verifiers: generate built-in claims from quotes #88
Commits on Aug 28, 2023
-
verifiers: generate built-in claims from quotes
In order to simplify the process of matching of Attestation Policy in user code, and to avoid user code dependencies on TEE-specific headers files / structs definitions, we convert quotes into built-in claims. These claims will be checked by user's verifier callback (verify_claims_callback) along with the user-defined claims. Now that we have categorized these claims into (user defined) custom claims and built-in claims. For built-in claims, they are: - `common_quote_type`, `common_quote` - `tdx_*` - `sgx_*` - `sev_snp_*` - `csv_*` Note that some break changes are interduced in this commit: The old claim name in tdx verifier ```c #define TDX_CLAIM_RTMR0 "rtmr0" #define TDX_CLAIM_RTMR1 "rtmr1" #define TDX_CLAIM_RTMR2 "rtmr2" #define TDX_CLAIM_RTMR3 "rtmr3" ``` are renamed to "tdx_rtmr0", "tdx_rtmr1", "tdx_rtmr2", "tdx_rtmr3". Signed-off-by: Kun Lai <me@imlk.top>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.