Evidence Policy#
Settings to modify the behavior of a verifier.
Macros#
Functions#
- nvat_rc_t nvat_evidence_policy_create_default(nvat_evidence_policy_t *policy)
Allocates a default evidence appraisal policy.
- void nvat_evidence_policy_free(nvat_evidence_policy_t *evidence_policy)
- nvat_rc_t nvat_evidence_policy_set_gpu_claims_version(nvat_evidence_policy_t policy, const nvat_gpu_claims_version_t version)
Set the expected claims version for GPU attestation results.
- nvat_rc_t nvat_evidence_policy_set_switch_claims_version(nvat_evidence_policy_t policy, const nvat_switch_claims_version_t version)
Set the expected claims version for switch attestation results.
- void nvat_evidence_policy_set_verify_rim_cert_chain(nvat_evidence_policy_t policy, bool verify_rim_cert_chain)
Whether to verify RIM file certificate chains.
- void nvat_evidence_policy_set_verify_rim_signature(nvat_evidence_policy_t policy, bool verify_rim_signature)
Whether to verify the signatures on RIM files.
Typedefs#
- nvat_evidence_policy_t
Settings to customize evidence verification.
- nvat_gpu_claims_version_t
- nvat_switch_claims_version_t
Functions#
- nvat_rc_t nvat_evidence_policy_create_default(
- nvat_evidence_policy_t *policy,
Allocates a default evidence appraisal policy.
The default evidence policy requires that:
OCSP status must be “good”
OCSP nonce must match between the OCSP request and response
- void nvat_evidence_policy_free(
- nvat_evidence_policy_t *evidence_policy,
- nvat_rc_t nvat_evidence_policy_set_gpu_claims_version(
- nvat_evidence_policy_t policy,
- const nvat_gpu_claims_version_t version,
Set the expected claims version for GPU attestation results.
- nvat_rc_t nvat_evidence_policy_set_switch_claims_version(
- nvat_evidence_policy_t policy,
- const nvat_switch_claims_version_t version,
Set the expected claims version for switch attestation results.
- void nvat_evidence_policy_set_verify_rim_cert_chain(
- nvat_evidence_policy_t policy,
- bool verify_rim_cert_chain,
Whether to verify RIM file certificate chains.
Allows users to bypass RIM certificate chian verification for testing. Only supported for local verification. If not set, defaults to
true. Do not use in production deployments.
- void nvat_evidence_policy_set_verify_rim_signature(
- nvat_evidence_policy_t policy,
- bool verify_rim_signature,
Whether to verify the signatures on RIM files.
Allows users to bypass RIM signature verification for testing. Only supported for local verification. If not set, defaults to
true. Do not use in production deployments.
Typedefs#
-
typedef struct nvat_evidence_policy_st *nvat_evidence_policy_t#
Settings to customize evidence verification.
-
typedef uint8_t nvat_gpu_claims_version_t#
-
typedef uint8_t nvat_switch_claims_version_t#