Ideas/TODOs

Question

Ideas/TODOs

THS-on opened this issue 6 months ago · comments

Thore Sommer commented 6 months ago

Allow a rule to take multiple claims
- An example would be a tpm2_quote and a list of PCR values to check if they are consistent
Expose in the API if a rule needs parameters and which
Allow to set a EV on a rule invocation basis not per policy
Rename policies to intents

Ian · Answer 1 · Sat Jan 27 2024 02:10:57 GMT+0800 (China Standard Time)

Proper conditional compilation...not possible in Go.... hashicorp's stuff?

Also, proper PKI interface for signing and make this part of the system generic.

Ian · Answer 2 · Sat Jan 27 2024 02:11:38 GMT+0800 (China Standard Time)

If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?

Thore Sommer · Answer 3 · Sun Jan 28 2024 18:22:40 GMT+0800 (China Standard Time)

Proper conditional compilation...not possible in Go.... hashicorp's stuff?

We could use go-plugin to separate schemes and rules into plugins. This would make building NAE without the SGX toolchain easier.

If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?

What do you think about endpoint? Maybe type would also fit, because generally the type does not change e.g. a TPM quote is still a quote with a different PCR selection.

For mapping RATS terminology:

Element -> general information about the Attester + Endorsements
Expected Value -> Reference Value

GA10 implements a Verifier, Reference Value Provider and takes the role of the Endorser.