Device Identity Provisioning: Expanding the Spec with Provisioning Flow #75
Conversation
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
4 times, most recently
from
4e77756 to
e248543
Compare
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
from
c35aace to
f28f146
Compare
|
@bluegate010 while addressing feedback, I also made few changes to GET_ENVELOPE_SIGNED_CSR to make it consistent with the other commands. |
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
13 times, most recently
from
fb292a4 to
e968925
Compare
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
2 times, most recently
from
62c84ca to
81aa721
Compare
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
2 times, most recently
from
ccda53d to
3fb2354
Compare
|
|
||
| - MAY omit implementation of `OCP_GET_SLOT_ID_MAPPING` | ||
| - SHALL still support all KeyProvisioningEntity values defined in this specification | ||
| - Focus on entity-based access without exposing slot details |
There was a problem hiding this comment.
Can this clarify what it means to focus on entity-based access?
There was a problem hiding this comment.
I will clarify, however Entity Based access, now that I read back does not seem the most appropriate language
|
|
||
| - MAY omit implementation of `OCP_GET_SLOT_ID_MAPPING` | ||
| - SHALL still support all KeyProvisioningEntity values defined in this specification | ||
| - Focus on entity-based access without exposing slot details |
There was a problem hiding this comment.
GET_ENVELOPE_SIGNED_CSR has a SignerSlotIDParam field, which seems to indicate that slots must be exposed in order to call it correctly.
There was a problem hiding this comment.
I'm thinking that the SignerSlotIDParam does not have relevance for the GET_ENVELOPE_SIGNED_CSR command in either SPDM or non-SPDM flows. The Envelope CSR is defined to be signed using the RT alias key, and therefore the SignerSlotIDParam does not influence the signing operation. The only requirement is that the requester who's authenticating the Envelope signed CSR has previously retrieved the certificate chain associated with a slot ID that has the RT alias certificate.
There was a problem hiding this comment.
The SignerSlotIDParam field is retained in the command structure to maintain compatibility with existing SPDM command formats. However, this field is not critical for the actual operation because the signing key is self-identified within the EAT response. Specifically, the kid claim in the COSE_Sign1 protected header contains the key identifier, allowing verifiers to determine which attestation key signed the EAT without relying on the SignerSlotIDParam value. This design ensures that both SPDM and non-SPDM implementations can process the response correctly - SPDM implementations may use SignerSlotIDParam as a hint, while non-SPDM implementations can treat it as don't-care and rely solely on the kid claim.
There was a problem hiding this comment.
I'm okay with keeping the SignerSlotIDParam, even if it's not used. A small clarification - in the current SPDM command format, the GET_CSR command does not have a Slot ID parameter. Instead, the Slot ID–KeyPairID association is established through the SET_CERTIFICATE command.
A requester may treat SignerSlotIDParam as a hint when locating the Attestation Key corresponding to the kid claim, while a responder can validate that the key with this kid is part of the certificate chain associated with the designated slot.
Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
…y to Enum type Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
…nsistency cleanup Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
from
3fb2354 to
7ff9f8c
Compare
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
6 times, most recently
from
1b592f4 to
70a0bff
Compare
…NVELOPE_SIGNED_CSR Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
2 times, most recently
from
ca2905d to
a0d3fb1
Compare
Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
fdamato
force-pushed
the
fadamato/dip_update_provisioning_flow
branch
from
a0d3fb1 to
6b9f6ba
Compare
|
|
||
| - **SPDM context**: SPDM defines 8 possible slots (0-7) where certificate chains can be stored. When an SPDM requester invokes `GET_CERTIFICATE`, they specify which slot's certificate chain they want to retrieve. | ||
|
|
||
| - **Attestation context**: During attestation, the device uses these certificate chains to establish trust. For example, when generating an EAT, the device may include a LEAF certificate that chains to one of the certificates stored in these slots. The verifier can then retrieve the appropriate certificate chain to validate the complete trust path. |
There was a problem hiding this comment.
Can we say Evidence instead of EAT to avoid any confusion with the Envelope Signed CSR EAT used in this document?
| | 1 | CommandCode | 1 | Shall be 05h to indicate | | ||
| | | | | GET_ENDORSEMENT. | | ||
| +--------+-------------------------+-------------------------+------------------------------------------+ | ||
| | 2 | Reserved | 4 | Reserved. | |
There was a problem hiding this comment.
Should the additional 1‑byte Reserved field also be removed?
| For devices that support both SPDM and OCP attestation paths: | ||
|
|
||
| - `OCP_SET_ENDORSEMENT` internally manages slot allocation based on the KeyProvisioningEntity | ||
| - `OCP_GET_ENDORSEMENT` retrieves endorsements by entity rather than slot number |
There was a problem hiding this comment.
Nit: For consistency, update this reference to also use KeyProvisioningEntity
|
|
||
| 1. **The chain SHALL terminate with a certificate for an advertised identity keypair** - The end-entity certificate in the chain MUST correspond to one of the keypairs for which the device can generate CSRs (e.g., IDevID, LDevID, or other device-specific identity keys). | ||
|
|
||
| 2. **Chain validation** - The device SHALL validate that: |
There was a problem hiding this comment.
Looks like this info is already covered in the Certificate Chain Validation section below, so it might redundant.
| ## Requesting an identity certificate during attestation {#sec:requesting-identity-cert-during-attestation} | ||
|
|
||
| This will be accomplished by selecting the correct `SlotIDParam` when invoking SPDM commands. | ||
| This will be accomplished by selecting the correct `SignerSlotIDParam` when invoking SPDM commands. |
There was a problem hiding this comment.
If this attestation is meant to establish trust before endorsement, could we make that a bit clearer? It’d be helpful to add this detail to the ‘Example provisioning sequence’ section above too.
3 participants
No description provided.