Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-dbus-interfaces / 387a6191f225335caa052522b4774cdb70853189^! / . / yaml / xyz / openbmc_project / Attestation / IdentityAuthentication.interface.yaml
commit387a6191f225335caa052522b4774cdb70853189[log] [tgz]
authorZhichuang Sun <zhichuang@google.com>Wed Jul 19 15:48:03 2023 -0700
committerPatrick Williams <patrick@stwcx.xyz>Thu Feb 29 02:30:46 2024 +0000
treea4497cb6c319221266271612a0fccd5e0179911f
parentabec9d549a9fa5aa4cf3d0f767534a5874658f4b [diff] [blame]
Add Attestation related D-bus Interface

Attestation provides critical and pertinent
security information about a specific device, system, software
element, or other managed entity.

Three relevant interfaces are defined as below.

ComponentIntegrity describes integrity of a component, including
what protocol used to measure the integrity, when was the integrity
info last updated, whether the integrity measurement is enabled, etc.
Some associations have been added to this interface, including a link
to the trusted component that the integrity object is reporting,
and a link to the systems that the integrity object is protecting.

IdentityAuthentication describes the identity verification status. It
also has two associations defined, one is a link to the requester's
certificate, the other one for the responder.

MeasurementSet defines the dbus method to get SPDM measurements.

These three interfaces are grouped under a new directory Attestation as
they are used to expose identity/integrity/measurement information for
an attestation.

Signed-off-by: Zhichuang Sun <zhichuang@google.com>
Change-Id: Iac86dfc63c85af04985a61ba52161301134e8f2b

diff --git a/yaml/xyz/openbmc_project/Attestation/IdentityAuthentication.interface.yaml b/yaml/xyz/openbmc_project/Attestation/IdentityAuthentication.interface.yaml
new file mode 100644
index 0000000..f469a45
--- /dev/null
+++ b/yaml/xyz/openbmc_project/Attestation/IdentityAuthentication.interface.yaml

@@ -0,0 +1,44 @@
+description: >
+    Implement to represent properties related to Identity Authentication using
+    SPDM protocol.
+
+properties:
+    - name: ResponderVerificationStatus
+      type: enum[self.VerificationStatus]
+      default: Unknown
+      description: >
+          The status of the verification of the identity of the component.
+
+associations:
+    - name: requester_identitified_by
+      description: >
+          Objects that implement IdentityAuthentication can implement the
+          "requester_identified_by" association to provide a link to the target
+          certificate that provides the requester's identity.
+      reverse_name: identifying_requester
+      required_endpoint_interfaces:
+          - xyz.openbmc_project.Certs.Certificate
+
+    - name: responder_identitified_by
+      description: >
+          Objects that implement IdentityAuthentication can implement the
+          "responder_identified_by" association to provide a link to the target
+          certificate that provides the responder's identity.
+      reverse_name: identifying_responder
+      required_endpoint_interfaces:
+          - xyz.openbmc_project.Certs.Certificate
+
+enumerations:
+    - name: VerificationStatus
+      description: >
+          The possible status of the verification.
+      values:
+          - name: Failed
+            description: >
+                Unsuccessful verification.
+          - name: Success
+            description: >
+                Successful verification.
+          - name: Unknown
+            description: >
+                Status not known yet.