Merge pull request #38 from nedmsmith/plat-instance-id

Add section for platform instance identifier
nedmsmith · Jan 31, 2025 · e32b1e7 · e32b1e7
2 parents f5955bf + a3df53e
commit e32b1e7
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 18 deletions.
diff --git a/cddl/examples/ice-pckcert.diag b/cddl/examples/ice-pckcert.diag
@@ -25,16 +25,18 @@
           / measurement-map / {
             / mval / 1 : {
               / instance-id / -77 : 0,
+              / platform-instance-id / -101 : h'000102030405060708090A0B0C0D0E0F', / *** 16 bytes ***/
               / pceid / -80 : "0000",
               / tcb-comp-svn / -125 : [ 10, 10, 2, 2, 2, 1, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0 ]
-            },
-            / authorized-by / 2 : [
-              / tagged-pkix-base64-key-type / 554("base64_key_X")
-            ]
+            }
           },
           {  
             / mkey / 0 : 77, / instance-id /
             / mval / 1 : { 4 : 560(h'00') } / *** 1 byte *** /
+          },
+          {  
+            / mkey / 0 : 101, / platform-instance-id /
+            / mval / 1 : { 4 : 560(h'000102030405060708090A0B0C0D0E0F') } / *** 16 bytes *** /
           }
         ]
       ]

diff --git a/cddl/examples/irim-qe-ref.diag b/cddl/examples/irim-qe-ref.diag
@@ -30,18 +30,28 @@
                     ]
                   ]
                 ]),
-                / isvprodid / -85 : 1
+                / isvprodid / -85 : 1,
+                / tee instance-id / -77 : 0,
+                / platform-instance-id / -101 : h'000102030405060708090A0B0C0D0E0F' / *** 16 bytes ***/
               },
               / authorized-by / 2 : [
                 / tagged-pkix-base64-key-type / 554("base64_key_X")
               ]
             },
-            {  
+            / measurement-map / {  
               / mkey / 0 : 81, / miscselect /
               / mval / 1 : { 
                 4 : 560(h'C0000000'), / *** 4 bytes *** /
                 5 : h'FBFF0000' / *** 4 bytes *** /
-              } 
+              }            
+            },
+            / measurement-map / {  
+              / mkey / 0 : 77, / instance-id /
+              / mval / 1 : { 4 : 560(h'00') } / *** 1 byte *** /
+            },
+            / measurement-map / {  
+              / mkey / 0 : 101, / platform-instance-id /
+              / mval / 1 : { 4 : 560(h'000102030405060708090A0B0C0D0E0F') } / *** 16 bytes *** /
             }
           ]
         ]

diff --git a/cddl/examples/ispdm-pckcert.diag b/cddl/examples/ispdm-pckcert.diag
@@ -29,16 +29,18 @@
                   / measurement-map / {
                     / mval / 1 : {
                       / instance-id / -77 : h'00112233445566778899aabbccddeeff', / ** 16 bytes ** /
+                      / platform-instance-id / -101 : h'000102030405060708090A0B0C0D0E0F', / *** 16 bytes ***/
                       / pceid / -80 : "0000",
                       / tcb-comp-svn / -125 : [ 10, 10, 2, 2, 2, 1, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0 ]
-                    },
-                    / authorized-by / 2 : [
-                      / tagged-pkix-base64-key-type / 554("base64_key_X")
-                    ]
+                    }
                   },
                   {  
                     / mkey / 0 : 77, / instance-id /
                     / mval / 1 : { 4 : 560(h'00112233445566778899aabbccddeeff') } / *** 16 bytes *** /
+                  },
+                  {  
+                    / mkey / 0 : 101, / platform-instance-id /
+                    / mval / 1 : { 4 : 560(h'000102030405060708090A0B0C0D0E0F') } / *** 16 bytes *** /
                   }
                 ]
               ]

