diff --git a/server/artifactmanager/BUILD.bazel b/server/artifactmanager/BUILD.bazel
new file mode 100644
index 0000000..1392dc7
--- /dev/null
+++ b/server/artifactmanager/BUILD.bazel
@@ -0,0 +1,27 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "artifactmanager",
+    srcs = ["artifactmanager.go"],
+    importpath = "github.com/openconfig/bootz/server/artifactmanager",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//common/ownership_voucher",
+        "//server/proto:config",
+        "@openconfig_attestz//proto:tpm_enrollz_go",
+    ],
+)
diff --git a/server/artifactmanager/artifactmanager.go b/server/artifactmanager/artifactmanager.go
new file mode 100644
index 0000000..79a137c
--- /dev/null
+++ b/server/artifactmanager/artifactmanager.go
@@ -0,0 +1,154 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package artifactmanager is an artifact manager that manages artifacts like certificates and keys.
+// The implementation here is an in-memory implementation primarily used for testing and qualification.
+// For production usecase, you should replace this implementation with your own one.
+package artifactmanager
+
+import (
+	"context"
+	"crypto"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
+	"strings"
+
+	ownershipvoucher "github.com/openconfig/bootz/common/ownership_voucher"
+
+	epb "github.com/openconfig/attestz/proto/tpm_enrollz"
+	cpb "github.com/openconfig/bootz/server/proto/config"
+)
+
+// InMemoryArtifactManager provides a simple in memory handler for artifacts.
+type InMemoryArtifactManager struct {
+	trustAnchorCert *x509.Certificate
+	trustAnchorKey  crypto.PrivateKey
+	ownerCert       *x509.Certificate
+	ownerKey        crypto.PrivateKey
+	vendorCAPool    *x509.CertPool
+	controlCards    map[string]*cpb.ControlCard
+}
+
+// BootzServerTrustAnchorKeyPair returns the Bootz server trust anchor. This is the keypair that will generate the server's TLS certificate.
+func (m *InMemoryArtifactManager) BootzServerTrustAnchorKeyPair() (*x509.Certificate, crypto.PrivateKey) {
+	return m.trustAnchorCert, m.trustAnchorKey
+}
+
+// OwnerCertificateKeyPair returns the owner certificate keypair for signing the bootstrap response.
+func (m *InMemoryArtifactManager) OwnerCertificateKeyPair() (*x509.Certificate, crypto.PrivateKey) {
+	return m.ownerCert, m.ownerKey
+}
+
+// OwnershipVoucher returns the ownership voucher for the given serial number and vendor.
+func (m *InMemoryArtifactManager) OwnershipVoucher(ctx context.Context, serial string, vendor string) ([]byte, error) {
+	// We don't use the "vendor" argument because it is empty when the request is a ReportStatusRequest.
+	// For simplicity, we assume the serial numbers are unique within our inventory.
+	// For production usecase, you should maintain a list containing only the chassis that are being bootstrappped and match to that list to prevent serial number collision.
+	if v, ok := m.controlCards[serial]; ok {
+		ov, err := base64.StdEncoding.DecodeString(v.GetOwnershipVoucher())
+		if err != nil {
+			return nil, fmt.Errorf("base64 decoding failed: %v", err)
+		}
+		unmarshaled, err := ownershipvoucher.Unmarshal(ov, m.vendorCAPool)
+		if err != nil {
+			return nil, fmt.Errorf("unmarshalling failed: %v", err)
+		}
+		if !strings.EqualFold(unmarshaled.OV.SerialNumber, serial) {
+			return nil, fmt.Errorf("serial number does not match, got %v, want %v", unmarshaled.OV.SerialNumber, serial)
+		}
+		return ov, nil
+	}
+	return nil, fmt.Errorf("not found for serial number: %v", serial)
+}
+
+// PublicKey retrieves the EK or PPK public key of the chassis for use in the BootstrapStream challenge.
+func (m *InMemoryArtifactManager) PublicKey(ctx context.Context, serial string, vendor string) (crypto.PublicKey, epb.Key, error) {
+	// We don't use the "vendor" argument because it is empty when the request is a ReportStatusRequest.
+	// For simplicity, we assume the serial numbers are unique within our inventory.
+	// For production usecase, you should maintain a list containing only the chassis that are being bootstrappped and match to that list to prevent serial number collision.
