Add Attestation related D-bus Interface
Attestation provides critical and pertinent
security information about a specific device, system, software
element, or other managed entity.
Three relevant interfaces are defined as below.
ComponentIntegrity describes integrity of a component, including
what protocol used to measure the integrity, when was the integrity
info last updated, whether the integrity measurement is enabled, etc.
Some associations have been added to this interface, including a link
to the trusted component that the integrity object is reporting,
and a link to the systems that the integrity object is protecting.
IdentityAuthentication describes the identity verification status. It
also has two associations defined, one is a link to the requester's
certificate, the other one for the responder.
MeasurementSet defines the dbus method to get SPDM measurements.
These three interfaces are grouped under a new directory Attestation as
they are used to expose identity/integrity/measurement information for
an attestation.
Signed-off-by: Zhichuang Sun <zhichuang@google.com>
Change-Id: Iac86dfc63c85af04985a61ba52161301134e8f2b
diff --git a/yaml/xyz/openbmc_project/Attestation/MeasurementSet.interface.yaml b/yaml/xyz/openbmc_project/Attestation/MeasurementSet.interface.yaml
new file mode 100644
index 0000000..ccb5312
--- /dev/null
+++ b/yaml/xyz/openbmc_project/Attestation/MeasurementSet.interface.yaml
@@ -0,0 +1,62 @@
+description: >
+ Implement to represent properties related to SPDM Measurements set.
+
+methods:
+ - name: SPDMGetSignedMeasurements
+ description: >
+ This method generates an SPDM cryptographic signed statement over the
+ given nonce and measurements of the SPDM Responder.
+
+ parameters:
+ - name: MeasurementIndices
+ type: array[size]
+ description: >
+ An array of indices that identify the measurement blocks to
+ sign.
+
+ - name: Nonce
+ type: string
+ description: >
+ A 32-byte hex-encoded string to be signed with the measurements.
+ The value should be unique.
+
+ - name: SlotId
+ type: size
+ description: >
+ The slot identifier for the certificate containing the private
+ key to generate the signature over the measurements.
+
+ returns:
+ - name: Certificate
+ type: object_path
+ description: >
+ Certificate corresponding to the SPDM slot identifier that can
+ be used to validate the signature.
+ - name: HashingAlgorithm
+ type: string
+ description: >
+ The hashing algorithm used for generating the cryptographic
+ signed statement.
+ - name: PublicKey
+ type: string
+ description: >
+ A Privacy Enhanced Mail (PEM)-encoded public key that can be
+ used to validate the signature.
+ - name: SignedMeasurements
+ type: string
+ description: >
+ Base64 encoded cryptographic signed statement generated by the
+ signer.
+ - name: SigningAlgorithm
+ type: string
+ description: >
+ The asymmetric signing algorithm used for generating the
+ cryptographic signed statement.
+ - name: Version
+ type: string
+ description: >
+ The SPDM version used by the SPDM Responder to generate the
+ cryptographic signed statement.
+ errors:
+ - xyz.openbmc_project.Common.Error.InvalidArgument
+ - xyz.openbmc_project.Common.Error.InternalFailure