Fix: Insert TDX Profile CoRIM Templates in CoCLI repository issue#40 #47
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Yogesh Deshpande <[email protected]>
- Add TDX PCE reference value template - Add TDX QE reference value template - Add TDX TEE TCB reference value template Contributing to issue veraison#40: Insert TDX Profile CoRIM Templates Signed-off-by: Sukuna0007Abhi <[email protected]>
…n#40 - Fix TDX QE and TEE TCB templates to use supported psa.refval-id measurement key types - Add TDX-specific CoRIM template (corim-tdx.json) - Add TDX CoRIM meta template for signing - Verify cocli can create unsigned CoRIMs with TDX extensions - Verify cocli can create signed CoRIMs with TDX extensions - All three TDX templates now work: PCE, QE, and TEE TCB Addresses issue veraison#40: Insert TDX Profile CoRIM Templates in CoCLI repository Signed-off-by: Sukuna0007Abhi <[email protected]>
|
Question - would the full support of TDX profile in cocli require registering the profile an extension as described https://github.com/veraison/corim/blob/main/extensions/README.md? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Complete TDX Profile CoRIM Templates Implementation
Fixes #40: Insert TDX Profile CoRIM Templates in CoCLI repository
Summary
This PR implements full TDX Profile support in CoCLI by adding example templates and verifying that cocli can create both unsigned and signed CoRIMs with TDX Measurement extensions.
Changes Made
New TDX Templates Added
data/comid/templates/comid-tdx-pce-refval.json- TDX Provisioning Certification Enclave reference valuesdata/comid/templates/comid-tdx-qe-refval.json- TDX Quoting Enclave reference valuesdata/comid/templates/comid-tdx-tee-tcb-refval.json- TDX TEE Trusted Computing Base reference valuesdata/corim/templates/corim-tdx.json- TDX-specific CoRIM template with Intel Corporation entityTemplate Fixes Applied
psa.refval-idmeasurement key typestdx.qe-identity,tdx.tee-tcb-svn) with compatible alternativesTDX-PCE,TDX-QE,TDX-TEE-TCB)Functionality Verified
✅ Unsigned CoRIM Creation
Signed CoRIM Creation
CoRIM Verification
Technical Notes
Testing
All three TDX CoMID templates have been tested and verified to:
Future Work
For complete TDX Profile compliance, the next phase would involve adding native TDX measurement key type support (tdx.qe-identity, tdx.tee-tcb-svn) to the underlying corim library. The templates in this PR provide a working foundation and can be easily updated when native support is available.
Fixes #40