Snp add report claim #659
Open
Snp add report claim #659
+5
−3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EAR tokens expect to find a report_data field in the TCB Claims as a signal that the verifier has checked the binding of the report data and the evidence. The SNP verifier does check the report data field, but it does not report it. This should not affect the az-snp verifier which will insert its own report_data on top of this field. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Since the SNP verifier also checks the init data, include the init_data field in the tcb claims. This will allow EAR tokens to contain the init_data_claims. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The EAR broker expects the verifier to include
report_datain the TCB claims as a signal that the verifier has checked the binding of the report data and the hw evidence.Since we do check
report_datain the SNP verifier, add the claim. Also addinit_dataclaim for similar reasons.