Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AS: add parsed claims for TDX/SGX and documents #248

Merged
merged 4 commits into from
Dec 6, 2023

Conversation

Xynnn007
Copy link
Member

@Xynnn007 Xynnn007 commented Nov 30, 2023

Partially resolve #246 and #228

This PR will change the token format in #240

RTMRs are ignored in previous commits because current RTMRs are used to
check the integrity of CCEL. In this way all the information that RTMRs
include is covered by CCEL. However, in some scenarios, CCEL will not be
provided, RTMRs will be useful when doing remote attestation.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. Made some minor comments. I left a few more significant questions on #228

- `sgx`: Verifier Driver for Intel Software Guard Extensions (Intel SGX).
- `azsnpvtpm`: Verifier Driver for Azure vTPM based on SNP (Azure SNP vTPM)
- `cca`: Verifier Driver for Confidential Compute Architecture (Arm CCA).
- `csa`: Verifier Driver for China Security Virtualization (Hygon CSV).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

csa? is that a typo?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yes. Let me fix this. Thanks.


All platforms will by default have two fixed claims:
- `report_data`: report data when generating the evidence.
- `init_data_hash`: Hostdata when creating the TEE instance.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it would be better to call this init_data rather than init_data_hash. Usually the report_data will also contain a hash.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds a good idea. And we can then call the plaintexts of init data "init_data_materials"?

Related to confidential-containers#228. This is the implementation for SGX/TDX/Sample

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
When generating parsed claims in CoCo-AS, the compound structure of
measurements will be flattened into a single layer key value map. During
the flattening, every key will be added name of the tee platform as the
prefix.

There are two special claims: `report_data` and `init_data_hash`. Almost
all the platforms have related fields with these two kinds of semantics.
We bring them out as separate claims without any prefix. This would help
for the consumers of the attestation result to do some check upon the
two semantics.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
related to confidential-containers#246. This commit implements SGX/TDX/Sample.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Copy link
Member

@fitzthum fitzthum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Lu-Biao
Copy link
Contributor

Lu-Biao commented Dec 6, 2023

LGTM

@Xynnn007 Xynnn007 merged commit 82072bc into confidential-containers:main Dec 6, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[CoCo AS]: Documentation for parsed-claim measurement
3 participants