Skip to content

kbs_protocol: support composite attestation for IBM SE#1475

Draft
Xynnn007 wants to merge 3 commits into
confidential-containers:mainfrom
Xynnn007:kbs-protocol/ibm-se-composite-attestation
Draft

kbs_protocol: support composite attestation for IBM SE#1475
Xynnn007 wants to merge 3 commits into
confidential-containers:mainfrom
Xynnn007:kbs-protocol/ibm-se-composite-attestation

Conversation

@Xynnn007
Copy link
Copy Markdown
Member

@Xynnn007 Xynnn007 commented May 18, 2026

Now in the kbs protocol level, the report_data/runtime_data digest could be set, thus the binding between device evidences and CPU evidence can be acieved for IBM SE.

Based on #1469

BbolroC and others added 3 commits May 13, 2026 07:02
@BbolroC
se-attester: use SHA-512 for report data in IBM SEL
1033788 
Use more secure SHA-512 algorithm for report data
in IBM SEL instead of the fallback algorithm SHA-384.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@BbolroC
se-attester: extract validation logic into reusable utility function
9b8555a 
Extract the process_runtime_digest() helper function from the SE attester
into a general-purpose utility function.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
@Xynnn007
kbs_protocol: support composite attestation for IBM SE
095dbe5 
Now in the kbs protocol level, the report_data/runtime_data digest could
be set, thus the binding between device evidences and CPU evidence can
be acieved for IBM SE.

Signed-off-by: Xynnn007 <xynnn@linux.alibaba.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Xynnn007 @BbolroC