Caliptra icon indicating copy to clipboard operation
Caliptra copied to clipboard

Published 20 hours ago verified publisher icon chipsalliance

Certificate OIDs

Open bluegate010 opened this issue 1 year ago • 1 comments

There had been a question of what kind of SPDM OIDs we might need to add to the alias certs generated by Caliptra. We discussed how SPDM is introducing the "generic certificate model" where no OIDs are needed, so no problem here. However, in the latest draft, SPDM Slot 0 is required to use either the Device cert model or Alias cert model, and not the Generic cert model.

That being said, there is no "shall" requirement directing the use of these OIDs - they are only "strongly recommended for new deployments".

SPDM 1.3 is still in draft form. We could ask that the stricture against generic certs in slot 0 be lifted. Or, we could work to add the necessary OIDs in the certs generated by Caliptra. In either case I don't think any changes are necessary to ROM.

bluegate010 avatar Mar 22 '23 13:03 bluegate010