Skip to content

Accept dstack-mr-gcp JSON measurements format #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ameba23 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Accept dstack-mr-gcp JSON measurements format #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions crates/attestation/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,22 @@ attestation type. The measurements can still be checked up-stream by the source
client or target service using header injection described below. But it is then
up to these external programs to reject unacceptable measurements.

### Alternate `dstack-mr-gcp` format

`MeasurementPolicy::from_json_bytes` also accepts the object format emitted by
[`dstack-mr-gcp`](https://github.com/flashbots/dstack-mr-gcp). In that format,
the top-level value is a single object instead
of an array of records.

For this format:

- `mrtd` and `rtmr0` may contain arrays of acceptable hex values.
- `rtmr1`, `rtmr2`, and `rtmr3` are parsed as fixed hex values.
- `mrconfigid`, `xfam`, and `tdattributes` are ignored by the policy parser.

The object is normalized into the existing DCAP measurement policy model, so
any `mrtd` value can match with any `rtmr0` value listed in the input.

### Measurement field names

For Azure vTMP attestations, the preferred field names are PCR register
Expand Down
Loading
Loading