Created
June 22, 2021 02:16
-
-
Save josephlr/aee17a80cf8b728b1f553937b6442bb7 to your computer and use it in GitHub Desktop.
Notes on MachineState and AttestationPolicy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| message Certificate { | |
| bytes der = 1; | |
| } | |
| message Database { | |
| repeated Certificate certs = 1; | |
| repeated bytes hashes = 2; | |
| } | |
| enum GceConfidentialTechnology { | |
| NONE = 0; | |
| AMD_SEV = 1; | |
| AMD_SEV_ES = 2; | |
| } | |
| message PlatformState { | |
| bytes firmware_version = 1; | |
| GceConfidentialTechnology technology = 2; | |
| } | |
| message SecureBootState { | |
| bool enabled = 1; | |
| Database db = 2; | |
| Database dbx = 3; | |
| Database authority = 4; | |
| } | |
| message Event { | |
| uint32 index = 1; | |
| uint32 untrusted_type = 2; | |
| bytes data = 3; | |
| bytes digest = 4; | |
| } | |
| message MachineState { | |
| PlatformState platform = 1; | |
| SecureBootState secure_boot = 2; | |
| repeated Event raw_events = 3; | |
| } | |
| message PlatformPolicy { | |
| repeated bytes allowed_firmware_versions = 1; | |
| GceConfidentialTechnology minimum_technology = 2; | |
| } | |
| message SecureBootPolicy { | |
| Database permitted = 1; | |
| Database forbidden = 2; | |
| repeated Certificate allowed_authorities = 3; | |
| } | |
| message AttestationPolicy { | |
| PlatformPolicy platform = 1; | |
| SecureBootPolicy secure_boot = 2; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment