You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/learning-paths/servers-and-cloud-computing/cca-trustee/cca-trustee.md
+3-4Lines changed: 3 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ processing, is a common practice in confidential computing.
25
25
This Learning Path is similar to
26
26
[Run an end-to-end Attestation Flow with Arm CCA](/learning-paths/servers-and-cloud-computing/cca-essentials/).
27
27
28
-
The main difference is that, instead of the KBS from the [Veraison](https://github.com/veraison) project, you will use components implemented in the [Confidential Containers (CoCo)](https://github.com/confidential-containers) to support the [IETF RATS model](https://datatracker.ietf.org/doc/rfc9334/) (Remote ATtestation procedureS). These components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Service (RVPS), Attestation Agent (AA), and Confidential Data Hub (CDH).
28
+
The main difference is that, instead of the KBS from the [Veraison](https://github.com/veraison) project, you will use components implemented in the [Confidential Containers (CoCo) Project](https://github.com/confidential-containers) to support the [IETF RATS model](https://datatracker.ietf.org/doc/rfc9334/) (Remote ATtestation procedureS). These components include the Attestation Service (AS), Key Broker Service (KBS), Reference Value Provider Service (RVPS), Attestation Agent (AA), and Confidential Data Hub (CDH).
29
29
The AS, KBS, and RVPS components are part of the [Trustee project](https://github.com/confidential-containers/trustee),
30
30
whereas the AA and CDH are part of the [Guest Components](https://github.com/confidential-containers/guest-components) project in CoCo.
31
31
@@ -84,11 +84,10 @@ RVPS verifies, stores, and provides reference values. It receives inputs from th
84
84
85
85
Guest components run inside the realm (TEE). In RATS terms, these components act as the **Attester**.
86
86
87
-
For simplicity instead of Attestation Agent (AA) and Confidential Data Hub (CDH)
88
-
you will use [KBS Client Tool](https://github.com/confidential-containers/trustee/tree/main/tools/kbs-client).
87
+
For simplicity, instead of Attestation Agent (AA) and Confidential Data Hub (CDH), you will use the [KBS Client Tool](https://github.com/confidential-containers/trustee/tree/main/tools/kbs-client).
89
88
90
89
This is a simple client for the KBS that facilitates basic attestation flows.
91
-
You will run this tool inside of a realm to make requests for an attestation result token (EAR) and a secret.
90
+
You will run this tool in a realm to make requests for an attestation result token (EAR) and a secret.
92
91
93
92
The client tool can also be used to provision the KBS/AS with resources and policies.
Copy file name to clipboardExpand all lines: content/learning-paths/servers-and-cloud-computing/cca-trustee/flow.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,10 +7,10 @@ weight: 3 # 1 is first, 2 is second, etc.
7
7
# Do not modify these elements
8
8
layout: "learningpathall"
9
9
---
10
+
## Overview
11
+
In this section you’ll run the **Trustee services** (AS, KBS, RVPS), launch a **CCA realm** on **Arm FVP**, generate attestation evidence, and request a secret. You’ll intentionally fail the first request to see how **attestation policy** gates secret release, then **endorse the realm initial measurement (RIM)**, re-attest, and successfully retrieve the secret.
10
12
11
-
## Run Trustee services
12
-
13
-
### Prerequisites
13
+
## Install dependencies
14
14
15
15
Install Docker. On Ubuntu 24.04 LTS, set up Docker’s APT repository:
16
16
@@ -75,7 +75,7 @@ docker compose up -d
75
75
✔ Container cca-trustee-kbs-client-1 Started
76
76
```
77
77
78
-
While running the demo you can also check logs of the Trustee services in this termimal:
78
+
While running the demo you can also check logs of the Trustee services in this terminal:
79
79
```bash
80
80
docker compose logs <service>
81
81
```
@@ -147,6 +147,7 @@ Run the attestation command and save the EAT Attestation Result (EAR) message in
0 commit comments