-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AS: add parsed claims for TDX/SGX and documents #248
Conversation
RTMRs are ignored in previous commits because current RTMRs are used to check the integrity of CCEL. In this way all the information that RTMRs include is covered by CCEL. However, in some scenarios, CCEL will not be provided, RTMRs will be useful when doing remote attestation. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good. Made some minor comments. I left a few more significant questions on #228
attestation-service/README.md
Outdated
- `sgx`: Verifier Driver for Intel Software Guard Extensions (Intel SGX). | ||
- `azsnpvtpm`: Verifier Driver for Azure vTPM based on SNP (Azure SNP vTPM) | ||
- `cca`: Verifier Driver for Confidential Compute Architecture (Arm CCA). | ||
- `csa`: Verifier Driver for China Security Virtualization (Hygon CSV). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
csa
? is that a typo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yes. Let me fix this. Thanks.
|
||
All platforms will by default have two fixed claims: | ||
- `report_data`: report data when generating the evidence. | ||
- `init_data_hash`: Hostdata when creating the TEE instance. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if it would be better to call this init_data
rather than init_data_hash
. Usually the report_data
will also contain a hash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds a good idea. And we can then call the plaintexts of init data "init_data_materials"?
Related to confidential-containers#228. This is the implementation for SGX/TDX/Sample Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
When generating parsed claims in CoCo-AS, the compound structure of measurements will be flattened into a single layer key value map. During the flattening, every key will be added name of the tee platform as the prefix. There are two special claims: `report_data` and `init_data_hash`. Almost all the platforms have related fields with these two kinds of semantics. We bring them out as separate claims without any prefix. This would help for the consumers of the attestation result to do some check upon the two semantics. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
related to confidential-containers#246. This commit implements SGX/TDX/Sample. Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
LGTM |
Partially resolve #246 and #228
This PR will change the token format in #240