dpe: Resolve feedback items from #66#88
Open
zhalvorsen wants to merge 1 commit intoopencomputeproject:mainfrom
Open
dpe: Resolve feedback items from #66#88zhalvorsen wants to merge 1 commit intoopencomputeproject:mainfrom
zhalvorsen wants to merge 1 commit intoopencomputeproject:mainfrom
Conversation
zhalvorsen
force-pushed
the
dpe-feedback
branch
from
fc6c886 to
0913e48
Compare
jhand2
reviewed
Dec 18, 2025
zhalvorsen
commented
Jan 5, 2026
| | 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`. | ||
| | 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read. | ||
| | 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain. | ||
| | 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain. |
Contributor
Author
There was a problem hiding this comment.
@jhand2 Instead of changing this ABI, what if we added a return status that was "There is still more data"?
Contributor
There was a problem hiding this comment.
Oh, ya I think that's how it works today: https://github.com/chipsalliance/caliptra-dpe/blob/main/verification/client/abi.go#L548-L551
Although in retrospect, InvalidArgument was probably a bad return code to choose :)
Contributor
Author
There was a problem hiding this comment.
I aligned the functionality more with how the upstream spec handles multi-part operations. This allows us to simplify some aspects along with being more compliant. Let me know what you think.
zhalvorsen
force-pushed
the
dpe-feedback
branch
from
0913e48 to
cc25817
Compare
zhalvorsen
force-pushed
the
dpe-feedback
branch
from
cc25817 to
da19580
Compare
zhalvorsen
force-pushed
the
dpe-feedback
branch
2 times, most recently
from
94c6d32 to
a086515
Compare
Fixes opencomputeproject#86 * Adds maximum certificate size for ML-DSA * Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate * Adds detail about ML-DSA private key derivation Signed-off-by: Zach Halvorsen <zhalvorsen@google.com>
zhalvorsen
force-pushed
the
dpe-feedback
branch
from
a086515 to
7ea1ac8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #86
GetCertificateChainResponse.size == the size of the certificate