Home
Welcome to the evidence-api wiki!
Evidence API is designed to access trust measurements across different TEEs
like Intel TDX, AMD SEV etc.
SDK & services are designed to collect trust measurements across
different frameworks like confidential VM,
confidential cluster, confidential container etc.
NOTE: Please refer to https://www.redhat.com/en/blog/confidential-computing-use-cases.
Cloud measurement will be saved into TEE's report/quote as follow examples:
The diverse application in confidential computing could be firmware or monolithic application in Confidential VM(CVM), micro service or macro service on Kubernetes. Although different type application might get the trust states measured in different Trusted Computing Base (TCB), the definition and structure of integrity measurement register and event log follows the below specifications.
| TCB | Measured By | Specification |
|---|---|---|
| Initial TEE | Trusted Security Manager (TSM), such as Intel TDX module, SEV secure processor | Vendor Specification such as Intel TDX Module 1.5 ABI Specification |
| Firmware | EFI_CC_MEASUREMENT_PROTOCOL CCEL ACPI Table EFI_TCG2_PROTOCOL TCG ACPI Table | UEFI Specification 2.10 ACPI Specification 6.5 TCG EFI Protocol Specification TCG ACPI Specification |
| Boot Loader | EFI_CC_MEASUREMENT_PROTOCOL EFI_TCG2_PROTOCOL | Grub2/Shim |
| OS | Integrity Measurement Architecture (IMA) | Specification |
| Cloud Native | Container Integrity Measurement Agent (CIMA) | Repository |
Normally Trusted Platform Module(TPM) provides root of trust for PC client platform. In confidential computing environment, vTPM (virtual TPM) might be provided different vendor or CSP, which root of trust should be hardened by vendor secure module. Some vendor also provided simplified solution:
| Measurement Register | Event Log | Specification | |
|---|---|---|---|
| vTPM | TPM PCR | TCG2 Event Log | TPM2 Specification TCG PC Client Platform TPM Profile Specification TCG PC Client Platform Firmware Profile Specification |
| Intel TDX | TDX MRTD/RTMR | CC Event Log | Intel® TDX Module 1.5 Base Architecture Specification Intel® TDX Virtual Firmware Design Guide td-shim specification |
