Update "Issuing and provisioning of an ID certificate" and "Requestin…#100
Open
xiaoyuruan wants to merge 1 commit into
Open
Update "Issuing and provisioning of an ID certificate" and "Requestin…#100xiaoyuruan wants to merge 1 commit into
xiaoyuruan wants to merge 1 commit into
Conversation
…g an ID cert during attestation" drafted the two subsections for review. Signed-off-by: Xiaoyu Ruan <xiaoyu.ruan@intel.com>
xiaoyuruan
commented
May 29, 2026
| The Requester should execute the following sequence for issuing and provisioning an identity certificate chain to the Responder device. | ||
|
|
||
| TODO: fill in additional details. | ||
| 1. Acquire all keypair IDs and their associated OIDs for derivation attributes from the Responder device by issuing `GET_ATTESTED_CSR` request with `KeyPairID` = 0. The `GET_ATTESTED_CSR` may or may not require an attested response, depending on the security model of the Requester's use case. However, the Responder shall provide a signature if the request asks so, i.e., `SignerSlotIDParam` Bit [4] is 1. |
Author
There was a problem hiding this comment.
"The GET_ATTESTED_CSR may or may not require an attested response" -> always requires signature
xiaoyuruan
commented
May 29, 2026
| ## Issuing and provisioning an identity certificate {#sec:issuing-and-provisioning-identity-cert} | ||
|
|
||
| This will be accomplished via the `SET_CERTIFICATE` SPDM command. | ||
| The Requester should execute the following sequence for issuing and provisioning an identity certificate chain to the Responder device. |
Author
There was a problem hiding this comment.
Place these below the figure above.
xiaoyuruan
commented
May 29, 2026
| 4. Construct and sign an identity leaf certificate for the Responder based off the CSR. The leaf certificate is rooted to the Requester's trust anchor. | ||
| 5. Issue SPDM `SET_CERTIFICATE` request to provision the identity certificate chain to the Responder. The `SlotID` should point to a slot that is currently not provisioned. | ||
|
|
||
| ## Requesting an identity certificate during attestation {#sec:requesting-identity-cert-during-attestation} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…g an ID cert during attestation"
drafted the two subsections for review.