从无闪光到无畏：Rust 固件进阶 Caliptra 流式启动之旅.pdf

1、Vishal Soni(Microsoft)Xiling Sun(Microsoft)From Flashless to Fearless:A Rust Firmware Journey into Caliptra Streaming BootFrom Flashless to Fearless:A Rust Firmware Journey into Caliptra Streaming BootVishal Soni(Microsoft)Xiling Sun(Microsoft)SECURITYMotivation Escalating Security Threats&Tradition

2、al Boot Limitations Firmware as attack surface Flash vulnerabilities:Susceptible to tampering,rollback,and supply chain exploits.Static image constraints:Inflexible updates,slow recovery,and increased operational risk.Scalability and Flexibility for Modern Platforms Hyperscale provisioning:Fast,repe

3、atable RoT deployment across diverse hardware.Adaptive boot logic:Supports heterogeneous environments and dynamic configurations.Caliptra Streaming Boot:A Secure and Scalable Solution Eliminates persistent firmware storage:reducing an attack interface.Streams and validates firmware at boot dynamical

4、ly and securely.Streamlines the supply chain:No need to manage static firmware images.Caliptra Security Subsystem Architecture Recap https:/ Streaming Boot Flow Stage 1:Early Firmware Loading via OCP Recovery Protocol Caliptra FMC+RT SOC Manifest MCU Runtime Stage 2:Remainder Firmware Loading via PL

5、DM Firmware Update Protocol Enables modular,component-based firmware updates and supports“pull”model for flow control and error recovery.Remainder-firmware is loaded directly into device RAM,not persistent storage,enabling secure,impactless updates and rapid recovery.Device attests to its boot state

6、 via SPDM,ensuring integrity and compliance.Streaming Boot Enablement in MCU Firmware UserspaceMCTP DriverImage Loading APIRoT ApplicationsPLDM LibraryCaliptra Mailbox Driver DMA Driver(Vendor)I3C Target DriverAsync User Mode System Call InterfacePlatform Hardware/Software Emulator Tock Kernel RoT a