Overview

This is an overview of the major components that par part of Veraison, and the related git repositories.

Remote attestation verification service

The main part of the project is the remote attestation verification service implemented inside services repo. This service provides REST API for verifying attestation evidence based on provisioned endorsements and polices.

Client-side libraries for the services API are inside apiclient (for Go), c-apiclient (for C), and rust-apiclient (for Rust) repos.

There are also command line interface application for interacting with the service:

  • cocli for compiling and provisioning PSA and CCA endorsements and trust anchors.
  • evcli for verifying PSA and CCA evidence.
  • pocli for managing verification policies.

Standards driven work

The Veraison Project supports Attestation related working groups in standards bodies, in particular IETF & TCG. This set of repos provide test bed implementations for some of the standards work, as related to Veraison services.

EAT

eat Golang library for manipulating Entity Attestation Tokens (draft-ietf-rats-eat).

EAR

These libraries provide functions for working with EAR (EAT Attestation Results), an EAT/JWT serialisation of the Attestation Result for Secure Interactions (AR4SI) information model - see draft-fv-rats-ear

ear: Golang implementation of EAT Attestation Results rust-ear: Rust implementation of EAT Attestation Results c-ear: C implementation of EAT Attestation Results

cmw: implementation for RATS WG Conceptual Message Wrappers (draft-ftbs-rats-msg-wrap) for attestation related data encapsulation.

Verifier Provisioning

These libraries provide support for the standard information models used to convey data to a Verifier.

corim: manipulation of Concise Reference Integrity Manifest (CoRIM) and Concise Module Identifier (CoMID) tags. Also includes cocli CLI tool, that assists users creating CoRIM & CoMID tags.

swid : SWID and CoSWID manipulation library

COSE

go-cose: go library for CBOR Object Signing and Encryption (COSE)

Architecture specific libs

This collection of libraries provides manipulation and verification functionality for Attestation formats of various architectures.

psatoken: Platform Security Abstraction (PSA) Attestation Token manipulation library.

ccatoken A library for the Arm Confidential Computing Architecture (CCA) Attestation Token.

dice: library providing support functions for manipulating various profiles of DICE.

parsec: Library support for handling the Parsec Key Attestation formats used in the attested TLS PoC.

enact-demo: EnactTrust TPM/Veraison interop demo and related docs

See also: repo guide inside docs repo.