Closed avalluri closed 2 years ago
Shall we make PublicKey and SignerNames as optional?
Make sense to make them optional, in case of simple quote verification, but KMRA does not support quote verification without them.
Shall we make PublicKey and SignerNames as optional?
Make sense to make them optional, in case of simple quote verification, but KMRA does not support quote verification without them.
yes, km-attest requires a pubkey. So at least make SignerNames as optional?
Make sense to make them optional, in case of simple quote verification, but KMRA does not support quote verification without them.
yes, km-attest requires a pubkey. So at least make SignerNames as optional?
What I remember is that their whole logic was tied with the 'SignerName', to validate if a client request (quote verify / key wrap) is valid.
By the way, I made a proposal to move SingerNames
-> SignerName
: https://github.com/intel/trusted-certificate-issuer/issues/20. @irisdingbj Would please provide your opinion.
@irisdingbj Can we merge this change?
I am merging this change as it is needed for further changes. Let's take it as a follow-up PR if needs any further API changes.
New field 'type' is added to hold the type of attestation request. This is to support initiating the QuoteAttestation from CSR only quote validation. In this case, the quote attestation controller does not proceed with key wrapping.