C. CDDLΒΆ
The Concise Data Definition Language (CDDL) [RFC8610] definition of the PSA token is included here for reference:
psa-token = {
psa-nonce-claim,
psa-client-id,
psa-instance-id,
psa-implementation-id,
psa-hardware-version,
psa-lifecycle,
psa-boot-seed,
( psa-software-components // psa-no-sw-measurement ),
psa-profile,
psa-verification-service-indicator,
}
arm_psa_profile_id = -75000
arm_psa_partition_id = -75001
arm_psa_security_lifecycle = -75002
arm_psa_implementation_id = -75003
arm_psa_boot_seed = -75004
arm_psa_hw_version = -75005
arm_psa_sw_components = -75006
arm_psa_no_sw_measurements = -75007
arm_psa_nonce = -75008
arm_psa_UEID = -75009
arm_psa_origination = -75010
psa-boot-seed-type = bytes .size 32
psa-hash-type = bytes .size 32 / bytes .size 48 / bytes .size 64
psa-boot-seed = (
arm_psa_boot_seed => psa-boot-seed-type
)
psa-client-id-nspe-type = -2147483648...0
psa-client-id-spe-type = 1..2147483647
psa-client-id-type = psa-client-id-nspe-type / psa-client-id-spe-type
psa-client-id = (
arm_psa_partition_id => psa-client-id-type
)
psa-hardware-version-type = text .regexp "[0-9]{13}"
psa-hardware-version = (
? arm_psa_hw_version => psa-hardware-version-type
)
psa-implementation-id-type = bytes .size 32
psa-implementation-id = (
arm_psa_implementation_id => psa-implementation-id-type
)
psa-instance-id-type = bytes .size 33
psa-instance-id = (
arm_psa_UEID => psa-instance-id-type
)
psa-no-sw-measurements-type = 1
psa-no-sw-measurement = (
arm_psa_no_sw_measurements => psa-no-sw-measurements-type
)
psa-nonce-claim = (
arm_psa_nonce => psa-hash-type
)
psa-profile-type = "PSA_IOT_PROFILE_1"
psa-profile = (
? arm_psa_profile_id => psa-profile-type
)
psa-lifecycle-unknown-type = 0x0000..0x00ff
psa-lifecycle-assembly-and-test-type = 0x1000..0x10ff
psa-lifecycle-psa-rot-provisioning-type = 0x2000..0x20ff
psa-lifecycle-secured-type = 0x3000..0x30ff
psa-lifecycle-non-psa-rot-debug-type = 0x4000..0x40ff
psa-lifecycle-recoverable-psa-rot-debug-type = 0x5000..0x50ff
psa-lifecycle-decommissioned-type = 0x6000..0x60ff
psa-lifecycle-type =
psa-lifecycle-unknown-type /
psa-lifecycle-assembly-and-test-type /
psa-lifecycle-psa-rot-provisioning-type /
psa-lifecycle-secured-type /
psa-lifecycle-non-psa-rot-debug-type /
psa-lifecycle-recoverable-psa-rot-debug-type /
psa-lifecycle-decommissioned-type
psa-lifecycle = (
arm_psa_security_lifecycle => psa-lifecycle-type
)
psa-software-component = {
? 1 => text, ; measurement type
2 => psa-hash-type, ; measurement value
? 4 => text, ; version
5 => psa-hash-type, ; signer id
? 6 => text, ; measurement description
}
psa-software-components = (
arm_psa_sw_components => [ + psa-software-component ]
)
psa-verification-service-indicator-type = text
psa-verification-service-indicator = (
? arm_psa_origination => psa-verification-service-indicator-type
)