Add missing claims to attestation token
Closed, ResolvedPublic
Actions

Description

Adding the following missing claims to initial attestation token (IAT):

Security life cycle: global attribute of the device
HW version: Optional claim. Globally unique number in EAN-13 format identifying the GDSII that went to fabrication, HW and ROM.
Implementation ID: It represents the original implementation signer of the attestation key and identifies the contract between the report and verification.
Verification Service Indicator
Profile Definition
Software components:
- Type
- Measurement
- Version
- Measurement description
- Security epoch
- Signer ID
No software component case

Event Timeline

tamasban triaged this task as Normal priority.Jan 8 2019, 9:50 AM

tamasban created this task.

tamasban renamed this task from Add missing mandatory claims to attestation token to Add missing claims to attestation token.Jan 21 2019, 1:27 PM

tamasban updated the task description. (Show Details)

tamasban added a comment.Jan 21 2019, 1:53 PM

This comment was removed by tamasban.

Abandoned change:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/489/

Handling of "No software component" case:
https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/563/

tamasban closed this task as Resolved.Feb 19 2019, 8:38 AM

Now covering: HW IDs, SW measurements, lifecycle states, and verifier URLs in IAT tokens. Critical for zero-trust device auth. Docs: explain in detail

This update to the attestation token looks solid. Including detailed claims like Security life cycle and Software components definitely strengthens verification and trustworthiness. check تحميل برنامج الاسطورة

Add missing claims to attestation tokenClosed, ResolvedPublicActions

Description

Event Timeline

Add missing claims to attestation token
Closed, ResolvedPublic
Actions