veraison-services

module

v0.0.0-...-952bb8a Latest Latest Go to latest Published: Sep 7, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/thomas-fossati/veraison-services

Links

Open Source Insights

README ¶

Services

This repository contains attestation services assembled using Veraison components.

Provisioning

Provisioning service provides a REST-based API for external trusted supply chain actors (for example, Endorsers) to provision Reference Values, Endorsed Values (known as Endorsements), and Trust Anchors into Veraison Trusted Services.

It uses Attestation Format (e.g. PSA) specific decoders to extract the Endorsements from received payload. On the back end it communicates with VTS to store, retrieve, and manage the Endorsements and Trust Anchors. The API details are documented under Endorsement Provisioning Interface. Provisioning service acts as a front end to accept a variety of Endorsement Formats. For now, only PSA (Profile 1 & Profile 2) and TPM based Endorsements are supported.

Refer to scope for full set of services that shall be provided by the provisioning service.

Verification

Verification service provides a REST-based API for external Attesters or Relying Parties (known as Challengers) to submit Attestation token, containing Attestation Evidence claims. On the back end, it communicates with VTS to appraise the received Evidence and receive the Attestation Verification Results, which are then passed to the challenger.

This service acts as a frontend for accepting a variety of attestation token formats. For now, only PSA (Profile 1 & Profile 2) and TPM-based attestation tokens are supported.

The API is based on the Challenge/Response Interaction Models as documented in challenge-response

Veraison Trusted Services

Veraison Trusted Services (VTS) backend provides core services to the Verification and Provisioning frontends. On the Provisioning path, it receives Endorsements and Trust Anchors, from the Provisioning frontend, invokes Attestation Format (e.g. PSA) specific logic (a "scheme") to generate Endorsements and Trust Anchors, and saves them in the corresponding stores. On the Verification path, it invokes Attestation Format specific logic (a "scheme") to parse attestation token and extract evidence claims. From these claims, it constructs a logical index/key to fetch the trust anchors required to verify the token signature, and the associated Endorsements (golden values) used to appraise the evidence claims. Upon evaluation, it populates the Attestation Result and communicates it to the Verification frontend.

More details about the VTS can be found under VTS

KVStore

The key-values store is the Veraison Storage Layer. It is used to store both Endorsements and Trust Anchors.

KV Store details can be found under kvstore

Directories ¶

Path	Synopsis
config
kvstore
policy
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.
proto
provisioning
api
cmd
decoder
plugins/common
plugins/corim-psa-decoder
plugins/corim-tpm-enacttrust-decoder
scheme
verification
api The api package implements the REST API defined in https://github.com/veraison/docs/blob/main/api/challenge-response	The api package implements the REST API defined in https://github.com/veraison/docs/blob/main/api/challenge-response
cmd
sessionmanager
verifier
vts
cmd
pluginmanager
plugins/common
plugins/scheme-psa-iot
plugins/scheme-tcg-dice
plugins/scheme-tpm-enacttrust
plugins/scheme-tpm-enacttrust/test/cmd/gen-token
policymanager
trustedservices
vtsclient

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL