How to provision certificate chains to device #2871
-
|
Hi, if SPDM Spec: DSP0274_1.1.0 is used, could you please tell me how to provision a device with certificate chains? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
That information is specific to a device and device vendor. For the slot 0 certificate chain it is usually provisioned during manufacturing, and SPDM itself is not involved. Ie, the certificate chain is sent to the non-volatile storage via a JTAG or I2C port. If the device allows provisioning of other certificate chain slots then it may use SPDM vendor defined messages, or some non-SPDM protocol. |
Beta Was this translation helpful? Give feedback.
-
|
OK, thank you. By the way, if SPDM Spec DSP0274_1.2.0 or above is used, whether GET_CSR and SET_CERTIFICATE CMDs must be used by device vendor as the only way to provision certificates? |
Beta Was this translation helpful? Give feedback.
-
|
No, the device vendor is free to use non-SPDM means to provision certificate chains. |
Beta Was this translation helpful? Give feedback.
-
|
OK,thank you! |
Beta Was this translation helpful? Give feedback.
That information is specific to a device and device vendor. For the slot 0 certificate chain it is usually provisioned during manufacturing, and SPDM itself is not involved. Ie, the certificate chain is sent to the non-volatile storage via a JTAG or I2C port. If the device allows provisioning of other certificate chain slots then it may use SPDM vendor defined messages, or some non-SPDM protocol.