Caliptra releases
Caliptra is released in independently versioned components: RTL, ROM, FMC and Runtime FW. They are all represented by 3 values: major.minor.patch (such as 1.0.2). The first 2 values, major.minor, correspond to a set of features caliptra supports. The patch value is incremented as new releases are made with bug fixes. Lastly, mutable firmware (FMC/FW) have security version numbers (SVNs) that are incremented as required by when addressing security-critical issues. These are specified with the label (svn/svn) for (FMC/FW) versions respectively.
Caliptra 2.0
Additional Features
- Support ML-DSA Caliptra FW Signature
- Support OCP Recovery
- Support Caliptra Sub-System
- IDevID CSR HMAC Signing
- Crypto Offload Mailbox Services
*** Only RTL release versions 2.0.2+ should be used due to ROM compatibility requirements.
Compatible Configurations
| RTL | ROM | Runtime FMC/FW |
|---|---|---|
| 2.0.2+ | 2.0.x | 2.0.x (0/0) |
Caliptra 1.2
Additional Features
- Manifest-based Authorization
- SET_AUTH_MANIFEST
- AUTHORIZE_AND_STASH
- Deferred retrieval of IDEV CSR**
- GET_IDEVID_CSR
- Self-signed FMC Alias CSR
- GET_FMC_ALIAS_CSR
- DPE export of CDI
- SIGN_WITH_EXPORTED_ECDSA
- REVOKE_EXPORTED_CDI_HANDLE
- DPE max cert size increased to 6kB
** Requires 1.2 ROM
Compatible Configurations
| RTL | ROM | Runtime FMC/FW |
|---|---|---|
| 1.1.x | 1.2.x | 1.2.x (0/0) |
| 1.1.x | 1.1.x | 1.2.x (0/0) |
| 1.0.x | 1.0.x | 1.2.x (0/0) |
Caliptra 1.1
Additional Features
- ECC HW performance enhancements*
- LMS HW acceleration*
- New Runtime commands
- LMS_SIGNATURE_VERIFY
- ADD_SUBJECT_ALT_NAME
- CERTIFY_KEY_EXTENDED
- Expanded PL0 contexts to 16
* Requires 1.1 RTL
Compatible Configurations
| RTL | ROM | Runtime FMC/FW |
|---|---|---|
| 1.1.x | 1.1.x | 1.1.x (0/0) |
| 1.0.x | 1.0.x | 1.1.x (0/0) |
Caliptra 1.0
Compatible Configurations
| RTL | ROM | Runtime FMC/FW |
|---|---|---|
| 1.0.x | 1.0.x | 1.0.x (0/0) |
Development Branches and Release Tags
There are several versions of Caliptra HW and SW collateral, described above. Each `major.minor` version has an associated development branch where release tags point to. The table below summarizes the git repositories and branches used for the development and maintenance of each Caliptra version in the project.
| Mode | Version | Caliptra Core HW Repo | Caliptra Subsystem HW Repo | Caliptra Core SW Repo | Caliptra MCU SW Repo |
|---|---|---|---|---|---|
| Passive | 1.0 | caliptra-rtl:patch_v1.0 | N/A | caliptra-sw:caliptra-1.x | N/A |
| Passive | 1.1 | caliptra-rtl:patch_v1.1 | N/A | caliptra-sw:caliptra-1.x | N/A |
| Passive/Subsystem | 2.0 | caliptra-rtl:patch_v2.0 | caliptra-ss:patch_ss_v1p0 | caliptra-sw:caliptra-2.0 | caliptra-mcu-sw:main |
| Passive/Subsystem | 2.1 | caliptra-rtl:patch_v2.1 | caliptra-ss:patch_ss_v2.1 | caliptra-sw:main | caliptra-mcu-sw:main-2.1 |
Project Milestones
The Caliptra project is under active development, and at any given time, is marching towards several milestones. The project uses GitHub milestones, defined across several repositories, to track work and manage release timelines. The milestones defined across each repository are linked below. Note that some milestones are duplicated across repositories. This is done to overcome a pitfall in how GitHub manages milestones. Specifically, GitHub milestones are created per-repository, instead of per-organization. Therefore, if a project has tasks (i.e., issues) spread across multiple repositories (e.g., caliptra-sw and caliptra-mcu-sw), that all pertain to the same milestones, the miletone itself must be duplicated across each repo.
| Repo | Milestones |
|---|---|
| caliptra-sw | milestones |
| caliptra-mcu-sw | milestones |
| caliptra-rtl | milestones |
| caliptra-ss | milestones |