diff --git a/cddl/profile-frags.mk b/cddl/profile-frags.mk
@@ -28,4 +28,5 @@ PROFILE_FRAGS += tee-svn-type.cddl
 PROFILE_FRAGS += tee-tcb-comp-svn-type.cddl
 PROFILE_FRAGS += tee-tcb-eval-num-type.cddl
 PROFILE_FRAGS += tee-tcbstatus-type.cddl
-PROFILE_FRAGS += tee-vendor-type.cddl
+PROFILE_FRAGS += tee-vendor-type.cddl
+PROFILE_FRAGS += tee-platform-instance-id-type.cddl
diff --git a/cddl/tee-platform-instance-id-type.cddl b/cddl/tee-platform-instance-id-type.cddl
@@ -0,0 +1,4 @@
+$$measurement-values-map-extension //= (
+  &(tee.platform-instance-id: -101) => $tee-platform-instance-id-type
+)
+$tee-platform-instance-id-type /= bstr
diff --git a/draft-cds-rats-intel-corim-profile.md b/draft-cds-rats-intel-corim-profile.md
@@ -114,6 +114,13 @@ informative:
     target: https://trustedcomputinggroup.org/wp-content/uploads/Hardware-Requirements-for-Device-Identifier-Composition-Engine-r78_For-Publication.pdf
   I-D.kdyxy-rats-tdx-eat-profile: tdx-eat-profile
   I-D.ietf-rats-endorsements: rats-endorsements
+  INTEL.DCAP:
+    -: dcap
+    title: Intel(R) Software Guard Extensions (Intel(R) SGX) Data Center Attestation Primitives ECDSA Quote Library API
+    author:
+      org: Intel Corporation
+    date: August 2023
+    target: https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
 
 --- abstract
 
@@ -771,18 +778,29 @@ Alternatively, for Evidence, the TEE epoch timestamp may be encoded using `mkey`
 
 ### The tee-instance-id-type Measurement Extension {#sec-tee-instance-id-type}
 
-The `tee.instance-id` extension enables the Attester to report the (TBD:instance-id-description) Evidence value
-and the RVP to assert an exact-match Reference Value.
-
-The `$tee-instance-id-type` is an unsigned integer.
+The `tee.instance-id` extension enables the Attester to report the TEE (TD or enclave) instance identifier as an Evidence value and the RVP to assert an exact-match Reference Value.
 
-The `$tee-instance-type` is an exact match measurement.
+The `$tee-instance-id-type` is an unsigned integer or `bstr`.
 
 ~~~ cddl
 {::include cddl/tee-instance-id-type.cddl}
 ~~~
 
-Alternatively, the TEE instance ID may be encoded using `mkey` where `mkey` contains the non-negative `tee.instance-id` and `mval`.`raw-value` contains the `$tee-instance-id-type` value.
+Alternatively, the TEE instance ID may be encoded using `mkey` where `mkey` contains the non-negative `tee.instance-id` and `mval`.`raw-value` contains the `$tee-instance-id-type` value. If the `$tee-instance-id-type` is an unsigned integer, the integer values is converted to a single byte `bstr`.
+
+### The tee-platform-instance-id-type Measurement Extension {#sec-tee-platform-instance-id-type}
+
+Platform Instance ID is a globally unique identifier generated by the platform during Platform Establishment. This value remains consistent across trusted computing base (TCB) recoveries, but is regenerated during Platform Establishment due to desire to reset keys or to add and remove hardware. See (Section 3.7 {{-dcap}}).
+
+The `tee.platform-instance-id` extension enables the Attester to report the platform instance identifier as an Evidence value and the RVP to assert an exact-match Reference Value.
+
+The `$tee-platform-instance-id-type` is a `bstr`.
+
+~~~ cddl
+{::include cddl/tee-platform-instance-id-type.cddl}
+~~~
+
+Alternatively, the platform instance ID may be encoded using `mkey` where `mkey` contains the non-negative `tee.platform-instance-id` and `mval`.`raw-value` contains the `$tee-platform-instance-id-type` value.
 
 ### The tee-isvprodid-type Measurement Extension {#sec-tee-isvprodid-type}