bat-go icon indicating copy to clipboard operation
bat-go copied to clipboard

Published 20 hours ago verified publisher icon brave-intl

Move prior PCR management into QLDB

Open evq opened this issue 9 months ago • 1 comments

I propose that to improve usability and reduce the chances of PCR updates being forgotten, we look into migrating the prior PCR list to QLDB. It could for instance be signed by a vault derived key in order to authenticate it's providence as a PCR which we completed bootstrap for.

@Sneagan notes that we could do this at time of first prepare/authorize rather than at bootstrap time.

cc @kdenhartog

evq avatar May 08 '24 20:05 evq

makes sense to me. I like the idea of handling PCR checking at the point of prepare/authorize. It's not necessary if we have certainty around the first, but ideally we could do this during each authorize call.

kdenhartog avatar May 15 '24 09:05 kdenhartog