Clarification on MCU RT Image SVN Storage and Authorization in Flash Layout

[Neal-liu]

Hi team,

I'm looking for clarification on how the SVN (Security Version Number) of the MCU RT image should be stored and authorized in the current caliptra-mcu-sw flash layout.

Based on my understanding:

• The AUTHORIZE_AND_STASH mailbox command requires an input SVN.
• However, the IMC does not store any SVN information.
• This suggests that the MCU ROM must first verify the HW SVN and then populate the input argument for the command.

If that's the case, where should the SW SVN be stored?
Currently, the flash layout does not define a clear location for storing the SW SVN. Does this mean that the SoC is expected to wrap the image with an additional header to include the SVN? Or is there a recommended convention for this?
Any clarification or guidance on how this is intended to work would be appreciated.

Thanks!

[helloxiling]

The SVN fuses for MCT RT and SoC images are not included in existing Caliptra fuse map, and will belong to vendor-defined fuses. Although the authorize_and_stash mailbox command accepts an input SVN for these images, Caliptra RT currently does not validate it. A better approach would be to have the MCU RT SVN check fully managed by the MCU ROM.

Regarding image format, we do not enforce a specific structure in the flash layout—this is left to the integrator’s discretion. One reasonable approach is to wrap the image with a custom header that includes the SVN.