CCF
CCF copied to clipboard
microsoft
Confidential Consortium Framework
Some applications may want to authorize user input using multiple bearer tokens, for example an identity and an MAA token. While there is no standard way to do that, we...
> @maxtropets we should have an endpoint that takes a historical service identity, and returns the chain of endorsements up to the current service, if found, and a clear message...
It seems like `previous_service_identity_version` was created to maintain a chain between service identities changes caused by DR, at least it follows from the name. However, it contains redundant entries, which...
Historical adapter uses `get_state_at(handle=seqno, seqno=seqno)`, and also calls `populate_service_endorsements` and `populate_cose_service_endorsements` in the same way. Historical cache is exposed to the user, as well as `get_state_at` calls. It may happen...
TLC's simulation mode is generally effective at detecting regressions while being less resource-intensive than full model checking, which helps reduce the strain on our CI resources. However, the actual coverage...
`verify_uvm_endorsements()` checks endorsements against both internal hardcoded roots of trust, and entries in the `public:ccf.gov.nodes.snp.uvm_endorsements` map. Only attestations endorsed collateral meeting _both_ requirements are currently allowed through. This means that...
To make progress on this, we need to add an attestation for virtual nodes. It makes sense to solve #6482 before going any further, so we can backport it to...
CCF network was being created on CACI with Azure File Share backed storage for the read-write ledger and snapshots directory. On taking a snapshot by submitting a trigger snapshot proposal...
When hosting the read only snapshot directory backed by a blobfuse2 mount point the cchost process seems to exit/crash after logging "All sanity checks passed". Need to debug this more....