Most Recent Error Must Always Be Accessible #1782
Labels
Caliptra v2.0
Items to be considered for v2.0 Release
FIPS Level 3
FIPS
Related to FIPS requirements
Comments
nquarton
added
FIPS
I think I would prefer not to do this because it can cause confusion with the caller thinking the last command has failed even if it hasn't.
I think I would prefer this. We can use the fw_info command or a FIPS status command. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
FIPS 140-3 level 3 AS10.12 requires an error log where, at minimum, the most recent error be readable.
Currently, our non-fatal errors are cleared when Caliptra receives a new command. We may consider simply not clearing these non-fatal errors and relying on the SoC to do so to meet this requirement. This is not an issue for fatal errors since they are not cleared by the module.
Alternatively, if there is some reason we would still need to clear the non-fatal errors, FW may need to store the most recent non-fatal error and make it available via a new API. This isn't ideal though since this is inconsistent with how the SoC normally retrieves errors and likely would not be available in ROM or when the module encounters a fatal error.
The text was updated successfully, but these errors were encountered: