Update PSA_IOT and CCA_SSD_PLATFORM schemes to perform a freshness check as part of token integrity validation.
Freshness check is integral to attestation validation to prevent replay attacks. Thus far, we have not performed it as part of our verification pipeline, and instead left it the RP. However, PSA and CCA both mandate freshness claims, and so there is no reason why this check cannot be performed as part of the scheme evidence handling, therefore reducing the risk of the RP neglecting to consider freshness and taking an affirming attestation result from Veraison at face value.
Update PSA_IOT and CCA_SSD_PLATFORM schemes to perform a freshness check as part of token integrity validation.
Freshness check is integral to attestation validation to prevent replay attacks. Thus far, we have not performed it as part of our verification pipeline, and instead left it the RP. However, PSA and CCA both mandate freshness claims, and so there is no reason why this check cannot be performed as part of the scheme evidence handling, therefore reducing the risk of the RP neglecting to consider freshness and taking an affirming attestation result from Veraison at face value.