Caliptra 子系统制造与生产调试流程.pdf

1、Miguel Osorio(Google)Vishal Mhatre(Microsoft)John Thomson(lowRISC)Caliptra Subsystem Manufacturing&Production Debug FlowsCaliptra Subsystem Manufacturing&Production Debug FlowsMiguel Osorio(Google)Vishal Mhatre(Microsoft)John Thomson(lowRISC)SECURITYWhy Secure Lifecycle Management MattersChallenge:H

2、ow do we test,provision and debug a device throughout its lifecycle without compromising the Root of Trust(RoT)?Caliptras Approach:A hardware-enforced,state-based model that separates privileges between lifecycle stages(e.g.Factory versus In-Field),providing robust manufacturing and debug capabiliti

3、es while ensuring secrets are never exposed.Key Enablers:Lifecycle Controller(LCC):Manages the lifecycle device state in hardware.Fuse Controller(FC):Provides a logic abstraction to the fuse macro,building secure,permanent storage for secrets,public assets and configuration.No TokenThe Lifecycle Con

4、troller(LCC)and TAP InterfaceFoundation:Based on the OpenTitan LCC,enhanced for Caliptras needs.Function:Manages secure,forward-only transitions between lifecycle states.Interactions:Communicates with the Fuse Controller to read/write stale information and with the SoC to enforce security policies.S

5、CRAP:Terminal state,no token required.RMA:Terminal state.Token required from operational states.TAPis the primary interface for lifecycle management,including state transitions with provided token.RAWTEST 0,.,NLocked 0,.,NManufPRODSCRAPRMAPROD_DEBUGMANUF_DEBUGPROD_ENDTokenCaliptra Core ReqThe Fuse C

6、ontroller(FC)Provides One-Time-Programmable(OTP)for critical data.Stores lifecycle state,secret seeds(UDS,Field Entropy),public key hashes and configuration options.Implements hardware partitions to isolate secrets from general configuration.Secret partitions are scrambled,and not accessible by MCU