| Zhichuang Sun | 387a619 | 2023-07-19 15:48:03 -0700 | [diff] [blame] | 1 | description: > |
| 2 | Implement to represent component integrity information acquired from a |
| 3 | secure authentication or measurement of the protected components. A trusted |
| 4 | component (e.g., iRoT or TPM) is typically involved to provide the info |
| 5 | using a security protocol (e.g., SPDM). |
| 6 | |
| 7 | properties: |
| 8 | - name: Enabled |
| 9 | type: boolean |
| 10 | default: false |
| 11 | description: > |
| 12 | An indication of whether security protocols are enabled for the |
| 13 | component. |
| 14 | |
| 15 | - name: Type |
| 16 | type: enum[self.SecurityTechnologyType] |
| 17 | default: Unknown |
| 18 | flags: |
| 19 | - readonly |
| 20 | description: > |
| 21 | The type of security technology for the component. |
| 22 | |
| 23 | - name: TypeVersion |
| 24 | type: string |
| 25 | flags: |
| 26 | - readonly |
| 27 | description: > |
| 28 | The version of the security technology. Human readable format, e.g. |
| 29 | "1.1" for SPDM. |
| 30 | |
| 31 | - name: LastUpdated |
| 32 | type: uint64 |
| 33 | flags: |
| 34 | - readonly |
| 35 | description: > |
| 36 | The date and time when information for the component was last updated. |
| 37 | Firmware update, device certificate change or other device state |
| 38 | change that leads to component integrity change should update this |
| 39 | date. It is represented in milliseconds since the UNIX epoch. |
| 40 | |
| 41 | associations: |
| 42 | - name: authenticating |
| 43 | description: > |
| 44 | Objects that implement ComponentIntegrity can implement the |
| 45 | "authenticating" association to provide a link to the target component |
| 46 | whose integrity this resource authenticates. |
| 47 | reverse_name: authenticated_by |
| 48 | required_endpoint_interfaces: |
| 49 | - xyz.openbmc_project.Inventory.Item |
| Zhichuang Sun | 534515b | 2023-06-12 14:36:31 -0700 | [diff] [blame] | 50 | - name: reporting |
| 51 | description: > |
| 52 | Objects that implement ComponentIntegrity can implement the |
| 53 | "reporting" association to provide a link to the target trusted |
| 54 | component whose integrity this resource reports. |
| 55 | reverse_name: reported_by |
| 56 | required_endpoint_interfaces: |
| 57 | - xyz.openbmc_project.Inventory.Item.TrustedComponent |
| Zhichuang Sun | 387a619 | 2023-07-19 15:48:03 -0700 | [diff] [blame] | 58 | |
| 59 | enumerations: |
| 60 | - name: SecurityTechnologyType |
| 61 | description: > |
| 62 | The security technology used for the component. |
| 63 | values: |
| 64 | - name: OEM |
| 65 | description: > |
| 66 | OEM-specific. If it is neither SPDM nor TPM, tag it OEM. |
| 67 | - name: SPDM |
| 68 | description: > |
| 69 | Security Protocol and Data Model (SPDM) protocol. |
| 70 | - name: TPM |
| 71 | description: > |
| 72 | Trusted Platform Module (TPM). |
| 73 | - name: Unknown |
| 74 | description: > |
| 75 | Security technology not known yet. |