trustee
trustee copied to clipboard
confidential-containers
Attestation and Secret Delivery Components
This issue is for discussion rather than any immediate fix. Recently we updated the AS API to allow callers to specify the ids of the policies that are evaluated. We...
In Rust 1.75 Return-Position-Impl-Trait-In-Traits (RPITIT) has been stabilized. In principle (w/ a few restrictions still) it'll enable "native" async traits, since this is allowed now: ```rust trait Foo { fn...
In #84, we added a Kubernetes deployment with a sample secret. We should expand that document with steps that help understanding the KBS and the way it is intended to...
# Background Currently, in many scenarios the runtime data is used to bind some runtime data in Attestation report, for example - KBS protocol concats tee-pubkey and nonce together and...
Currently, the KBS protocol offers a standard interface for clients to attest their TEEs. Multiple implementations of a KBS server could be created, but as long as the protocol is...
On SEV_SNP microcode-only updates to a PSP might not be reflected in an snp report's `reported_tcb.microcode` field, but only in `current_tcb.microcode`. Currently we are only including the `reported_tcb.*` fields in...
Today I started reviewing the RVPS implementation and have a few observations that I wanted to share. ## Semantic squashing Whilst I get the ethos behind the choice of a...
The original case was reported in #162 triggered by my work on #159 and a bit of #151 too. This issue is an RFC proposal based on ideas I've prepared...
In e2e test we probably also want to cover an attestation that failed due to invalid evidence. I think we can do this in a generic fashion, for each TEE...
Metadata
Owner
Metadata
Attestation and Secret Delivery Components