On-Die Certificate Authority (ODCA)

The On-Die Certificate Authority (ODCA) is a feature added to Intel CSME hardware starting from Tiger Lake. It replaces the existing Intel EPID signing algorithm, which is planned for deprecation.
The On-Die Certificate Authority is used for issuing certificates for Intel CSE applications (e.g., Intel AMT). Each platform is manufactured with a unique ODCA key and certificate.

Use Cases for ODCA

   The Intel AMT ODCA certificate can be used as an Intel AMT TLS Server certificate for PKI MTLS (mutual TLS) provisioning, assuring that the configuration software is communicating with authentic Intel AMT firmware.

   Before provisioning Intel AMT and after Intel AMT has been provisioned, the Intel AMT ODCA Certificate can be used to verify that the Intel AMT firmware has not been revoked because of a vulnerability by checking the ODCA certificate chain against the Intel ODCA CRL. (Use the AMT_GeneralSettings.AMTAuthenticate challenge response for post provisioning). This allows you to update the firmware before the system is compromised

   You can use the CSME ODCA ROM certificate (the 4th certificate in the chain including the leaf certificate) or its hash for maintaining a persistent non-spoofable hardware identifier of the device. Use the AMT_GeneralSettings.AMTAuthenticate challenge response to verify the identity. This is also useful for strong verification of the identity of the device connecting to a CIRA MPS gateway before exposing any Intel AMT credentials to the device.

   When operating system software collects the contents of the Intel AMT Audit Log for monitoring Intel AMT before or after Intel AMT provisioning via the CFG_GetAuditLogRecords MEI command, it can use the CFG_GetAuditLogSignature command to request an ODCA signature over the Audit Log contents. This is useful when Intel AMT is not provisioned, and for environments that lack a TLS setup. Use the ODCA ROM certificate hash to verify the identity of the device from which the log originated.

Verifying the OCDA Certificate Chain

This section describes how to verify the ODCA certificate chain, including verifying that this is an Intel AMT certificate. The ODCA certificate chain is verified like any other certificate chain, with the following properties:

   For the leaf certificate: Verify that in the Subject field the Common Name field is:

Field Value

Means

iAMT-RCFG

For Intel AMT Server certificate during remote configuration with TLS-PKI

iAMT-AuditL

MEI API that reads the ODCA signed AMT Audit Log

iAMT-WSMAN

WS-MAN Authenticate command

   Verify that the Intel ODCA Root CA is at the root of the certificate chain: https://tsci.intel.com/content/OnDieCA/certs/OnDie_CA_RootCA_Certificate.cer

   Verify against the Intel ODCA CRL that no certificate in the chain has been revoked.

   Recommended: Verify that you are communicating with a device that you manage:

   When provisioning Intel AMT, store a hash of the Intel CSME ROM ODCA certificate that is baked into the device fuses and is therefore persistent and not replaceable.

   The ODCA ROM certificate is identified in the chain by the Subject CN field including “ROM CA” in it (the 4th certificate in the chain including the leaf certificate).

   Note that it is also recommended that the management console store the digest realm for each platform, as this is also unique per device and per Intel AMT provisioning instance.

Intel UPID Support

For platforms that support the Intel Unique Platform ID, the Intel AMT ODCA certificate also includes the Unique Platform ID. The UPID is included in the certificate as defined in IEEE 802.1AR for an IDevID certificate.

The Unique Platform ID has 2 parts. The first 32 bytes are the OEM Platform ID and are set by the OEM and stored in CSME protected NVM. The OEM can replace this part of the UPID when a device is refurbished/repurposed. The second 32 bytes are the “CSME HW ID” and are set by the Intel CSME firmware and derived from chipset fuses.

OEM Platform ID

Truncated SHA256 (ROM CA Certificate)

Reserved

Ref. Cntr

HW Gen

OEM ID

32 bytes

20 bytes

60 bits

4 bits

2 bytes

2 bytes

Note: The OEM ID field is specified in little endian format. E.g., an OEM ID of 0xabcd is represented as 0xcdab.


Field in UPID

Size

Description

Location in the AMT IDevID On-Die CA Certificate

OEM Platform ID

32 bytes

Platform ID set by the OEM (Optional)

In Subject field X520SerialNumber attribute per IEEE 802.1AR

CSME HW ID

Truncated SHA256 (ROM CA certificate)

20 bytes

The first 20 bytes of the SHA-256 hash over the ODCA ROM Certificate.

When verifying the ODCA certificate chain it is recommended to verify that there is a match.

In subjectAltName field per IEEE 802.1AR and RFC  4108

 

Note: The OEM ID at the end of the CSME HW ID in the SubjectAltName field is represented in little endian format, i.e., for Intel this is 8680 instead of 8086.

 

The OEM ID is also represented in the Subject field in the X520OrganizationName attribute. In this case it is represented in big endian format, e.g., 8086.

Ref. Counter

4 bits

Refurbish Counter implemented in CSME as 16 refurbish fuses.

The OEM BIOS can increment the refurbish counter when device is refurbished or repurposed up to 16 times.

HW Gen

2 bytes

An ID allocated by Intel that identifies the generation of the HW e.g. TGL, ADL etc.

OEM ID

2 bytes

PCIe Vendor ID allocated by PCI-SIG of the OEM who manufactured the device in hex characters (e.g. Intel PCIe Vendor ID is 8086. Here we would have an OEM vendor ID).

The OEM configures this value into the CSME fuses during manufacturing.

FC4108 Definition

HardwareModuleName ::= SEQUENCE {

hwType OBJECT IDENTIFIER

hwSerialNum OCTET STRING}

hwType: 2.16.840.1.113741.1.5.3.6.1 indicates that this is a CSME ODCA Certificate

hwSerialNum: is a 32 byte “CSME HW ID”. The first 20 bytes are from the first 20 bytes of the SHA256 hash of the ODCA ROM certificate. It is recommended to verify that they match.

Recommendation: Credentials provisioned to Intel AMT should be bound to the Intel AMT SVN

When an increase in SVN is detected in the Intel AMT firmware version via the AMT_GeneralSettings.AMTAuthenticate command, the keys and passwords in Intel AMT need to be replaced.

Copyright © 2006-2022, Intel Corporation. All rights reserved.