Skip to content

fw-2.1.1

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 22 Jun 18:03
· 5 commits to main since this release
Immutable release. Only release title and notes can be modified.
fw-2.1.1
24b1fff
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This is a combined runtime and FMC release.

Caliptra Firmware 2.1.1 Release Notes

Release notes for changes introduced since Firmware 2.1.0.

Features

  • DPE & Certification:
    • Add support for SIGN_WITH_EXPORTED_MLDSA (#3679)
    • Add a new command to chunk DPE certificates (CertifyKeyChunks) (#3765)
  • Runtime/FMC Functionality:
    • Add ACTIVATE_FIRMWARE INITIAL_ACTIVATE flag (#3720)
    • Add more telemetry to fw_info (#3631)

Fixes

  • Mailbox & Debug Unlock:
    • Fix TAP mailbox availability after debug unlock (#3848)
    • Bind debug unlock token to device UDI (#3694)
    • Fix WDT stop after production debug unlock (#3675)
    • Set PROD_DBG_UNLOCK_IN_PROGRESS bit in runtime to match ROM (#3628)
    • Require non-zeroized SEK & DPK for OCP-LOCK (#3606)
  • Firmware Activation & Auth:
    • Fix ActivateFirmware to call AuthorizeAndStash correctly (#3719)
    • Fix ACTIVATE_FIRMWARE to use exec_bit instead of fw_id for activate bitmap (#3619)
    • Bound auth manifest metadata lookup by entry_count (#3732)
    • Address-based authorize-and-stash measurement (#3688)
  • FIPS & Cryptography:
    • Fix AES-GCM streaming GHASH save/restore bug (#3790)
    • Add missing KATs in runtime start up (#3799)
    • Add ML-KEM, ML-DSA, and ECDH pairwise consistency tests (PCT) (#3548, #3547, #3546)
    • Fix runtime FIPS shutdown zeroization (#3808)
  • General:
Assets 160
Loading