Xynnn_
Xynnn_
**Description** Like the counterpart in `sigstore/cosign`, implement OCI container image signing.
https://github.com/kata-containers/kata-containers/pull/6707 made it possible to change the `policy.json`, `auth file` and `sigstore config file` to be used inside the confidential VM via kernel commandline. We need related CI tests for...
When we use `run.sh` to deploy rag models, the `mv` command will delete the original data.txt, thus letting this script not idempotent. cc @RodgerZhu
**Description** Similiar like golang-cosign, KMS plugins are needed to support to sign/verify the signatures of the images. A well-defined modular structure of code is needed.
Now the `Config` is only a poor `Vec` named `data`. It is needed to support OCI Image Configuration due to https://github.com/opencontainers/image-spec/blob/v1.0/config.md, as `v1.1` is still in `rc` stage and not...
As now DockerHub supports [oci artifacts](https://www.docker.com/blog/announcing-docker-hub-oci-artifacts-support/), maybe we need to add support for [Referrers API](https://github.com/opencontainers/wg-reference-types/) for the downstreams to use OCI artifacts.
### Background During a long time, we use Rego policy to check against parsed claims derived from a TEE evidence. Because of Rego's flexibility we did not talk about the...
We are using hex in [tdx claims](https://github.com/confidential-containers/trustee/blob/main/attestation-service/verifier/src/tdx/claims.rs#L67, [sgx claims](https://github.com/confidential-containers/trustee/blob/main/attestation-service/verifier/src/sgx/claims.rs#L56), azure vTPM [claims](https://github.com/confidential-containers/trustee/blob/main/attestation-service/verifier/src/az_snp_vtpm/mod.rs#L76). Also base64 in [SNP](https://github.com/confidential-containers/trustee/blob/main/attestation-service/verifier/src/snp/mod.rs#L250). I suggest that we should use a common encoding, which would make the policy...
Inspired by https://github.com/confidential-containers/kbs/pull/216#discussion_r1399837721 we should also embed two more claims `init_data` and `report_data` to the Attestation-Claims of each verifier handler. This would do great help to the consumer of the...
Currently, we have Reference Value Provider Service (RVPS) as a black box aiming to provide the following functionalities 1. `register_reference_value(manifest)` Receive different format of reference value manifests, e.g. Sample format,...