Skip to content

[WIP] igvm_defs: introduce corim measurement header #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
chris-oo wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[WIP] igvm_defs: introduce corim measurement header #99

chris-oo wants to merge 2 commits into from

Conversation

@chris-oo
Copy link
Member

@chris-oo chris-oo commented Nov 11, 2025

Add the idea of a CoRIM header for a signed CoRIM payload for a given platform.

WIP

ionut-arm
ionut-arm reviewed Nov 14, 2025
View reviewed changes
igvm_defs/src/lib.rs
/// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename
/// to remove measurement?
///
/// The payload described by this header is a CBOR CoRIM payload. There may only
Copy link

@ionut-arm ionut-arm Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to be have a similar level of detail here as below, pointing to section 4.1 of the spec, and explicitly calling it out as a tagged unsigned CoRIM map.

@mingweishih
Copy link

mingweishih commented Nov 15, 2025

CoRIM spec does not seem to support detached mode —- waiting for confirmation ietf-rats-wg/draft-ietf-rats-corim#514

@mingweishih
Copy link

mingweishih commented Jan 8, 2026

There is a proposal to add detached mode support: ietf-rats-wg/draft-ietf-rats-corim#520

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
/// A Corim measurement structure described by [`IGVM_VHS_CORIM_MEASUREMENT`].
/// FIXME: should this be an init header to be early in the file?
#[cfg_attr(docsrs, doc(cfg(feature = "unstable")))]
IGVM_VHT_CORIM_MEASUREMENT = 0x314,
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we call it IGVM_VHT_CORIM_DOCUMENT that aligns better with spec?

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
ECDSA_P384 = 0x1,
}

/// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename
/// A structure defining a CoRIM document for a given platform.

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
/// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename
/// to remove measurement?
///
/// The payload described by this header is a CBOR CoRIM payload. There may only
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// The payload described by this header is a CBOR CoRIM payload. There may only
/// The payload described by this header is a CoRIM document described in RFC https://datatracker.ietf.org/doc/draft-ietf-rats-corim/. There may only

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
///
/// The payload described by this header is a CBOR CoRIM payload. There may only
/// be one for a given platform. There may be an associated COSE_Sign1 structure
/// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`].
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For detached mode

Suggested change
/// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`].
/// for this payload, see [`IGVM_VHS_CORIM_SIGNATURE`].

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
/// be one for a given platform. There may be an associated COSE_Sign1 structure
/// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`].
///
/// The CoRIM payload must adhere to the following specifications for each
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// The CoRIM payload must adhere to the following specifications for each
/// The CoRIM document must adhere to the following specifications for each

mingweishih
mingweishih reviewed Jan 8, 2026
View reviewed changes
igvm_defs/src/lib.rs
pub reserved: u32,
}

/// This is a signed COSE_Sign1 structure wrapping a CoRIM CBOR payload for a
Copy link

@mingweishih mingweishih Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// This is a signed COSE_Sign1 structure wrapping a CoRIM CBOR payload for a
/// A COSE_Sign1 structure that signs the CoRIM document for a given platform.
/// The associated document is defined in [`IGVM_VHS_CORIM_DOCUMENT`].
/// This structure always corresponds to a document and uses a detached payload,
/// so the document itself is not embedded here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@ionut-arm ionut-arm ionut-arm left review comments

@mingweishih mingweishih mingweishih left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chris-oo @mingweishih @ionut-arm