Skip to content

Commit

Permalink
Verifier: IBM SE implementation PoC
Browse files Browse the repository at this point in the history
Signed-off-by: Qi Feng Huo <[email protected]>
  • Loading branch information
Qi Feng Huo committed May 23, 2024
1 parent 7c10203 commit cd0dac5
Show file tree
Hide file tree
Showing 5 changed files with 353 additions and 165 deletions.
4 changes: 4 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ prost = "0.11.0"
regorus = { version = "0.1.2", default-features = false, features = ["regex", "base64", "time"] }
rstest = "0.18.1"
serde = { version = "1.0", features = ["derive"] }
serde_with = { version = "1.11.0", features = ["base64"] }
serde_json = "1.0.89"
serial_test = "0.9.0"
sha2 = "0.10"
Expand All @@ -48,3 +49,6 @@ tempfile = "3.4.0"
tonic = "0.8.1"
tonic-build = "0.8.0"

[patch.crates-io]
s390_pv = { path = "/root/src/tmp_pv_crate/rust/pv" }
s390_pv_core = { path = "/root/src/tmp_pv_crate/rust/pv_core" }
7 changes: 6 additions & 1 deletion attestation-service/docs/parsed_claims.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,4 +94,9 @@ The claim inherit the fields from the SEV-SNP claim with and additional `tpm` hi
Note: The TD Report and TD Quote are fetched during early boot in this TEE. Kernel, Initrd and rootfs are measured into the vTPM's registers.

## IBM Secure Execution (SE)
TBD
- `se.version`: The version this quote structure.
- `se.cuid`: The config uid.
- `se.hdr.seht`: SE Header Tag (seht)
- `se.image.phkh`: SE image Public host key hash
- `se.attestation.phkh`: SE attestation Public host key hash
- `se.user_data`: Custom attestation key owner data.
7 changes: 4 additions & 3 deletions attestation-service/verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ az-tdx-vtpm-verifier = [ "az-tdx-vtpm", "openssl", "tdx-verifier" ]
snp-verifier = [ "asn1-rs", "openssl", "sev", "x509-parser" ]
csv-verifier = [ "openssl", "csv-rs", "codicon" ]
cca-verifier = [ "ear", "jsonwebtoken", "veraison-apiclient" ]
se-verifier = [ "openssl", "pv" ]
se-verifier = [ "openssl" ]

[dependencies]
anyhow.workspace = true
Expand All @@ -40,6 +40,7 @@ pv = { version = "0.10.0", package = "s390_pv" }
scroll = { version = "0.11.0", default-features = false, features = ["derive"], optional = true }
serde.workspace = true
serde_json.workspace = true
serde_with.workspace = true
serde_yaml = "0.9.0"
sev = { version = "1.2.0", features = ["openssl", "snp"], optional = true }
sgx-dcap-quoteverify-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }
Expand All @@ -59,5 +60,5 @@ serial_test.workspace = true
tokio.workspace = true

[patch.crates-io]
s390_pv = { path = "/root/src/tmp_pv_crate/pv" }
s390_pv_core = { path = "/root/src/tmp_pv_crate/pv_core" }
s390_pv = { path = "/root/src/tmp_pv_crate/rust/pv" }
s390_pv_core = { path = "/root/src/tmp_pv_crate/rust/pv_core" }
Loading

0 comments on commit cd0dac5

Please sign in to comment.