Skip to content

dpe: Resolve feedback items from #66 #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhalvorsen wants to merge 1 commit into
base: main
Choose a base branch
from
Open

dpe: Resolve feedback items from #66 #88

zhalvorsen wants to merge 1 commit into from

Conversation

@zhalvorsen
Copy link
Contributor

@zhalvorsen zhalvorsen commented Dec 18, 2025

Fixes #86

  • Adds maximum certificate size for ML-DSA
  • Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate
  • Adds detail about ML-DSA private key derivation

@zhalvorsen
dpe: Resolve feedback items from opencomputeproject#66
0913e48 
Fixes opencomputeproject#86

* Adds maximum certificate size for ML-DSA
* Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate
* Adds detail about ML-DSA private key derivation

Signed-off-by: Zach Halvorsen <zhalvorsen@google.com>
jhand2
jhand2 reviewed Dec 18, 2025
View reviewed changes
zhalvorsen
zhalvorsen commented Jan 5, 2026
View reviewed changes
specifications/dpe-irot-profile/spec.ocp
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
| 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain.
Copy link
Contributor Author

@zhalvorsen zhalvorsen Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhand2 Instead of changing this ABI, what if we added a return status that was "There is still more data"?

Copy link
Contributor

@jhand2 jhand2 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, ya I think that's how it works today: https://github.com/chipsalliance/caliptra-dpe/blob/main/verification/client/abi.go#L548-L551

Although in retrospect, InvalidArgument was probably a bad return code to choose :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jhand2 jhand2 jhand2 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DPE: Open comments on ML-DSA-87 Profile

2 participants

@zhalvorsen @jhand2