v0.0.2-2025-06-17-RC1

What's Changed

• [pa] move payload signing out of registry_shim by @timothytrippel in #220
• [proto,ate] add A2 silicon product ID and add compiler configurations by @timothytrippel in #222
• [ate] enable (un)packing seed objects into perso TLV blobs by @timothytrippel in #221
• [config,ca] add dedicated pi01 root CA by @timothytrippel in #223
• [bazel] bump lowrisc_opentitan version by @timothytrippel in #224
• [hsm] use backwards compatible key wrap mechanism by @timothytrippel in #225
• [hsm] Add --wipe flag to offline-common-export action. by @moidx in #226
• [ate] Update ft.cc PackPersoBlob arguments. by @moidx in #227
• [loadtest] Add support for testing eg SKUs on the FPGA. by @moidx in #228
• [spm] Add WASDisable config attribute by @moidx in #229
• [ate] Check ate_client pointer in DestroyClient call. by @moidx in #230
• [bazel] fix hsmtool config script generation by @timothytrippel in #231

Full Changelog: v0.0.1-2025-06-23-RC2...v0.0.2-2025-06-17-RC1

v0.0.1-2025-06-23-RC2

What's Changed

• [buildifier] add Bazel BUILD file lint check to CI and rules for autoformatting BUILD files by @timothytrippel in #10
• [quality] move lint targets to separate BUILD file and align target labels by @timothytrippel in #11
• [quality] add protolint and format all protos to pass lint checks by @timothytrippel in #12
• [quality] refactor lint checks to improve code reuse by @timothytrippel in #13
• [device_id] update device ID format to match OpenTitan silicon by @timothytrippel in #14
• [device_id] complete DeviceID proto cleanup by @timothytrippel in #18
• [test] consolidate test data into one library by @timothytrippel in #19
• [pa] add RPC stubs for endorsing certs and generating LC/WAS tokens by @timothytrippel in #21
• [spmutil] add KDF seed loading subcommands by @timothytrippel in #23
• [tests,pa,spm] add/fix configurations to enable running integration tests by @timothytrippel in #26
• [tests] and different operation modes to integration testing script by @timothytrippel in #27
• [container] build container with SoftHSM2 from Dockerfile by @timothytrippel in #28
• [pa,auth,loadtest] fix PA token authentication mechanism and loadtest by @timothytrippel in #29
• [se] add function to generate symmetric keys by @timothytrippel in #30
• [pa,spm] enhance DeriveSymmetricKeys to gen multiple keys and hashed OT LC tokens by @timothytrippel in #32
• [bazel] simplify loading of lowrisc bazel repos by @timothytrippel in #33
• [bazel] bump bazel version to 6.2.1 by @timothytrippel in #34
• [util] add script to deploy containers for testing by @timothytrippel in #36
• [bazel] define http_archive_or_local macro and use it by @timothytrippel in #38
• [ate,cp] add reference CP test program boilerplate by @timothytrippel in #37
• [bazel] bump dep versions by @timothytrippel in #39
• [quality] add C/C++ header file nclude guard check by @timothytrippel in #40
• [bazel] add lowrisc_opentitan as a dependency by @timothytrippel in #42
• [bazel] rev opentitan bazel dep version by @timothytrippel in #47
• [spm] Implement EndorseCerts by @moidx in #48
• [bazel] update lowrisc_opentitan repo dep by @timothytrippel in #49
• [spm] Make HSM assets configurable at the SKU level. by @moidx in #50
• [bazel] update lowrisc_opentitan and check-in bitstreams by @timothytrippel in #51
• [dut_lib] add initial dut_lib boilerplate and otlib_wrapper by @timothytrippel in #52
• [loadtest] Add EndorseCerts test. by @moidx in #54
• [proto] update DeviceId protos namespace by @timothytrippel in #55
• [proto] add registry record proto message by @timothytrippel in #56
• [proto] adjust RegistryRecord proto based on feedback by @timothytrippel in #57
• [bazel,utils] add missing build target and DeviceID to string conversion utility by @timothytrippel in #58
• [proxy_buffer] refactor registration proto by @timothytrippel in #59
• [proxybuffer] launch proxybuffer and etcd containers by @timothytrippel in #61
• [pa,pb] connect proxy_buffer to provisioning appliance by @timothytrippel in #62
• [loadtest] invoke RegisterDevice RPC in PA loadtest by @timothytrippel in #63
• [golang] Remove unused dependencies. by @moidx in #66
• [golang] Update dependencies. by @moidx in #67
• [hsm] Load symmetric keys using hsmtool. by @moidx in #65
• [proxy_buffer] Add support for sqlite backend. by @moidx in #69
• [proxy_buffer] Remove etcd backend. by @moidx in #70
• [pb_server] Add mTLS configuration. by @moidx in #71
• [ate] Code style updates. by @moidx in #72
• [ate] Add DeriveSymmetricKeys call. by @moidx in #73
• [ate] Simplify DeriveSymmetricKeys call. by @moidx in #74
• [ate] Add EndorseCerts() to ate_api.h. by @moidx in #75
• [spm/se] Add support to wrap/unwrap symmetric keys at the Secure Element se interface level. by @moidx in #76
• [skucfg] Move SKU settings to their own package. by @moidx in #77
• [pa/spm] Add support for deriving new symmetric keys. by @moidx in #78
• [hsm] Switch to hsmtool. by @moidx in #79
• [pk11] Remove support for HSMType. by @moidx in #80
• [ate] Add GenerateSymmetricKeys API. by @moidx in #81
• [bazel,pa,registry] add mechansim to enable vendor-specific registries by @timothytrippel in #82
• [hsm] Add end-2-end configuration scripts. by @moidx in #83
• [loadtest] Enable coverage for symmetric keygen. by @moidx in #84
• [doc] add README.md for custom registy_shim development by @timothytrippel in #85
• [spm] add EndorseData RPC by @timothytrippel in #87
• [pa,registry_record] sign RegistryRecord data payloads by @timothytrippel in #88
• [pa,spm,tests] remove CreateKeyAndCert RPCs and TPM sku by @timothytrippel in #89
• [hsm] Add Thales test configuration. by @moidx in #90
• [loadtest] Move dev to /var/lib/opentitan/config/dev by @moidx in #91
• [loadtest] Fix initialization error. by @moidx in #92
• [src] Remove non-OpenTitan dependencies. by @moidx in #93
• [lint] Fix gofmt. by @moidx in #94
• [dut_lib] add support for loading SRAM binaries over JTAG by @timothytrippel in #95
• [pk11] Add VendorThales CKM_NIST_PRF_KDF. by @moidx in #98
• [loadtest] Enable loadtest with Thales HSM. by @moidx in #97
• [loadtest] Refactor deploy.sh script. by @moidx in #100
• [dut_lib] split transport init and FPGA bitstream load by @timothytrippel in #96
• [spm] Switch GenerateSymmetricKeys to use HMAC-SHA256. by @moidx in #99
• [github] Enable Provisioning Appliance loadtest targetting the staging HSM environment. by @moidx in #104
• [loadtest] Enable TLS. by @moidx in #105
• [pk11] Remove CLI tool. by @moidx in #106
• [softhsm] Remove HKDF patch. by @moidx in #107
• [dut_lib] add console Wait, RX, and TX methods by @timothytrippel in #101
• [PA] Fix device registration flow to include device data in EndorseDataRequest by @DanielSauve in https://gith...