search

ietf-teep / teep-in-cc

1 stars 0 forks source link

provision steps in section 4.2 #6

Open PenglinYang opened 2 years ago

PenglinYang commented 2 years ago

_3. Network user transfers UA and TA to confidential computing resource via TAM. TAM then deploys these two applications in REE and TEE respectively. (In SGX, UA must be deployed first, then let the UA to deploy TA in SGX.)

  1. TAM requests remote attestation to the TEEP Agent, TEEP Agent then sends the evidence to TAM. The TAM works as the relying party and forward the attestation result to network user_

Clarify "deploy" and "load" in this case. Is attestation result needs to be clarified in provision steps?

PenglinYang commented 2 years ago
  1. Network user transfers UA and TA to confidential computing device via TAM. TAM then deploys these two applications in REE and TEE respectively. (In SGX, UA must be deployed first, then let the UA to load TA in SGX.)
  2. TAM requests remote attestation to the TEEP Agent, TEEP Agent then sends the evidence to TAM. The TAM works as Verifier in RATs architecture.
  3. After verification,Network User works as Relying Party receives the attestation result. If positive, Network User establishes secure channel with TA, and deploys personalization data to the TA.