search

confidential-containers / trustee

Attestation and Secret Delivery Components
Apache License 2.0
64 stars 87 forks source link

TDX Attestation Driver. #205

Closed jialez0 closed 1 year ago

jialez0 commented 1 year ago

TDX attestation verifier driver needs to be added, which implement the Verifier Trait.

The driver should support the following functions:

  1. Parse Attestation message to get TDX quote and Eventlog.
  2. Verify the signature of TDX quote.
  3. Compare if the hash of nonce||pubkey is same as the report data in TDX quote.
  4. Dump the TCB status (MRCONFIG, etc..) and measurements from TDX quote and Eventlog (measure of kernel, kernel cmdline, rootfs).
jialez0 commented 1 year ago

I am working on this.