Caliptra consists of IP and firmware for an integrated Root of Trust block.

Caliptra targets datacenter-class SoCs like CPUs, GPUs, DPUs, TPUs. It is the specification, silicon logic, ROM and firmware for implementing a Root of Trust for Measurement (RTM) block inside an SoC. A Caliptra integration provides the SoC with Identity, Measured Boot and Attestation capabilities.

Caliptra is a project originally incepted at the Open Compute Project (OCP). The major revisions of the Caliptra specifications are published at OCP. The evolving source code and documentation for Caliptra live in this repository within the CHIPS Alliance Project, a Series of LF Projects, LLC.

The Caliptra WorkGroup Technical Charter sets out the charter governing the Caliptra project and its marks.

• Main Caliptra specification 1.x
• Caliptra Core Hardware Specification
• Caliptra Core Hardware Integration Specification
• ROM 1.x
• FMC
• Runtime

• Main Caliptra specification 2.0 - Version 0.5
• Caliptra Subsystem Hardware Specification - Version 0.5
• Note: Hardware integration specs will be following the RTL Freezes & Releases timelines
• ROM 2.x - WIP
• FMC 2.x - WIP
• Runtime 2.x - WIP
• MCU Firmware and SDK specification - WIP

Caliptra is released in independently versioned components: RTL, ROM, FMC and Runtime FW. They are all represented by 3 values: major.minor.patch (such as 1.0.2). The first 2 values, major.minor, correspond to a set of features caliptra supports. The patch value is incremented as new releases are made with bug fixes.

Not all components necessarily need to be of the same major.minor version to be compatible. Details are below:

Compatible Configurations:

Additional Features

• ECC HW performance enhancements*
• LMS HW acceleration*
• New Runtime commands
  • LMS_SIGNATURE_VERIFY
  • ADD_SUBJECT_ALT_NAME
  • CERTIFY_KEY_EXTENDED
• Expanded PL0 contexts to 16

* Requires 1.1 RTL

Compatible Configurations:

Additional Features

• Manifest-based Authorization
  • SET_AUTH_MANIFEST
  • AUTHORIZE_AND_STASH
• Deferred retrieval of IDEV CSR**
  • GET_IDEVID_CSR
• Self-signed FMC Alias CSR
  • GET_FMC_ALIAS_CSR
• DPE export of CDI
  • SIGN_WITH_EXPORTED - WIP

** Requires 1.2 ROM

Compatible Configurations:

• Caliptra Software CI dashboard -- includes ROM
• Caliptra CPU DV coverage dashboard

The Caliptra code base and documentation are split across five repositories:

The GitHub config parameters for all of the branches are documented in a local file.

All these URLs redirect into the repositories above.

• repo.caliptra.io
• spec.caliptra.io
• sw.caliptra.io
• fw.caliptra.io
• hw.caliptra.io
• rtl.caliptra.io
• dpe.caliptra.io
• ureg.caliptra.io
• ireg[s].caliptra.io
• ereg[s].caliptra.io

For information on the Caliptra security policy, how to report a vulnerability, and published security advisories, refer to Caliptra security policy.

The Caliptra workgroup meets every Friday at 9am PT. Meeting invite and agenda are posted to the mailing list. The call invite is also reachable from the CHIPS Workgroups page.

A Slack channel is used for interactive discussions. Keep in mind development activity is focused on GitHub issues and Pull Request reviews, rarely on the Slack channel. If you have issues joining please contact the mailing list.

Please sign the CHIPS CLA (as an individual or your company if affiliated) before participating in these channels.

All code written for Caliptra and found in these repositories is licensed under the Apache Source License 2.0. You can find out more by reading our document on how to contribute.