Verify report example #3
Conversation
| github.com/sirupsen/logrus v1.9.0 | ||
| github.com/veraison/go-cose v1.0.0 | ||
| google.golang.org/grpc v1.54.0 | ||
| microsoft/attestation-container v0.0.0-00010101000000-000000000000 |
There was a problem hiding this comment.
This version number was added by go mod tidy
takuro-sato
force-pushed
the
verify_report_example
branch
from
1f3478d to
288b622
Compare
| google.golang.org/protobuf v1.30.0 // indirect | ||
| ) | ||
|
|
||
| replace microsoft/attestation-container => ../ |
There was a problem hiding this comment.
go mod edit -replace
https://go.dev/doc/tutorial/call-module-code
| return r | ||
| } | ||
|
|
||
| func verifyAttestationEndorsements(endorsementCertificates []byte) *x509.Certificate { |
There was a problem hiding this comment.
| return chipCertificate | ||
| } | ||
|
|
||
| func verifyAttestationReportSignature(attestation []byte, chipCertificate *x509.Certificate) string { |
There was a problem hiding this comment.
| return deserializedReport.Measurement | ||
| } | ||
|
|
||
| func verifyUVMEndorsements(uvmEndorsements []byte, measurementInReport string) { |
There was a problem hiding this comment.
| return r | ||
| } | ||
|
|
||
| func verifyAttestationEndorsements(endorsementCertificates []byte) *x509.Certificate { |
There was a problem hiding this comment.
Endorsement is a bit overused. In the MAA case that means the UVM reference info. I think you are verifying the platform certs here?
There was a problem hiding this comment.
I followed CCF's convention.
attestation endorsements: endorses attestation report
UVM endorsements: endorses UVM
I think you are verifying the platform certs here
Yes, I am. So it can be verifyPlatformCertificats or something like that, but in that case, it might bit confusing considering that server and client are using different names for a same thing.
(of course, we can rename the interface carefully though in future)
There was a problem hiding this comment.
I think you make a good point. Leave it so it matches CCF. Maybe some comment block to make it clear locally which set of endorsements are which. AttestationEndorsement is true when you think about it but for someone coming to the code without a deep understanding of what is going on it might be a bit of a leap. We can help them by explaining that the attestation endorsement is the matching certs from AMD, possibly supplied in a round about way etc etc...
There was a problem hiding this comment.
Happy to switch naming on the CCF side to better match conventions used elsewhere.
No description provided.