Device Identity Provisioning: Set Certificate, address reviews and consistency cleanup

fdamato · fdamato · commit 7ff9f8c54f77 · 2025-12-02T15:28:38.000-08:00
Signed-off-by: Fabrizio Damato &lt;fabrizio.damato@amd.com&gt;
diff --git a/specifications/device-identity-provisioning/bibliography.yaml b/specifications/device-identity-provisioning/bibliography.yaml
@@ -45,3 +45,10 @@ references:
       year: 2000
       month: 11
     url: "https://datatracker.ietf.org/doc/html/rfc2986"
+  - id: "ocp-command-registry"
+    title: "OCP Command Registry"
+    publisher: "Open Compute Project"
+    issued:
+      year: 2025
+      month: 9
+    url: "https://github.com/opencomputeproject/ocp-registry/blob/main/command-registry.md"
diff --git a/specifications/device-identity-provisioning/cddl/envelope-signed-csr-eat.cddl b/specifications/device-identity-provisioning/cddl/envelope-signed-csr-eat.cddl
@@ -1,7 +1,4 @@
 cwt-envelope-signed-csr-eat = {  
-  ; The EAT Profile for Envelope-Signed CSR OCP will register
-  &(eat-profile : 265 ) => ~oid ; "1.3.6.1.4.1.42623.1" - note: `~` strips CBOR tag #6.111(oid) from `oid`
-
   ; Issuer claim is StringOrURI (tstr)
   &(iss : 1) => tstr
 
diff --git a/specifications/device-identity-provisioning/diag/envelope-signed-csr-eat-example.diag b/specifications/device-identity-provisioning/diag/envelope-signed-csr-eat-example.diag
@@ -2,11 +2,10 @@ signed-cwt / 18([
   / protected / <<{
     / alg-id / 1 : 7,
     / content-type / 3 : "application/eat+cbor",
-    / kid / 4 : 'Example OCP Envelope-Signed CSR CWT'
+    / kid / 4 : 'RT Alias Key'
   }>>,
 / unprotected / {/ x5-chain / 33 : h'59025630820252308201d9a003020102021431a4ef62e5244e4d952ea485976098090d5f242f300a06082a8648ce3d040303307b310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f311d301b060355040a0c144578616d706c65204f7267616e697a6174696f6e3120301e06035504030c174578616d706c652043575420456e646f7273656d656e74301e170d3235303231333139303230345a170d3236303231343139303230345a307b310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f311d301b060355040a0c144578616d706c65204f7267616e697a6174696f6e3120301e06035504030c174578616d706c652043575420456e646f7273656d656e743076301006072a8648ce3d020106052b8104002203620004fcd3fad48575addceee9638583aa7054f71a402f35993901923cc0ee9763b85b1e729c740331f4e91079559bce17d5c3b706748333faeb192120e32d815f88f7310ae05df55060f96fbdb2d0acb19e710d25ec27cfa8945fe5dda73332813feda31e301c301a0603551d1104133011820f7777772e6578616d706c652e636f6d300a06082a8648ce3d040303036700306402306e1166a8a3132d4a20e0200a26d1eba0937fec54fdb7547eb7c5ccca0370170853294cdd6b3a1eb0fe649f12446d8b17023071219daf2b7c1aa6f7727d053e1027309594fd8cab9f820fa89d8f88fc7e551c0d30781b12aea48b53fde200e6cf082b' },
 / payload / <<{
-      / eat-profile / 265 : h'88378952',
       / iss / 1 : "RT Alias Key",
       / nonce / 10: h'AAAABBBBAAAABBBBAAAABBBB', 
       / csr / -70001 :  h'59025630820252308201d9a003020102021431a4e0',
diff --git a/specifications/device-identity-provisioning/spec.ocp b/specifications/device-identity-provisioning/spec.ocp
