diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.Serialization.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.Serialization.cs
index b02de2a42412..7ea60d9ce3c1 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.Serialization.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.Serialization.cs
@@ -35,6 +35,11 @@ void IUtf8JsonSerializable.Write(Utf8JsonWriter writer)
writer.WritePropertyName("draftPolicyForAttestation"u8);
writer.WriteStringValue(DraftPolicyForAttestation);
}
+ if (Optional.IsDefined(Nonce))
+ {
+ writer.WritePropertyName("nonce"u8);
+ writer.WriteStringValue(Nonce);
+ }
writer.WriteEndObject();
}
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.cs
index 8a529643193f..e7052690f830 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestOpenEnclaveRequest.cs
@@ -22,12 +22,14 @@ public AttestOpenEnclaveRequest()
/// Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
/// Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
/// Attest against the provided draft policy. Note that the resulting token cannot be validated.
- internal AttestOpenEnclaveRequest(byte[] report, RuntimeData runtimeData, InitTimeData initTimeData, string draftPolicyForAttestation)
+ /// Nonce for incoming request - emitted in the generated attestation token.
+ internal AttestOpenEnclaveRequest(byte[] report, RuntimeData runtimeData, InitTimeData initTimeData, string draftPolicyForAttestation, string nonce)
{
Report = report;
RuntimeData = runtimeData;
InitTimeData = initTimeData;
DraftPolicyForAttestation = draftPolicyForAttestation;
+ Nonce = nonce;
}
/// OpenEnclave report from the enclave to be attested.
@@ -38,5 +40,7 @@ internal AttestOpenEnclaveRequest(byte[] report, RuntimeData runtimeData, InitTi
public InitTimeData InitTimeData { get; set; }
/// Attest against the provided draft policy. Note that the resulting token cannot be validated.
public string DraftPolicyForAttestation { get; set; }
+ /// Nonce for incoming request - emitted in the generated attestation token.
+ public string Nonce { get; set; }
}
}
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.Serialization.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.Serialization.cs
index 08316d71a83a..ebb85f084f68 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.Serialization.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.Serialization.cs
@@ -35,6 +35,11 @@ void IUtf8JsonSerializable.Write(Utf8JsonWriter writer)
writer.WritePropertyName("draftPolicyForAttestation"u8);
writer.WriteStringValue(DraftPolicyForAttestation);
}
+ if (Optional.IsDefined(Nonce))
+ {
+ writer.WritePropertyName("nonce"u8);
+ writer.WriteStringValue(Nonce);
+ }
writer.WriteEndObject();
}
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.cs
index d0a252500807..b748a708cdf8 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/AttestSgxEnclaveRequest.cs
@@ -22,12 +22,14 @@ public AttestSgxEnclaveRequest()
/// Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
/// Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
/// Attest against the provided draft policy. Note that the resulting token cannot be validated.
- internal AttestSgxEnclaveRequest(byte[] quote, RuntimeData runtimeData, InitTimeData initTimeData, string draftPolicyForAttestation)
+ /// Nonce for incoming request - emitted in the generated attestation token.
+ internal AttestSgxEnclaveRequest(byte[] quote, RuntimeData runtimeData, InitTimeData initTimeData, string draftPolicyForAttestation, string nonce)
{
Quote = quote;
RuntimeData = runtimeData;
InitTimeData = initTimeData;
DraftPolicyForAttestation = draftPolicyForAttestation;
+ Nonce = nonce;
}
/// Quote of the enclave to be attested.
@@ -38,5 +40,7 @@ internal AttestSgxEnclaveRequest(byte[] quote, RuntimeData runtimeData, InitTime
public InitTimeData InitTimeData { get; set; }
/// Attest against the provided draft policy. Note that the resulting token cannot be validated.
public string DraftPolicyForAttestation { get; set; }
+ /// Nonce for incoming request - emitted in the generated attestation token.
+ public string Nonce { get; set; }
}
}
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/DataType.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/DataType.cs
index ea22d9e16c4b..ef1343413188 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/DataType.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/DataType.cs
@@ -25,9 +25,9 @@ public DataType(string value)
private const string BinaryValue = "Binary";
private const string JsonValue = "JSON";
- /// The contents of the field should be treated as binary and not interpreted by MAA.
