where do environment information (e.g., shape of the VM/TEE, what image the TEE uses) go?

veraison / ratsd

A RATS conceptual message collection daemon

Apache License 2.0

0 stars 0 forks source link

where do environment information (e.g., shape of the VM/TEE, what image the TEE uses) go? #9

Open jraman567 opened 3 weeks ago

jraman567 commented 3 weeks ago

The environment serves as a hint to narrow down the reference values in the space of available reference values.

jraman567 commented 3 weeks ago

Some key considerations are

Can we trust anything from the attester that isn't signed and cryptographically attached to HW RoT?
What would constitute hints?

jraman567 commented 3 weeks ago

For 1, I think we don't "trust" the hint. Instead, the hint narrows down the search space of reference values. So, using it doesn't compromise trust.

jraman567 commented 3 weeks ago

For 2, we could use the same format described in the CoRIM spec:

   environment-map = non-empty<{
     ? &(class: 0) => class-map
     ? &(instance: 1) => $instance-id-type-choice
     ? &(group: 2) => $group-id-type-choice
   }>