Verifying a Caliptra Boot-FSM Bug with Mununu
The article discusses a bug in the Caliptra Boot-FSM, an open-source silicon root-of-trust. It highlights the issue of undefined behavior in the state machine due to missing default cases in its encoding. Various diagnostic tools and methods for verifying and fixing the bug are also explored.
- ▪Caliptra is developed under the Open Compute Project and aims to serve as a hardened root-of-trust in datacenter SoCs.
- ▪The Boot-FSM has a bug that leads to undefined behavior when the state register holds certain values not covered by its case statement.
- ▪Diagnostic tools like static linters and formal verification tools can help identify and demonstrate the bug.
Opening excerpt (first ~120 words) tap to expand
Verifying a Caliptra Boot-FSM Bug with mununuMariano CerruttiMay 24, 2026ShareThe design and the bugCaliptra is an open-source silicon root-of-trust developed under the Open Compute Project, contributed to by Microsoft, AMD, Google, and NVIDIA, and intended to be reused as a hardened, auditable RoT block inside larger datacenter SoCs. Among its constituent modules is soc_ifc_boot_fsm.sv, the boot-time state machine in the SoC interface block, which sequences the chip from cold reset through fuse loading and into operation.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Hacker News (Newest).