docs: add attestation page #393
Conversation
m1ghtym0
added
no changelog
m1ghtym0
force-pushed
the
m/docs/attestation
branch
from
d85b0b6 to
98f34cd
Compare
|
| | | .-----------. | | | and | ||
| | | Target | Attesting | | | | CPU | ||
| | | Environment |Environment+-----------' | ||
| | | | | | | | ||
| | | '-----------' | | | ||
| | | ^ | | | ||
| | '--------------+--|---------' | | ||
| | Collect | | Evidence for | | ||
| | Claims v | Initializer | | ||
| | .-----------------+---------. | | ||
| | | Image(B): | | | ||
| | | Kernel, initrd, | | | ||
| | | cmdline Target | | | ||
| | | Environment | | | ||
| | | ^ | | | ||
| | '-------------+--|---------' | | ||
| | Collect | | Evidence for | | ||
| | Claims v | Kernel and | | ||
| | | Runtime Policy| | ||
| | .----------------+----------. | | ||
| | | CPU(A) | | | ||
| | | AMD SEV, | | | ||
| | | Intel TDX Target | | | ||
| | | Environment | | | ||
| | '---------------------------' | |
There was a problem hiding this comment.
As far as I understand the RFC, Target Environment and Attesting Environment aren't used correctly here:
Claims are collected from Target Environments. That is, Attesting Environments collect the values and the information to be represented in Claims by [...] taking measurements on [...] memory [...] of the Target Environment. Attesting Environments then format the Claims appropriately; typically, they use key material and cryptographic functions, such as signing or cipher algorithms, to generate Evidence. There is no limit or requirement on the types of hardware or software environments that can be used to implement an Attesting Environment. For example, TEEs ...
So the Attesting Environment in our case is the ASP, and the Image is the Target Environment. The Initializer isn't measured, so it is not part of the attestation procedure at all.
| ## Evidence Generation and Appraisal | ||
|
|
||
| ### Evidence Types and Formats | ||
| Several types of attestation evidence exist in Contrast: |
There was a problem hiding this comment.
It is just one type of evidence: launch measurement a host data (policy hash) are just fields of the SNP attestation report.
There was a problem hiding this comment.
While I really like that we give a orientation based on RATS to those familiar with CC, I think this document currently misses to give answers to those looking for a concise explanation why the remote attestation in Contrasts provides the promised security. Maybe we could add a section at the bottom that gives concise answers to common questions regarding attestation? Either way, we should address this in another PR to keep the scope of this PR small.
|
FYI: The runtime page is starting to form over here: #397 |
Co-authored-by: Markus Rudy <[email protected]>
Co-authored-by: Paul Meyer <[email protected]>
m1ghtym0
force-pushed
the
m/docs/attestation
branch
from
c9927fd to
c425a50
Compare
Some open questions: