[WIP] igvm_defs: introduce corim measurement header#99
Draft
chris-oo wants to merge 2 commits intomicrosoft:mainfrom
Draft
[WIP] igvm_defs: introduce corim measurement header#99chris-oo wants to merge 2 commits intomicrosoft:mainfrom
chris-oo wants to merge 2 commits intomicrosoft:mainfrom
Conversation
ionut-arm
reviewed
Nov 14, 2025
| /// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename | ||
| /// to remove measurement? | ||
| /// | ||
| /// The payload described by this header is a CBOR CoRIM payload. There may only |
There was a problem hiding this comment.
Would be good to be have a similar level of detail here as below, pointing to section 4.1 of the spec, and explicitly calling it out as a tagged unsigned CoRIM map.
|
CoRIM spec does not seem to support detached mode —- waiting for confirmation ietf-rats-wg/draft-ietf-rats-corim#514 |
|
There is a proposal to add detached mode support: ietf-rats-wg/draft-ietf-rats-corim#520 |
mingweishih
reviewed
Jan 8, 2026
| /// A Corim measurement structure described by [`IGVM_VHS_CORIM_MEASUREMENT`]. | ||
| /// FIXME: should this be an init header to be early in the file? | ||
| #[cfg_attr(docsrs, doc(cfg(feature = "unstable")))] | ||
| IGVM_VHT_CORIM_MEASUREMENT = 0x314, |
There was a problem hiding this comment.
Can we call it IGVM_VHT_CORIM_DOCUMENT that aligns better with spec?
Member
Author
There was a problem hiding this comment.
agreed, we'll rename this to IGVM_VHT_CORIM_DOCUMENT and the structure to IGVM_VHS_CORIM_DOCUMENT which represents the detached corim payload (no signature)
mingweishih
reviewed
Jan 8, 2026
| ECDSA_P384 = 0x1, | ||
| } | ||
|
|
||
| /// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename |
There was a problem hiding this comment.
Suggested change
| /// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename | |
| /// A structure defining a CoRIM document for a given platform. |
mingweishih
reviewed
Jan 8, 2026
| /// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename | ||
| /// to remove measurement? | ||
| /// | ||
| /// The payload described by this header is a CBOR CoRIM payload. There may only |
There was a problem hiding this comment.
Suggested change
| /// The payload described by this header is a CBOR CoRIM payload. There may only | |
| /// The payload described by this header is a CoRIM document described in RFC https://datatracker.ietf.org/doc/draft-ietf-rats-corim/. There may only |
mingweishih
reviewed
Jan 8, 2026
| /// | ||
| /// The payload described by this header is a CBOR CoRIM payload. There may only | ||
| /// be one for a given platform. There may be an associated COSE_Sign1 structure | ||
| /// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`]. |
There was a problem hiding this comment.
For detached mode
Suggested change
| /// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`]. | |
| /// for this payload, see [`IGVM_VHS_CORIM_SIGNATURE`]. |
mingweishih
reviewed
Jan 8, 2026
| /// be one for a given platform. There may be an associated COSE_Sign1 structure | ||
| /// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`]. | ||
| /// | ||
| /// The CoRIM payload must adhere to the following specifications for each |
There was a problem hiding this comment.
Suggested change
| /// The CoRIM payload must adhere to the following specifications for each | |
| /// The CoRIM document must adhere to the following specifications for each |
mingweishih
reviewed
Jan 8, 2026
| pub reserved: u32, | ||
| } | ||
|
|
||
| /// This is a signed COSE_Sign1 structure wrapping a CoRIM CBOR payload for a |
There was a problem hiding this comment.
Suggested change
| /// This is a signed COSE_Sign1 structure wrapping a CoRIM CBOR payload for a | |
| /// A COSE_Sign1 structure that signs the CoRIM document for a given platform. | |
| /// The associated document is defined in [`IGVM_VHS_CORIM_DOCUMENT`]. | |
| /// This structure always corresponds to a document and uses a detached payload, | |
| /// so the document itself is not embedded here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add the idea of a CoRIM header for a signed CoRIM payload for a given platform.
WIP