Assume MS will always own MigTD code and policy. we will have one MS signed endorsement for migtd td-info hash, which gives tcb_date
Root Signing key for endorsement will be in MrOwner.
Need investigate:
- can we measure policy in MRTD? This is to get rid of circular dependency for build pipeline. policy currently measured in RTMR and we need it to build the hash.
- the endorsement will not be measured. Only trust the signing key, which is measured in MrOwner.
-
support CORIM format for the endorsement
-
If we still need policy signing (related to 1), tcb-mapping, identy signing for ServTD collateral
-
verify we do not use collateral for init tdinfo hash evaluation
-
MrOwnerConfig (SVN) still needed? nice to have it for audit? Keep implementation for now.
Assume MS will always own MigTD code and policy. we will have one MS signed endorsement for migtd td-info hash, which gives tcb_date
Root Signing key for endorsement will be in MrOwner.
Need investigate:
support CORIM format for the endorsement
If we still need policy signing (related to 1), tcb-mapping, identy signing for ServTD collateral
verify we do not use collateral for init tdinfo hash evaluation
MrOwnerConfig (SVN) still needed? nice to have it for audit? Keep implementation for now.