Skip to content

DPE ML-DSA: hybrid feature, crypto trait, 32 contexts, dual profile c…#3612

Draft
parvathib wants to merge 1 commit intocaliptra-2.0from
pbhogaraju/dpe-mldsa-2.0-p3-32
Draft

DPE ML-DSA: hybrid feature, crypto trait, 32 contexts, dual profile c…#3612
parvathib wants to merge 1 commit intocaliptra-2.0from
pbhogaraju/dpe-mldsa-2.0-p3-32

Conversation

@parvathib
Copy link
Copy Markdown
Contributor

@parvathib parvathib commented Apr 13, 2026

…ommands

Squashed backport of:

DPE rev: a26db5b — last rev bumped by PRs in this list (#3371). Not updated to caliptra-dpe main (cfc9a71) because DPE commit 337f7e4 (Update CFI #531) renamed caliptra-cfi packages from caliptra-cfi--git to caliptra-cfi-, which conflicts with caliptra-2.0 CFI. Updating 2.0 CFI to match would be a ROM change.

Using 32 DPE contexts (not 64 from #3246) because 64 contexts requires DPE_SIZE=10KB which changes PersistentData layout and breaks the frozen ROM hash. 32 contexts keeps DPE_SIZE=5KB.

caliptra-2.0 adaptations:

  • DpeMldsaCrypto uses MldsaReg (2.0 has dedicated ML-DSA HW register; main uses AbrReg shared Adams Bridge register for ML-DSA and ML-KEM)
  • SignData::Mu returns CryptoError::NotImplemented (no external-mu on 2.0)
  • Removed ML-KEM commands (no ML-KEM HW on 2.0)
  • Removed main-only commands (ocp_lock, shake256)
  • Flat PersistentData paths (2.0 uses single struct, not rom/fw split)
  • Kept 2.0 caliptra-cfi-*-git package names to avoid ROM recompilation
  • RUNTIME_SIZE=176KB (main uses 210KB; 2.0 has fewer runtime features)

Known issue: firmware stack overflow (~8KB over 140KB budget) during initialize_dpe. The hybrid DPE Response enum is ~25KB (MAX_CERT_SIZE = 22KB) and is allocated on the stack by CommandExecution::execute(). Needs stack space or DCCM space resolution.

@parvathib
DPE ML-DSA: hybrid feature, crypto trait, 32 contexts, dual profile c…
50b1a34 
…ommands

Squashed backport of:
- [dpe] Enable hybrid DPE feature (#3243)
- [dpe] Add ML-DSA DPE Crypto trait (#3315)
- [dpe] Add support for 64 DPE contexts (#3246)
- [dpe] Add ML-DSA DPE command (#3326)
- [dpe] Test ML-DSA CertifyKey (#3357)
- [dpe] Test using external mu with ML-DSA profile (#3371)
- [dpe] reduce nesting of InvokeDpeCmd::execute (#3386)
- [dpe] Add optional ML-DSA response over DMA (#3391)
- [dpe] Add HW model support for large DPE responses (#3403)
- [dpe] Support both DPE profiles in more tests (#3407)
- [dpe] Add a test for worst case scenario certs and CSRs (#3417)
- [dpe] Fail early for response sizing (#3415)
- [dpe] Add ML-DSA support to CertifyKeyExtended (#3426)
- [dpe] Test ML-DSA profile with golang verification (#3454)
- [dpe] Add comment that initialization is profile agnostic (#3460)

DPE rev: a26db5b — last rev bumped by PRs in this list (#3371).
Not updated to caliptra-dpe main (cfc9a71) because DPE commit
337f7e4 (Update CFI #531) renamed caliptra-cfi packages from
caliptra-cfi-*-git to caliptra-cfi-*, which conflicts with
caliptra-2.0 CFI. Updating 2.0 CFI to match would be a ROM change.

Using 32 DPE contexts (not 64 from #3246) because 64 contexts
requires DPE_SIZE=10KB which changes PersistentData layout and
breaks the frozen ROM hash. 32 contexts keeps DPE_SIZE=5KB.

caliptra-2.0 adaptations:
- DpeMldsaCrypto uses MldsaReg (2.0 has dedicated ML-DSA HW register;
  main uses AbrReg shared Adams Bridge register for ML-DSA and ML-KEM)
- SignData::Mu returns CryptoError::NotImplemented (no external-mu on 2.0)
- Removed ML-KEM commands (no ML-KEM HW on 2.0)
- Removed main-only commands (ocp_lock, shake256)
- Flat PersistentData paths (2.0 uses single struct, not rom/fw split)
- Kept 2.0 caliptra-cfi-*-git package names to avoid ROM recompilation
- RUNTIME_SIZE=176KB (main uses 210KB; 2.0 has fewer runtime features)

Known issue: firmware stack overflow (~8KB over 140KB budget) during
initialize_dpe. The hybrid DPE Response enum is ~25KB (MAX_CERT_SIZE
= 22KB) and is allocated on the stack by CommandExecution::execute().
Needs stack space or DCCM space resolution.
@parvathib parvathib force-pushed the pbhogaraju/dpe-mldsa-2.0-p3-32 branch from c95cade to 50b1a34 Compare April 13, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhand2 jhand2 Awaiting requested review from jhand2 jhand2 will be requested when the pull request is marked ready for review jhand2 is a code owner

@fdamato fdamato Awaiting requested review from fdamato fdamato will be requested when the pull request is marked ready for review fdamato is a code owner

@rusty1968 rusty1968 Awaiting requested review from rusty1968 rusty1968 will be requested when the pull request is marked ready for review rusty1968 is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 will be requested when the pull request is marked ready for review bluegate010 is a code owner

@mhatrevi mhatrevi Awaiting requested review from mhatrevi mhatrevi will be requested when the pull request is marked ready for review mhatrevi is a code owner

@swenson swenson Awaiting requested review from swenson swenson will be requested when the pull request is marked ready for review swenson is a code owner

@vsonims vsonims Awaiting requested review from vsonims vsonims will be requested when the pull request is marked ready for review vsonims is a code owner

@zhalvorsen zhalvorsen Awaiting requested review from zhalvorsen zhalvorsen will be requested when the pull request is marked ready for review zhalvorsen is a code owner

@timothytrippel timothytrippel Awaiting requested review from timothytrippel timothytrippel will be requested when the pull request is marked ready for review timothytrippel is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@parvathib