Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

where do environment information (e.g., shape of the VM/TEE, what image the TEE uses) go? #9

Open
jraman567 opened this issue Oct 10, 2024 · 3 comments
Open

where do environment information (e.g., shape of the VM/TEE, what image the TEE uses) go? #9

jraman567 opened this issue Oct 10, 2024 · 3 comments
Assignees
@jraman567

Comments

@jraman567
Copy link
Collaborator

jraman567 commented Oct 10, 2024
edited
Loading

The environment serves as a hint to narrow down the reference values in the space of available reference values.
@jraman567 jraman567 self-assigned this Oct 10, 2024
@jraman567
Copy link
Collaborator Author

Some key considerations are

  1. Can we trust anything from the attester that isn't signed and cryptographically attached to HW RoT?
  2. What would constitute hints?

@jraman567
Copy link
Collaborator Author

For 1, I think we don't "trust" the hint. Instead, the hint narrows down the search space of reference values. So, using it doesn't compromise trust.

@jraman567
Copy link
Collaborator Author

For 2, we could use the same format described in the CoRIM spec:

   environment-map = non-empty<{
     ? &(class: 0) => class-map
     ? &(instance: 1) => $instance-id-type-choice
     ? &(group: 2) => $group-id-type-choice
   }>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jraman567 jraman567

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jraman567