Closed setrofim closed 1 year ago
Evidence processing is checking that the hash in the evidence matches the provisioned reference value, and sets status to affirming if it does.
However, prior to this, it was not doing anything otherwise. This means that in case of failed attestation, the result status remained as "none".
This commit sets status to contraindicated (and executables trust vector claim to unknown runtime) if reference value comparison fails.
Evidence processing is checking that the hash in the evidence matches the provisioned reference value, and sets status to affirming if it does.
However, prior to this, it was not doing anything otherwise. This means that in case of failed attestation, the result status remained as "none".
This commit sets status to contraindicated (and executables trust vector claim to unknown runtime) if reference value comparison fails.