Updated on 2024-10-18 GMT+08:00

Attestation Document

An attestation document is used to verify the reliability measurement results of QingTian Enclave instances. An attestation document is generated by the QingTian Hypervisor. It includes the PCR list, the QingTian Public Key Infrastructure (PKI) certificate chain, cryptographic algorithm declaration, and user-defined data for the QingTian Enclave application. The attestation document is signed by the Huawei Cloud QingTian Attestation PKI.

The attestation document generated by the QingTian Hypervisor is encoded in Concise Binary Object Representation (CBOR) and signed in Object Signing and Encryption (COSE). For details, see RFC 8949: Concise Binary Object Representation (CBOR).

The structure of the QingTian Enclave attestation document complies with the Concise Data Definition Language (CDDL) (RFC 8610):

AttestationDocument = {
    module_id: text,                ; Security module ID
    timestamp: uint .size 8,        ; Timestamp
    digest: digest,                 ; Digest algorithm
    pcrs: { + index => pcr },       ; PCRs
    certificate: cert,              ; Signing certificate of the QingTian Enclave's attestation document
    cabundle: [* cert],             ; QingTian PKI certificate chain
    ? user_data: user_data,         ; (Optional) Application data
    ? nonce: user_data,             ; (Optional) Data not repeatedly used
    ? pubkey: user_data,        ; (Optional) Application public key
}
 
cert = bytes .size (1..4096)         ; DER encoding certificate
user_data = bytes .size (0..4096)
pcr = bytes .size (48)       ; PCR content
index = 0..31
digest = "SHA384"

The optional parameters (pubkey, user_data, and nonce) in the attestation document allow for custom (or auto-negotiated) application-level security protocols between the QingTian Enclave instances and external entities. For example, the QingTian Enclave application can create an asymmetric key pair (PriKey, PubKey) and provide trusted attestation for the PubKey using the QingTian Enclave attestation document. Then, the external entity can use some custom application-level security protocols such as trusted key distribution and trusted key agreement based on the PubKey attestation.