Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CCA Token example #176

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add CCA Token example #176

wants to merge 7 commits into from
+77 −0

Conversation

gmandyam
Copy link

@gmandyam gmandyam commented Jan 3, 2025

To address #172

hannestschofenig
hannestschofenig reviewed Jan 3, 2025
View reviewed changes
sampledata/cca.diag
/arm-platform-implementation-id/ 2396: h’0000000000000000000000000000000000000000000000000000000000000001’
}

/ This is a full CWT-format token. The payload is a sample /
Copy link
Collaborator

@hannestschofenig hannestschofenig Jan 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/ This is a full CWT-format token. The payload is a sample /
/ This is a full CWT-formatted token. The payload is a sample

hannestschofenig
hannestschofenig reviewed Jan 3, 2025
View reviewed changes
draft-ietf-lamps-csr-attestation.md
The Confidential Compute Architecture (CCA) Platform Token is described in
{{I-D.ffm-rats-cca-token}} and is also based on the EAT format. Although the
full CCA attestation is composed of realm and platform evidence, for the purposes
of this example only the platform token is provided.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
of this example only the platform token is provided.
of this example only the Platform token is provided.

@hannestschofenig
Copy link
Collaborator

Thanks for the contribution, Giri. The text is good but I am wondering why you only included the Platform Evidence token instead of also the Realm token. Could you explain?

gmandyam and others added 4 commits January 3, 2025 10:45
@gmandyam
Copy link
Author

gmandyam commented Jan 3, 2025
edited
Loading

Thanks for the contribution, Giri. The text is good but I am wondering why you only included the Platform Evidence token instead of also the Realm token. Could you explain?

I had not created a sample realm claim set yet, and this issue was pending for a while so I wanted to get something in for review. I can add a realm token example.

One more question: will a single OID be allocated for CCA token? Or can different OID's be assigned for the different CCA attestation options? I think t least for CSR's there could potentially be three: (a) Platform token only, (b) DIrect model: Platform token + realm claims set, where a hash of the realm claims set is included in the platform token payload as challenge data, and (c) Delegated model: Platform token + Realm Attestation Token, where Platform token includes the Realm Attestation PubKey as challenge data. Another option is to just assign one OID for CCA, and have the variants be identified by CBOR tags.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hannestschofenig hannestschofenig hannestschofenig left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gmandyam @hannestschofenig