You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/learning-paths/servers-and-cloud-computing/cca-trustee/flow.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -171,7 +171,7 @@ The request will fail with `Access denied by policy` and `Token Verifier` errors
171
171
Error: request unauthorized
172
172
```
173
173
174
-
## Evaluate the Attestation Result
174
+
## Evaluate the Attestation result
175
175
176
176
In the previous step, the KBS failed to provide the requested secret. To understand why this happened, you need to learn more about how the attestation result is used to evaluate the trustworthiness of a CCA realm.
177
177
In this step, you will examine the attestation result more closely.
@@ -190,16 +190,15 @@ If you spend more time on analyzing the message you will start seeing errors fro
190
190
Using JWK key from JWT header
191
191
Error: verifying signed EAR from "ear.jwt" using "JWK header" key: failed verifying JWT message: jwt.Parse: failed to parse token: jwt.Validate: validation failed: "exp" not satisfied: token is expired
192
192
```
193
-
194
-
Please obtain a new EAR message by re-running the attestation command.
195
193
{{% /notice %}}
196
194
197
195
198
196
The `arc verify` command produces quite a lot of output.
197
+
199
198
However, the main part is the CCA attestation token that is similar to the one you inspected in
200
199
[Get Started with CCA Attestation and Veraison](/learning-paths/servers-and-cloud-computing/cca-veraison) Learning Path.
201
200
202
-
Check the trustworthiness vectors near the end of the output. Example:
201
+
Check the trustworthiness vectors near the end of the output:
203
202
204
203
```output
205
204
[trustworthiness vectors]
@@ -214,9 +213,7 @@ Storage Opaque [none]: no claim being made
214
213
Sourced Data [none]: no claim being made
215
214
```
216
215
217
-
This part of the output shows how the attestation service has compared the attestation token against its expectations of a trustworthy system.
218
-
These comparisons are known as "trustworthiness vectors".
219
-
It also shows the conclusions that were drawn from that comparison.
216
+
This part of the output shows how the attestation service has compared the attestation token against its expectations of a trustworthy system. These comparisons are known as *trustworthiness vectors"*. It also shows the conclusions that were drawn from that comparison.
220
217
221
218
Note these two trustworthiness vectors in the result:
222
219
-__Hardware [affirming]__. Evidence in the attestation token shows a good match against the expectations of CCA platform.
0 commit comments