+ /// The field's content should be treated as binary and not interpreted by MAA.
public static DataType Binary { get; } = new DataType(BinaryValue);
- /// The contents of the field should be treated as a JSON object and may be further interpreted by MAA.
+ /// The field's content should be treated as UTF-8 JSON text that may be further interpreted by MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability.
public static DataType Json { get; } = new DataType(JsonValue);
/// Determines if two values are the same.
public static bool operator ==(DataType left, DataType right) => left.Equals(right);
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/InitTimeData.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/InitTimeData.cs
index bca00d7c35f9..bc7424d4414f 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/InitTimeData.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/InitTimeData.cs
@@ -9,7 +9,7 @@
namespace Azure.Security.Attestation
{
- /// Defines the "initialization time data" used to provision the attestation target for use by the MAA.
+ /// Initialization time data are a conduit for any configuration information that is unknown when building the Trusted Execution Environment (TEE) and is defined at TEE launch time. This data can be used with confidential container or VM scenarios to capture configuration settings such as disk volume content, network configuration, etc.
internal partial class InitTimeData
{
/// Initializes a new instance of .
@@ -18,7 +18,7 @@ public InitTimeData()
}
/// Initializes a new instance of .
- /// UTF-8 encoded Initialization Data passed into the trusted environment when it is created.
+ /// Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute.
/// The type of data contained within the "data" field.
internal InitTimeData(byte[] data, DataType? dataType)
{
@@ -26,7 +26,7 @@ internal InitTimeData(byte[] data, DataType? dataType)
DataType = dataType;
}
- /// UTF-8 encoded Initialization Data passed into the trusted environment when it is created.
+ /// Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute.
public byte[] Data { get; set; }
/// The type of data contained within the "data" field.
public DataType? DataType { get; set; }
diff --git a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/RuntimeData.cs b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/RuntimeData.cs
index af925f6442fe..63b17b4ffa53 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/RuntimeData.cs
+++ b/sdk/attestation/Azure.Security.Attestation/src/Generated/Models/RuntimeData.cs
@@ -9,7 +9,7 @@
namespace Azure.Security.Attestation
{
- /// Defines the "run time data" provided by the attestation target for use by the MAA.
+ /// Runtime data are a conduit for any information defined by the Trusted Execution Environment (TEE) when actually running.
internal partial class RuntimeData
{
/// Initializes a new instance of .
@@ -18,7 +18,7 @@ public RuntimeData()
}
/// Initializes a new instance of .
- /// UTF-8 encoded Runtime Data generated by the trusted environment.
+ /// Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute.
/// The type of data contained within the "data" field.
internal RuntimeData(byte[] data, DataType? dataType)
{
@@ -26,7 +26,7 @@ internal RuntimeData(byte[] data, DataType? dataType)
DataType = dataType;
}
- /// UTF-8 encoded Runtime Data generated by the trusted environment.
+ /// Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute.
public byte[] Data { get; set; }
/// The type of data contained within the "data" field.
public DataType? DataType { get; set; }
diff --git a/sdk/attestation/Azure.Security.Attestation/src/autorest.md b/sdk/attestation/Azure.Security.Attestation/src/autorest.md
index d1de8c75f40d..c9f037bf3846 100644
--- a/sdk/attestation/Azure.Security.Attestation/src/autorest.md
+++ b/sdk/attestation/Azure.Security.Attestation/src/autorest.md
@@ -8,7 +8,7 @@ Run `dotnet build /t:GenerateCode` in src directory to re-generate.
``` yaml
title: Azure.Security.Attestation
require:
- - https://raw.githubusercontent.com/Azure/azure-rest-api-specs/45c7ae94a46920c94b5e03e6a7d128d6cb7a364e/specification/attestation/data-plane/readme.md
+- /mnt/vss/_work/1/s/azure-rest-api-specs/specification/attestation/data-plane/readme.md
namespace: Azure.Security.Attestation
generation1-convenience-client: true
tag: package-2020-10-01
@@ -36,3 +36,4 @@ directive:
}
}
```
+