Skip to content

dpe: Resolve feedback items from #66 #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhalvorsen wants to merge 1 commit into
base: main
Choose a base branch
from
Open

dpe: Resolve feedback items from #66 #88

zhalvorsen wants to merge 1 commit into from
+35 −34

Conversation

@zhalvorsen
Copy link
Contributor

@zhalvorsen zhalvorsen commented Dec 18, 2025

Fixes #86

  • Adds maximum certificate size for ML-DSA
  • Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate
  • Adds detail about ML-DSA private key derivation

jhand2
jhand2 reviewed Dec 18, 2025
View reviewed changes
zhalvorsen
zhalvorsen commented Jan 5, 2026
View reviewed changes
specifications/dpe-irot-profile/spec.ocp Outdated
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
| 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain.
Copy link
Contributor Author

@zhalvorsen zhalvorsen Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhand2 Instead of changing this ABI, what if we added a return status that was "There is still more data"?

Copy link
Contributor

@jhand2 jhand2 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, ya I think that's how it works today: https://github.com/chipsalliance/caliptra-dpe/blob/main/verification/client/abi.go#L548-L551

Although in retrospect, InvalidArgument was probably a bad return code to choose :)

Copy link
Contributor Author

@zhalvorsen zhalvorsen Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I aligned the functionality more with how the upstream spec handles multi-part operations. This allows us to simplify some aspects along with being more compliant. Let me know what you think.

@zhalvorsen
dpe: Resolve feedback items from opencomputeproject#66
cc25817 
Fixes opencomputeproject#86

* Adds maximum certificate size for ML-DSA
* Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate
* Adds detail about ML-DSA private key derivation

Signed-off-by: Zach Halvorsen <zhalvorsen@google.com>
@zhalvorsen zhalvorsen mentioned this pull request Jan 15, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jhand2 jhand2 jhand2 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DPE: Open comments on ML-DSA-87 Profile

2 participants

@zhalvorsen @jhand2