runtime/README.md: Update documentation for IDevId commands

This adds documentation for the GET_IDEV_CERT and GET_IDEV_INFO commands. Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
chipsalliance · Aug 31, 2023 · a0c9794 · a0c9794
1 parent 83745c8
commit a0c9794
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 2 deletions.
diff --git a/runtime/README.md b/runtime/README.md
@@ -118,6 +118,29 @@ Table: `CALIPTRA_FW_LOAD` output arguments
 | chksum      | u32      | Checksum over other output arguments, computed by Caliptra. Little endian.
 | fips_status | u32      | Indicates if the command is FIPS approved or an error
 
+### GET\_IDEV\_CERT
+
+Exposes a command to reconstruct the IDEVID CERT
+
+Command Code: `0x4944_4543` ("IDEC")
+
+Table: `GET_IDEV_CERT` input arguments
+
+| **Name**  | **Type**      | **Description**
+| --------  | --------      | ---------------
+| chksum    | u32           | Checksum over other input arguments, computed by the caller. Little endian.
+| tbs_size  | u32           | Size of the TBS
+| tbs       | u8[916]       | TBS, with a maximum size of 916. Only bytes up to tbs_size are used.
+
+Table: `GET_IDEV_CERT` output arguments
+
+| **Name**    | **Type**   | **Description**
+| --------    | --------   | ---------------
+| chksum      | u32        | Checksum over other output arguments, computed by Caliptra. Little endian.
+| fips_status | u32        | Indicates if the command is FIPS approved or an error
+| cert_size   | u32        | Length in bytes of the cert field in use for the IDevId certificate
+| cert        | u8[1024]   | DER-encoded IDevID CERT
+
 ### GET\_IDEV\_CSR
 
 ROM exposes a command to get a self-signed IDEVID CSR.
@@ -140,6 +163,27 @@ Table: `GET_IDEV_CSR` output arguments
 | data_size   | u32        | Length in bytes of the valid data in the data field
 | data        | u8[...]    | DER-encoded IDevID CSR
 
+### GET\_IDEV\_INFO
+
+Exposes a command to get a IDEVID public key.
+
+Command Code: `0x4944_4549` ("IDEI")
+
+Table: `GET_IDEV_INFO` input arguments
+
+| **Name**  | **Type**      | **Description**
+| --------  | --------      | ---------------
+| chksum    | u32           | Checksum over other input arguments, computed by the caller. Little endian.
+
+Table: `GET_IDEV_INFO` output arguments
+
+| **Name**    | **Type**   | **Description**
+| --------    | --------   | ---------------
+| chksum      | u32        | Checksum over other output arguments, computed by Caliptra. Little endian.
+| fips_status | u32        | Indicates if the command is FIPS approved or an error
+| idev_pub_x  | u8[48]     | X portion of ECDSA IDevId key
+| idev_pub_y  | u8[48]     | Y portion of ECDSA IDevId key
+
 ### GET\_LDEV\_CERT
 
 ROM exposes a command to get a self-signed LDevID Certificate signed by IDevID.

diff --git a/runtime/src/info.rs b/runtime/src/info.rs
@@ -54,10 +54,10 @@ impl IDevIdCertCmd {
         }
 
         let Ok(r) = sig_as_bytes[..Ecdsa384Signature::ECDSA_COORD_LEN].try_into() else {
-            return Err(CaliptraError::RUNTIME_MAILBOX_INVALID_PARAMS);
+            return Err(CaliptraError::RUNTIME_GET_DEVID_CERT_FAILED);
         };
         let Ok(s) = sig_as_bytes[Ecdsa384Signature::ECDSA_COORD_LEN..].try_into() else {
-            return Err(CaliptraError::RUNTIME_MAILBOX_INVALID_PARAMS);
+            return Err(CaliptraError::RUNTIME_GET_DEVID_CERT_FAILED);
         };
 
         Ok(Ecdsa384Signature { r, s })