AttestationEngine icon indicating copy to clipboard operation
AttestationEngine copied to clipboard

Published 20 hours ago verified publisher icon nokia

Ideas/TODOs

Open THS-on opened this issue 1 year ago • 3 comments

  • Allow a rule to take multiple claims
    • An example would be a tpm2_quote and a list of PCR values to check if they are consistent
  • Expose in the API if a rule needs parameters and which
  • Allow to set a EV on a rule invocation basis not per policy
  • Rename policies to intents

THS-on avatar Jan 24 '24 12:01 THS-on

Proper conditional compilation...not possible in Go.... hashicorp's stuff?

Also, proper PKI interface for signing and make this part of the system generic.

iolivergithub avatar Jan 26 '24 18:01 iolivergithub

If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?

iolivergithub avatar Jan 26 '24 18:01 iolivergithub

Proper conditional compilation...not possible in Go.... hashicorp's stuff?

We could use go-plugin to separate schemes and rules into plugins. This would make building NAE without the SGX toolchain easier.

If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?

What do you think about endpoint? Maybe type would also fit, because generally the type does not change e.g. a TPM quote is still a quote with a different PCR selection.

For mapping RATS terminology:

  • Element -> general information about the Attester + Endorsements
  • Expected Value -> Reference Value

GA10 implements a Verifier, Reference Value Provider and takes the role of the Endorser.

THS-on avatar Jan 28 '24 10:01 THS-on