-
Now that the init_data spec is merged, we should think about how we will evaluate the init data with Trustee.
Currently we don't really expose the init_data to either the attestation policy or the …
-
KBS spaces lines based on the font and size of the first style, but their algorithm is a bit mysterious. Currently, kbputils doesn't even attempt to calculate the right spacing, and just uses 19, whic…
-
Writing tests for confidential-containers/attestation-agent#29 uncovered the fact that the KBS URI is not technically a URI since it doesn't include a scheme.
We need to resolve which scheme is app…
-
**Is your feature request related to a problem? Please describe.**
Trying to create an empty KB, the wizzard does not tell you how to do that. Checking the UserGuide is necesary. Some users even migh…
-
I think we have a somewhat subtle security issue.
Today, the `kbs_name` and `kbs_uri` is part of the `get_resource` or `get_secret` request. This means that hypothetically the attestation agent co…
-
Add support to install kbs along with caa to existing cluster in provisioner cli
-
### Describe the feature
Allow for adding a KnowledgeBase to an agent and not only to specify existing KBs at the agent construct instantiation.
### Use Case
Allow for more flexibility in the ord…
-
@Xynnn007 @fitzthum @wainersm
A guide to attesting SEV-ES encrypted images with `kata-qemu-sev` and `simple-kbs` exists here:
https://github.com/confidential-containers/confidential-containers/…
-
# Authors
- ### [Liang Zhou](https://github.com/liangzhou121)
- ### [Jia Zhang](https://github.com/jiazhang0)
- ### [Haidong Xia](https://github.com/hdxia)
# Motivation
CC enables…
-
# The Case for EAR and CoCo
## EAR (EAT Attestation Result)
[EAR](https://datatracker.ietf.org/doc/draft-fv-rats-ear/) is a format for carrying attestation results, i.e., the output of a verifie…