Proto commits in veraison/services

These 32 commits are when the Protocol Buffers files have changed:

2026-03-06

feat(lead verifier): interfaces and plumbing Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>

2026-02-26

feat!: switch to CoRIM store for endorsements and trust anchors Switch to using CoRIM store, rather than the key-value store, for endorsements and trust anchors. Endorsement and trust anchors are now stored in a format that preserves the entire CoRIM/CoMID contents, and is entirely scheme-agnostic. The more sophisticated structures allows for more sophisticated a management life cycle to be implemented in the future, and the more generic structure makes scheme implementation easier. This change has a huge knock-on effect on both provisioning and verification pipelines implementations, and the scheme implementation framework has been completely restructured: - IEvidenceHander, IEndrosementHander, and IStoreHander interfaces are gone, replaced by the single ISchemeHander interface. - A generic scheme wrapper implements ISchemeHander based on a smaller ISchemeImplementation interface and a SchemeDescriptor. Most schemes just need to implment ISchemeImplementation and provide the SchemeDescriptor. - The SchemeDescriptor is a declarative element, grouping static information about the scheme, such as its name, supported media types, etc (in the past, this was defined on ad-hoc basis using multiple variables within old scheme implementations). - Scheme version has also been added as part of the descriptor. This isn't really used at the moment. All existing schemes have been set to version 1.0. (note: this isn't used at the moment) - ISchemeHander/ISchemeImplementation expose similar API to the old IEvidenceHander (verification pipeline stages remain the same), but the argument types differ; e.g. "keys" for endorsement/trust anchor lookup are now represented as comid.Environment's. - Instead of IEndrosementHander methods, ISchemeHander has a single ValidateCorim (made option in the ISchemeImplementation by the wrapper). This allows schemes to supply custom validation for CoRIMs before they are added to the store (this can also be more cleanly done via CoRIM profiles). - IStoreHander mothods are no longer necessary as the store interface is entirely scheme-agnostic. - Protobuf types have been removed from the IStoreHander methods. Protobuf is an implementation of the underlying RPC mechanisms and should not be exposed to the schemes (effectively burdening them with partial serialisation for transport). CoRIM store is initialized and managed by its own client. Deployments have been updated to integrate it. Since there is now a single scheme interface, the combined/split plugins configuration has been removed. There is now always one plugin per scheme. Plugin executables have also been renamed to be prefixed with scheme- or coserv- depending on plugin types (as CoSERV plugins currently reside under scheme/). Since there is now a single interface for the entire scheme, IPluggable.GetSupportedMediaTypes() has been changed to return a map[string][]string instead of just []string. This allows to separate provisioning from verification media types. An "example" scheme has been added containing the boilerplate template for imlementing new schemes. BREAKING CHANGE: the scheme implementation framework is completely different; old scheme implementations will not work with this update, and will need to be re-written to implement the new ISchemeImplementation interface. Legacy CoRIM media type application/corim-usnigned+cbor has been removed. IPluggable.GetSupportedMediaTypes() now returns a map[string][]string instead of []string. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

The documentation is generated from this commit.

2026-01-15

add GetSupportedCompositeEvidenceMediaTypes Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>

2026-01-14

Initial (empty) boxes Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>

2025-11-05

Yogesh's review comments Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>

feat: add CoSERV service * Allow both direct mode (consuming from Veraison's stores) and proxy mode (fetching from upstream supply chain services) * Add "direct mode" plugin for Arm CCA * Add "proxy mode" plugins for: * NVIDIA RIM service (including support for source artifacts) * AMD KDS service * CoSERV discovery API including RFC9290 problem details * Add a coserv-specific signer to support signed CoSERV Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org> Signed-off-by: Paul Howard <paul.howard@arm.com>

2023-12-11

Enhance EvidenceHanlder Interface to handle multiple RefVal and TAIDs Fixes #206 Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-11-30

Remove unwanted files Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-11-29

First revision of cascade plugins Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-07-27

Remove unwanted proto interface messages Fixes #176 Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-07-21

Move provisioning decoder plugin under VTS control Fixes #161 Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-05-31

add proto files linting * address protolint warnings * remove leftover proto/param file * add protolint to the linters CI actions Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>

2023-05-05

add tee info to the discovery interface Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>

add tee-info to EAR if TEE attestation is enabled Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>

2023-03-17

Add discovery api endpoints This change adds discovery APIs for the veraison services by adding the well-known endpoints in the router for each service. Signed-off-by: SabreenKaur <sabreenderjitkaur.gurjitsingh@arm.com>

