| 42 | +Each IME has a hash that matches a SOC image. |
| 43 | +The manifest vendor and owner private keys sign the IMC. |
| 44 | +The Preamble holds the IMC signatures. |
| 45 | +The manifest IMC vendor signatures are optional and are validated only if the **Flags Bit 0 = 1**. |
| 46 | +Up to 127 image hashes are supported. |
| 47 | + |
| 48 | +| Field | Size (bytes) | Description | |
| 49 | +| -------------------------------- | ------------ | --------------------------------------- | |
| 50 | +| **Image Metadata Entry (IME) Count** | 4 | Number of IME(s) in the IMC. | |
| 51 | +| **Image Metadata Entry (N)** | Variable | List of Image Metadata Entry structures | |
| 52 | + |
| 53 | +#### **Image Metadata Entry** |
| 40 | 54 | |
| 41 | 55 | | Field | Size (bytes) | Description | |
| 42 | 56 | | ----------------------- | ------------ | ----------- | |
| @@ -49,20 +63,3 @@ |
| 49 | 63 | | **Staging Address High** | 4 | High 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 50 | 64 | | **Staging Address Low** | 4 | Low 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 51 | 65 | |
| 52 | | - |
| 53 | | - |
| 54 | | -- ### **Image Metadata Collection** |
| 55 | | - |
| 56 | | -The Image Metadata Collection (IMC) is a collection of Image Metadata Entries (IMEs). |
| 57 | | -Each IME has a hash that matches a SOC image. |
| 58 | | -The manifest vendor and owner private keys sign the IMC. |
| 59 | | -The Preamble holds the IMC signatures. |
| 60 | | -The manifest IMC vendor signatures are optional and are validated only if the **Flags Bit 0 = 1**. |
| 61 | | -Up to 127 image hashes are supported. |
| 62 | | - |
| 63 | | -| Field | Size (bytes) | Description | |
| 64 | | -| -------------------------------- | ------------ | --------------------------------------- | |
| 65 | | -| **Image Metadata Entry (IME) Count** | 4 | Number of IME(s) in the IMC. | |
| 66 | | -| **Image Metadata Entry (N)** | Variable | List of Image Metadata Entry structures | |
| 67 | | - |
| 68 | | - |