The report secret type allows the KBS to provide a signed
copy of the launch information back to the KBC. This durable
report can be inspected at any point to confirm that the boot
was approved by the KBS (according to the policy set by the
report signing keys) and had certain parameters.
There are some future improvements planned here including supporting more types of signatures, adding a timestamp to the connection, and reformatting the signed connection into some more standard artifact. I think this is a good start.
The report secret type allows the KBS to provide a signed copy of the launch information back to the KBC. This durable report can be inspected at any point to confirm that the boot was approved by the KBS (according to the policy set by the report signing keys) and had certain parameters.
There are some future improvements planned here including supporting more types of signatures, adding a timestamp to the connection, and reformatting the signed connection into some more standard artifact. I think this is a good start.
@dubek