2023-02-22

Update to EAR 2023 profile Update to using the latest version EAR: - Populate the verifier identity in the result. - Add the nonce to the result. - Most of the "interesting" claims have been moved into submods. - Schemes now populate the submod created for the scheme. - Policy agent now evaluates individual submods. The submod name has been added to the policy's environment. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2023-02-16

wip-whatever

2023-02-15

wip2

2023-02-08

plugins: rename decoder -> handler Give the diverse nature functionality implemented by the pluggable interfaces (especially on the evidence side), the term "decoder" is too specific. Use the more broad "handler" instead. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

plugins: implement builtin configuration Allow pluggable interface implementations to be statically defined at build time rather than loaded as plugins. To support this, there is further refactoring to plugin implementations: - Define distinct packages for plugin implementations, separating them from the "main" used for the plugin executable. - Move provisioning and verification plugins for a scheme into the same package. Allow them to built into a single binary that serves both pluggable interfaces. - Rename the verification-side plugins from "Scheme" to "Evidence Decoder" as both verification and provisioning are both equally part of a scheme. Utilize the above to implement the builtin configuration: - Create a builtin/package that defines the static versions of the plugin loader and manager. A separate package is necessary to avoid circular imports when importing the plugin packages. - Add scripts/gen-schemes that generates the array of pluggable interface implementations by scanning the schemes/ directory. This array is then "loaded" by the builtin loader. - Rename existing plugin symbols and containing files to make it clear what constitutes a part of the generic plugin framework, and what is a go-plugin part of it. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2023-01-25

Incorporating review comments Fixes #54 Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2023-01-21

Remove unprocessed evidence from evidence proto interface

2023-01-17

Adding CCA Verification Plugin Fixes #54 Signed-off-by: Yogesh Deshpande <yogesh.deshpande@arm.com>

2022-12-08

Remove AttestationFormat We currently have three was of referencing attestation scheme specific functionality: - media type - attestation format - attestation scheme name (implemented as string version of the above) This change removes attestation format because: - It is currently not being set properly (end-to-end logs show it as unset during verification path execution). - It is not consistently used (which is why the above has gone unnoticed until now). - It is made redundant by the media type and scheme name - The enum defining valid values is hard-coded, meaning adding new plugins requires a modification to the core services code line. In the situations where attestation format being used, the scheme name is used instead. Note: currently, this means that the scheme name must be hard-coded in two places -- the scheme plugin, and the provisioning decoder plugin; and those two values must match. The upcoming plugin framework unification and restructuring will remove dependency and allow the name to be defined in a single place from which it will be used by both plugins. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-11-22

Switch to using github.com/veraison/ear Use github.com/veeraison/ear implementation of the Attestation Result instead of a locally defined protobuf-based one. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-11-06

hackathon WIP Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>

2022-10-26

Implement GET /status handling - Add config.Version that gets populated during build from git information and is used to set services' versions. - Add GetServerState() methods to all three servers (provisioning, verification, vts). This returns the server's version, current status, and supported media types. - For VTS, the new method replaces GetVTSVersion, as that is now redundant. - Add GET request handling for /status path for provisioning and verification. This returns a JSON-serialized ServiceState in the response body. This can be used to verify whether the service is ready to receive requests. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-10-19

Improve error reporting for service frontends - Add additional logging - Add GetVersion to VTS API. Attempt to call this when initiating front end and warn if unable to connect (this provides early validation for provided connection settings). - Log an error inside ReportProblem. This communicates the issue in the frontend's log as well as reporting it to the client. - Report not being able to connect to gRPC backend as its own error type in other hander methods. Detect this and report HTTP status 500. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-10-03

policy: implement Store Implement the policy store that adds policy management semantics on top KVStore. Policies added to the store are automatically versioned. Policy version is now recorded along the Policy ID in the AttestationResult. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-09-17

Align trust vector with draft-ietf-rats-ar4si Bring the TrustVector within Attestation result into closer alignment with https://datatracker.ietf.org/doc/draft-ietf-rats-ar4si/ - Align the claims inside the TrustVector with those specified by the ar4si spec. - Change their values to be integers with values in the int8 range (note: due to protobuf limitations, actual representation is int32). - Add a TrustTier type that corresponds to the "Trustworthiness Tier" concept from ar4si. ARStatus has methods to covert its value into a tier. - The overall Test status is now a TrustTier. This is now set automatically by the core verifier from the TrustVector, rather than relying on Scheme plugins to update it (note: plugins can still override it, if necessary). - Add "veraison-verifier-added-claims" extension to the attestation result and allow it to be populated by policy. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com> Co-authored-by: Thomas Fossati <thomas.fossati@arm.com>

2022-08-22

proto: fix typo inside result.proto Correct the spelling of the json_name "veraison-processed-evidence" inside AttestationResult message. Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>

2022-08-16

First batch rooted on the provisioning service only use one top-level go.mod Signed-off-by: Thomas Fossati <thomas.fossati@arm.com>