opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
da31d76c94809a7296558a112d900b10aeefdfd9
cocos/scripts/attestation_policy/sev-snp/attestation_policy_tdx.json
T
Sammy Kerata Oina de50b6d2d4 COCOS-560 - EAT (#561) 
* feat: Implement EAT (Evidence Attestation Token) generation and verification for attestation responses, replacing raw quotes with EAT tokens in the attestation service and protobuf.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* style: standardize comment formatting and fix a debug log format specifier.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix pkg test

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Introduce named constants for OEM IDs and use them in attestation claim extraction.

Signed-off-by: SammyOina <sammyoina@gmail.com>

* feat: Implement and test minimum length validation for EAT nonce in `NewEATClaims`.

Signed-off-by: SammyOina <sammyoina@gmail.com>

* feat: Add EATClaims.Sanitize method and integrate it into the validator to enforce claim dependencies.

Signed-off-by: SammyOina <sammyoina@gmail.com>

* feat: Add Signature field to SNPExtensions and TDXExtensions for enhanced claim validation

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Update dependencies and improve code structure in attestation package

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Introduce comprehensive test suites for EAT, ATLS, TDX, Azure SNP, and vTPM attestation, and improve EAT decoder robustness.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Add encryption and admin keys, an encrypted algorithm file, and update go.mod to use go-jose/v4.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: add new encryption and KBS admin keys while improving TDX attestation test error handling.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Add new KBS admin and encryption keys, an encrypted linear regression algorithm, and refactor TDX test error message checks.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Implement Azure SNP attestation policy, update certificate verification, and add key management.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: replace hardcoded string literals with variables in Azure SNP attestation tests.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Refactor TDX EAT claims to use individual RTMR fields with `tdx_` prefixes and add an `IntUse` field.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Signed-off-by: SammyOina <sammyoina@gmail.com>
2026-02-11 16:16:35 +01:00

43 lines
1.3 KiB
JSON
Raw Blame History

{
"policy": {
"headerPolicy": {
"qeVendorId": "k5pyM/ecTKmUCg2zlX8GBw=="
},
"tdQuoteBodyPolicy": {
"minimumTeeTcbSvn": "BgEDAAAAAAAAAAAAAAAAAA==",
"mrSeam": "WzjjOmSHlYtyw8Eqk46qXj/UUQxRruq1jH1ezuQdfENkidbI5PkvFgt8rTQgewDB",
"tdAttributes": "AAAAEAAAAAA=",
"xfam": "5wIGAAAAAAA=",
"mrTd": "kesrRNFB1Ozgnwx1wsU9JHo8aO3X+v6KNSDJQqYEpAfeA65txfh/J0KLJTiHMRi3",
"rtmrs": [
"TP/tWJG9nf1AuPrfS7mKBpBw05ffiZHYnbu01Tjr8cKeG+lNDwuxder+DJxTSSqW",
"fxoATOAep76VY2mWwKB4XWWoQqgJZNYdiHXJk14DN2iKJP5tg8AoeRoGhxJg2BO3",
"fYilkkTRM83nhg1ZUY4WsULRfwyN3v2rcv5+wbSl9Rro1zqhcPMCeCCcL/CCAUqx",
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
],
"policy": {
"mr_seam": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
"tdx_module": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
"mr_td": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
},
"eat_validation": {
"require_eat_format": true,
"allowed_formats": [
"CBOR",
"JWT"
],
"max_token_age_seconds": 300,
"require_claims": [
"eat_nonce",
"measurements",
"platform_type"
],
"verify_signature": true
}
}
},
"rootOfTrust": {
"checkCrl": true,
"getCollateral": true
}
}
Reference in New Issue View Git Blame Copy Permalink