| @@ -1,5 +1,5 @@ |
| 1 | 1 | <div style="font-size: 0.85em; color: #656d76; margin-bottom: 1em; padding: 0.5em; background: #f6f8fa; border-radius: 4px;"> |
| 2 | | -📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/88512eb6b83b7503625cd319668d30dc3bff6012/auth-manifest/README.md" target="_blank">chipsalliance/caliptra-sw/auth-manifest/README.md</a> @ <code>88512eb</code> |
| 2 | +📄 Source: <a href="https://github.com/chipsalliance/caliptra-sw/blob/7f309f2a7f90971caf698c6ba76275642f3923c4/auth-manifest/README.md" target="_blank">chipsalliance/caliptra-sw/auth-manifest/README.md</a> @ <code>7f309f2</code> |
| 3 | 3 | </div> |
| 4 | 4 | |
| 5 | 5 | ## SOC Manifest |
| @@ -13,7 +13,7 @@ |
| 13 | 13 | Those signatures are also stored in the Preamble. |
| 14 | 14 | The Caliptra firmware's ECC and PQC private keys endorse the manifest's public keys, and these endorsements (signatures) are part of the Preamble as well. |
| 15 | 15 | |
| 16 | | - *Note: All fields are little endian unless specified* |
| 16 | + *Note: Do not treat the entire manifest as little endian. Scalar `u32` fields use little-endian layout. ECC key and signature fields are stored as big-endian `u32` words. Raw byte-array fields, such as image hashes, use the exact byte sequence produced by standard tools like OpenSSL unless a field description explicitly says otherwise.* |
| 17 | 17 | |
| 18 | 18 | | Field | Size (bytes) | Description | |
| 19 | 19 | | ---------------------------------- | ------------ | ----------- | |
| @@ -39,27 +39,32 @@ |
| 39 | 39 | ### **Image Metadata Collection** |
| 40 | 40 | |
| 41 | 41 | The Image Metadata Collection (IMC) is a collection of Image Metadata Entries (IMEs). |
| 42 | | -Each IME has a hash that matches a SOC image. |
| 42 | +Each IME has a digest that matches a SOC image. |
| 43 | 43 | The manifest vendor and owner private keys sign the IMC. |
| 44 | 44 | The Preamble holds the IMC signatures. |
| 45 | 45 | The manifest IMC vendor signatures are optional and are validated only if the **Flags Bit 0 = 1**. |
| 46 | | -Up to 127 image hashes are supported. |
| 46 | +Up to 127 image metadata entries are supported. |
| 47 | 47 | |
| 48 | 48 | | Field | Size (bytes) | Description | |
| 49 | 49 | | -------------------------------- | ------------ | --------------------------------------- | |
| 50 | 50 | | **Image Metadata Entry (IME) Count** | 4 | Number of IME(s) in the IMC. | |
| 51 | | -| **Image Metadata Entry (N)** | Variable | List of Image Metadata Entry structures | |
| 51 | +| **Image Metadata Entry (N)** | Variable | List of 80-byte Image Metadata Entry structures | |
| 52 | 52 | |
| 53 | 53 | #### **Image Metadata Entry** |
| 54 | 54 | |
| 55 | +The serialized IME layout follows `AuthManifestImageMetadata` in |
| 56 | +`auth-manifest/types/src/lib.rs`. Multi-word addresses are encoded as the low |
| 57 | +32-bit word followed by the high 32-bit word. |
| 58 | + |
| 55 | 59 | | Field | Size (bytes) | Description | |
| 56 | 60 | | ----------------------- | ------------ | ----------- | |
| 57 | | -| **Image Hash** | 48 | SHA2-384 hash of a SOC image. | |
| 58 | | -| **Image Identifier** | 4 | Unique value selected by the vendor to distinguish between images. | |
| 59 | | -| **Component Id** | 4 | Identifies the image component to be loaded. This corresponds to the `ComponentIdentifier` field defined in the DMTF PLDM Firmware Update Specification (DSP0267). | |
| 60 | | -| **Flags** | 4 | Image-specific flags.<br/>**Bits 1:0:** Image source.<br/>**Bit 2:** If set, the image hash will **not** be verified; otherwise, the metadata image hash will be compared against the calculated hash of the image.<br/>**Bits 8–14:** Firmware execution control bit mapped to this image.<br/>Other bits: reserved. | |
| 61 | | -| **Image Load Address High** | 4 | High 4 bytes of the 64-bit AXI address where the image will be loaded for verification and execution. | |
| 62 | | -| **Image Load Address Low** | 4 | Low 4 bytes of the 64-bit AXI address where the image will be loaded for verification and execution. | |
| 63 | | -| **Staging Address High** | 4 | High 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 64 | | -| **Staging Address Low** | 4 | Low 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 61 | +| **Firmware ID (`fw_id`)** | 4 | Unique value selected by the vendor to distinguish between firmware images. | |
| 62 | +| **Component ID (`component_id`)** | 4 | Identifies the image component to be loaded. This corresponds to the `ComponentIdentifier` field defined in the DMTF PLDM Firmware Update Specification (DSP0267). | |
| 63 | +| **Classification (`classification`)** | 4 | Component classification value associated with the image. | |
| 64 | +| **Flags (`flags`)** | 4 | Image-specific flags.<br/>**Bits 1:0:** Image source.<br/>**Bit 2:** If set, the image digest will **not** be verified; otherwise, the metadata image digest will be compared against the calculated digest of the image.<br/>**Bits 8–14:** Firmware execution control bit mapped to this image.<br/>Other bits: reserved. | |
| 65 | +| **Image Load Address Low (`image_load_address.lo`)** | 4 | Low 4 bytes of the 64-bit AXI address where the image will be loaded for verification and execution. | |
| 66 | +| **Image Load Address High (`image_load_address.hi`)** | 4 | High 4 bytes of the 64-bit AXI address where the image will be loaded for verification and execution. | |
| 67 | +| **Image Staging Address Low (`image_staging_address.lo`)** | 4 | Low 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 68 | +| **Image Staging Address High (`image_staging_address.hi`)** | 4 | High 4 bytes of the 64-bit AXI address where the image will be temporarily written during firmware update download and verification. | |
| 69 | +| **Image Digest (`digest`)** | 48 | SHA2-384 digest of the SOC image. | |
| 65 | 70 | |