Skip to content

rom-2.1.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 17 Jun 13:13
· 13 commits to main since this release
Immutable release. Only release title and notes can be modified.
rom-2.1.2
45de392
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Caliptra ROM 2.1.2 Release Notes

Release notes for changes introduced since ROM 2.1.1 through 45de392f on the main branch.

Features

  • Add Stable Owner Key derivation from HEK seed (#3625)
  • Gate fatal error reporting on recovery reset strap (#3887)

Fixes

  • Verify firmware after loading to ICCM (#3702)
  • Use SS_STRAP_GENERIC[2] to configure entropy_src single-bit mode during CSRNG initialization (#3809)
  • Disable entropy_src repcnts health test in ROM (#3836)
  • Set CSRNG entropy_src CONF.THRESHOLD_SCOPE to false (#3788)
  • Mark hash-based ECDSA/LMS verify as FIPS non-approved (#3803)
  • Disallow UDS programming when debug intent is set (#3804)
  • Reject prod debug unlock request if pk hash fuse is zeroized or uninitialized (#3602)
  • Zeroize ROM state before acknowledging SHUTDOWN (#3807)
  • Debug unlock token: move key hash check from mailbox SRAM to stack (#3766)
  • Update OCP LOCK key ladder to use DOE (#3701)
  • Use configurable OTP status offset for UDS/FE (#3723)
  • Add MLDSA-87 SigVer KAT (#3795)
  • Add CTR_DRBG-AES-256 KAT for CSRNG (#3706)
  • Add hashing step to ECDSA KAT (#3821)
  • Add MLDSA pairwise consistency test (PCT) (#3547)
  • Advertise recovery capabilities and report boot failure reasons (#3846)
  • Fix TAP mailbox availability after debug unlock (#3848)
  • Raise OTP error result on zeroization (#3858)
  • Write-lock Stable IDevID/LDevID identity root keys (#3873)

Full Changelog: rom-2.1.1...rom-2.1.2

Assets 160
Loading