aws-nitro-enclaves-nsm-api icon indicating copy to clipboard operation
aws-nitro-enclaves-nsm-api copied to clipboard

Published 20 hours ago verified publisher icon aws

Versioning of the Nitro Secure Module?

Open robotal opened this issue 1 year ago • 1 comments

I couldn't find any documentation of how to interpret the results of DescribeNSM response

From src/api/mod.rs:

pub enum Request {
...
  DescribeNSM
...
}

pub enum Response {
...
  DescribeNSM {
          /// Breaking API changes are denoted by `major_version`
          version_major: u16,
          /// Minor API changes are denoted by `minor_version`. Minor versions should be backwards compatible.
          version_minor: u16,
          /// Patch version. These are security and stability updates and do not affect API.
          version_patch: u16,
          /// `module_id` is an identifier for a singular NitroSecureModule
          module_id: String,
          /// The maximum number of PCRs exposed by the NitroSecureModule.
          max_pcrs: u16,
          /// The PCRs that are read-only.
          locked_pcrs: BTreeSet<u16>,
          /// The digest of the PCR Bank
          digest: Digest,
      },
...

}

Other than trying out different nitro enclaves and seeing what values it returns, is there some sort of guidance on how to interpret the versions returned here? Would that potentially affect the API used to send requests to the nsm device API in src/driver/mod.rs? Is that something my enclave application should worry about checking?

robotal avatar May 18 '23 23:05 robotal