Add Attestation related D-bus Interface
Attestation provides critical and pertinent
security information about a specific device, system, software
element, or other managed entity.
Three relevant interfaces are defined as below.
ComponentIntegrity describes integrity of a component, including
what protocol used to measure the integrity, when was the integrity
info last updated, whether the integrity measurement is enabled, etc.
Some associations have been added to this interface, including a link
to the trusted component that the integrity object is reporting,
and a link to the systems that the integrity object is protecting.
IdentityAuthentication describes the identity verification status. It
also has two associations defined, one is a link to the requester's
certificate, the other one for the responder.
MeasurementSet defines the dbus method to get SPDM measurements.
These three interfaces are grouped under a new directory Attestation as
they are used to expose identity/integrity/measurement information for
an attestation.
Signed-off-by: Zhichuang Sun <zhichuang@google.com>
Change-Id: Iac86dfc63c85af04985a61ba52161301134e8f2b
diff --git a/yaml/xyz/openbmc_project/Attestation/ComponentIntegrity.interface.yaml b/yaml/xyz/openbmc_project/Attestation/ComponentIntegrity.interface.yaml
new file mode 100644
index 0000000..bc0b6dc
--- /dev/null
+++ b/yaml/xyz/openbmc_project/Attestation/ComponentIntegrity.interface.yaml
@@ -0,0 +1,67 @@
+description: >
+ Implement to represent component integrity information acquired from a
+ secure authentication or measurement of the protected components. A trusted
+ component (e.g., iRoT or TPM) is typically involved to provide the info
+ using a security protocol (e.g., SPDM).
+
+properties:
+ - name: Enabled
+ type: boolean
+ default: false
+ description: >
+ An indication of whether security protocols are enabled for the
+ component.
+
+ - name: Type
+ type: enum[self.SecurityTechnologyType]
+ default: Unknown
+ flags:
+ - readonly
+ description: >
+ The type of security technology for the component.
+
+ - name: TypeVersion
+ type: string
+ flags:
+ - readonly
+ description: >
+ The version of the security technology. Human readable format, e.g.
+ "1.1" for SPDM.
+
+ - name: LastUpdated
+ type: uint64
+ flags:
+ - readonly
+ description: >
+ The date and time when information for the component was last updated.
+ Firmware update, device certificate change or other device state
+ change that leads to component integrity change should update this
+ date. It is represented in milliseconds since the UNIX epoch.
+
+associations:
+ - name: authenticating
+ description: >
+ Objects that implement ComponentIntegrity can implement the
+ "authenticating" association to provide a link to the target component
+ whose integrity this resource authenticates.
+ reverse_name: authenticated_by
+ required_endpoint_interfaces:
+ - xyz.openbmc_project.Inventory.Item
+
+enumerations:
+ - name: SecurityTechnologyType
+ description: >
+ The security technology used for the component.
+ values:
+ - name: OEM
+ description: >
+ OEM-specific. If it is neither SPDM nor TPM, tag it OEM.
+ - name: SPDM
+ description: >
+ Security Protocol and Data Model (SPDM) protocol.
+ - name: TPM
+ description: >
+ Trusted Platform Module (TPM).
+ - name: Unknown
+ description: >
+ Security technology not known yet.