-
Notifications
You must be signed in to change notification settings - Fork 37
CCA Evidence Verification
Thomas Fossati edited this page Jul 13, 2023
·
5 revisions
- CPAK public key (pCPAK)
- Reference values for CCA platform software components
- Reference value for CCA platform configuration
- Reference value for CCA realm Initial measurement configuration
- CCA realm personalisation value
- CCA realm extensible measurements
- Check signature on the platform token according to §4.4. of RFC9052, using pCPAK.
- Extract RAK public key (pRAK) from realm token (Note: The pRAK is is encoded into the uncompressed form specified in SEC 1, Version 2.0, Section 2.3.3. To be used for verification it typically needs to be converted into an x, y pair.)
- Check signature on the realm token according to §4.4. of RFC9052, using pRAK.
- Check the cryptographic binding between the platform and realm tokens:
- Extract pRAK from realm token
- Extract pRAK's hash algorithm identifier from the realm token
- Hash pRAK using said hash algorithm
- Extract nonce from the platform token
- Check nonce is the same as the value computed in step 4.3
- Extract the CCA lifecycle claim from the platform token and ensure that it is "SECURED"
- Match software component measurements claims from the platform token against the corresponding reference values
- Match configuration claim from the platform token against the corresponding reference value
- Match initial measurement from the realm token against the corresponding reference value
The following steps depend on realm author's choice to use optional features.
- Match personalisation value claim in the realm token against the corresponding reference value
- Match extensible measurements claim in the realm token against the corresponding reference value