An example is needed to showcase remote attestation flow. The example could be comprised of a trusted server and an untrusted client. The server runs in an ACON container while the client mimics a RRP (Remote Relying Party) that verifies the quote. Below is the proposed workflow of the example.
Start the ACON container containing the server part of the example.
The server starts and listens on some TCP port.
The untrusted client connects to the server requesting a quote.
The server requests a quote via the Unix socket exposed by acond, along with some unique info as the "attestation data".
The server receives the quote in return and responds to the client with the quote.
The client verifies the quote and extracts/displays the ID (in the form of HASH/SIGNER/MANIFEST) of the ACON container and the associated attestation data (set by the server in step 4).
Tasks
[x] acond: Add Quote support.
[x] @xiangquanliu: Wrap/Revise the trusted part of the existing TDX attestation example into an ACON container for quote generation.
[x] @xxu36: Revise existing untrusted code to verify quote from ACON container.
[x] @xxu36: Extract attestation from quote
[ ] @xxu36: Save Quote along with RTMR log and report data - in JSON format?
[x] aconcli: Add command line option to generate a quote (in lieu of a REPORT).
[x] @xxu36 & @xiangquanliu: samples/quote/README.md to describe how to build/run sample code.
Sample code paths - samples/quote/container/ and samples/quote/client/?
An example is needed to showcase remote attestation flow. The example could be comprised of a trusted server and an untrusted client. The server runs in an ACON container while the client mimics a RRP (Remote Relying Party) that verifies the quote. Below is the proposed workflow of the example.
acond, along with some unique info as the "attestation data".HASH/SIGNER/MANIFEST) of the ACON container and the associated attestation data (set by the server in step 4).Tasks
[ ] @xxu36: Save Quote along with RTMR log and report data - in JSON format?samples/quote/README.mdto describe how to build/run sample code.samples/quote/container/andsamples/quote/client/?