Arm PSA and CCA Attestation
Evaluation of Arm Platform Security
Architecture
and Confidential Compute
Architecture attestation evidence is implemented via PSA_IOT and ARM_CCA schemes, respectively.
Endorsements and Trust Anchors
Endorsements and trust anchors for both schemes can be created and provisioned
using cocli command line tool. The tool
has sample
templates
for describing endorsements and trust anchors for both attestation schemes.
Endorsements can also be generated from evidence using gen-corim command
line tool.
Attestation Evidence
Attestation evidence can be submitted for verification using evcli command
line tool.
Evidence formats for both schemes are defined as Entity Attestation Token (EAT) profiles. See draft-tschofenig-rats-psa-token and draft-ffm-rats-cca-token.
Library support exists for PSA tokens in Go.