Skip to content

Commit

Permalink
update Caliptra.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@coach-bin @sunguk-bin-fad
coach-bin authored and sunguk-bin-fad committed Dec 17, 2024
1 parent e8b4f9f commit 9e6d576
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion doc/Caliptra.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -667,7 +667,7 @@ Caliptra RT generates the DPE certificate and endorses it with the Alias<sub>RT<
* End-of-life state is owned by SoC. In end-of-life device lifecycle state, Caliptra shall not not be brought out of reset.
* Other encodings are reserved and always assumed to be in a secure state.

Each of these security states may be mapped to different SoC level debug and security states. SoC’s requirement is that if the SoC enters a debug state, then Caliptra must also be in an unsecured state where all assets are cleared. Caliptra security state is captured by hardware on every warm reset; therefore SoC integrators enforce the security state transition policies for cold boot events. These policies are described in the preceding table.
Each of these security states may be mapped to different SoC level debug and security states. SoC’s requirement is that if the SoC enters an insecure state, then Caliptra must also be in an insecure state where all assets are cleared. Caliptra security state is captured by hardware on every warm reset; therefore SoC integrators enforce the security state transition policies for cold boot events. These policies are described in the preceding table.

## Service surface

Expand Down
2 changes: 1 addition & 1 deletion doc/caliptra_1x/Caliptra.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,7 +617,7 @@ Caliptra RT generates the DPE certificate and endorses it with the Alias<sub>RT<
* End-of-life state is owned by SoC. In end-of-life device lifecycle state, Caliptra shall not not be brought out of reset.
* Other encodings are reserved and always assumed to be in a secure state.

Each of these security states may be mapped to different SoC level debug and security states. SoC’s requirement is that if the SoC enters a debug state, then Caliptra must also be in an unsecured state where all assets are cleared. Caliptra security state is captured by hardware on every warm reset; therefore SoC integrators enforce the security state transition policies for cold boot events. These policies are described in the preceding table.
Each of these security states may be mapped to different SoC level debug and security states. SoC’s requirement is that if the SoC enters an insecure state, then Caliptra must also be in an insecure state where all assets are cleared. Caliptra security state is captured by hardware on every warm reset; therefore SoC integrators enforce the security state transition policies for cold boot events. These policies are described in the preceding table.

## Service surface

Expand Down

0 comments on commit 9e6d576

Please sign in to comment.