+	if v, ok := m.controlCards[serial]; ok {
+		pubBytes, err := base64.StdEncoding.DecodeString(v.GetPublicKey())
+		if err != nil {
+			return nil, epb.Key_KEY_UNSPECIFIED, fmt.Errorf("failed to decode public key: %v", err)
+		}
+		pub, err := x509.ParsePKIXPublicKey(pubBytes)
+		if err != nil {
+			return nil, epb.Key_KEY_UNSPECIFIED, fmt.Errorf("failed to parse public key: %v", err)
+		}
+		return pub, v.GetPublicKeyType(), nil
+	}
+	return nil, epb.Key_KEY_UNSPECIFIED, fmt.Errorf("public key not found for serial number: %v", serial)
+}
+
+// VendorCABundle returns the pool of certificates that the server should use to validate the provided IDevID certificates.
+func (m *InMemoryArtifactManager) VendorCABundle() *x509.CertPool {
+	return m.vendorCAPool
+}
+
+func parseCertKeyPair(pair *cpb.CertKeyPair) (*x509.Certificate, crypto.PrivateKey, error) {
+	if pair == nil {
+		return nil, nil, fmt.Errorf("certificate key pair is nil")
+	}
+	certBytes, err := base64.StdEncoding.DecodeString(pair.GetCert())
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to decode certificate: %v", err)
+	}
+	keyBytes, err := base64.StdEncoding.DecodeString(pair.GetKey())
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to decode private key: %v", err)
+	}
+	cert, err := x509.ParseCertificate(certBytes)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to parse certificate: %v", err)
+	}
+	key, err := x509.ParsePKCS8PrivateKey(keyBytes)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to parse private key: %v", err)
+	}
+	return cert, key, nil
+}
+
+// New returns a new in-memory artifact manager.
+func New(config *cpb.Config) (*InMemoryArtifactManager, error) {
+	var err error
+	am := &InMemoryArtifactManager{}
+	am.trustAnchorCert, am.trustAnchorKey, err = parseCertKeyPair(config.GetTrustAnchor())
+	if err != nil {
+		return nil, fmt.Errorf("trust anchor error: %v", err)
+	}
+	am.ownerCert, am.ownerKey, err = parseCertKeyPair(config.GetOwnerCertificate())
+	if err != nil {
+		return nil, fmt.Errorf("owner certificate error: %v", err)
+	}
+	am.vendorCAPool = x509.NewCertPool()
+	for _, v := range config.GetVendorCaCerts() {
+		certBytes, err := base64.StdEncoding.DecodeString(v)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decode vendor CA certificate: %v", err)
+		}
+		cert, err := x509.ParseCertificate(certBytes)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse vendor CA certificate: %v", err)
+		}
+		am.vendorCAPool.AddCert(cert)
+	}
+	am.controlCards = make(map[string]*cpb.ControlCard)
+	for _, c := range config.GetChassis() {
+		for _, cc := range c.GetControlCards() {
+			am.controlCards[cc.GetSerialNumber()] = cc
+		}
+	}
+	return am, nil
+}
diff --git a/server/proto/BUILD.bazel b/server/proto/BUILD.bazel
new file mode 100644
index 0000000..b723c64
--- /dev/null
+++ b/server/proto/BUILD.bazel
@@ -0,0 +1,53 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@com_google_protobuf//bazel:proto_library.bzl", "proto_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library")
+
+package(default_visibility = ["//visibility:public"])
+
+proto_library(
+    name = "config_proto",
+    srcs = ["config.proto"],
+    import_prefix = "github.com/openconfig/bootz",
+    deps = [
+        "//proto:bootz_proto",
+        "@openconfig_attestz//proto:tpm_enrollz_proto",
+        "@openconfig_gnsi//authz:authz_proto",
+        "@openconfig_gnsi//pathz:pathz_proto",
+    ],
+)
+
+##############################################################################
+# Go
+##############################################################################
+
+go_proto_library(
+    name = "config_go_proto",
+    importpath = "github.com/openconfig/bootz/server/proto/config",
+    proto = ":config_proto",
+    deps = [
+        "//proto:bootz",
+        "@openconfig_attestz//proto:tpm_enrollz_go",
+        "@openconfig_gnsi//authz",
+        "@openconfig_gnsi//pathz",
+    ],
+)
+
+go_library(
+    name = "config",
+    embed = [":config_go_proto"],
+    importpath = "github.com/openconfig/bootz/server/proto/config",
+)
diff --git a/server/proto/config.proto b/server/proto/config.proto
new file mode 100644
index 0000000..6708d21
--- /dev/null
+++ b/server/proto/config.proto
@@ -0,0 +1,87 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package config;
+
+import "github.com/openconfig/attestz/proto/tpm_enrollz.proto";
+import "github.com/openconfig/bootz/proto/bootz.proto";
+import "github.com/openconfig/gnsi/authz/authz.proto";
+import "github.com/openconfig/gnsi/pathz/pathz.proto";
+
+option go_package = "github.com/openconfig/bootz/server/proto/config";
+
+// A binding configuration for Bootz server.
+message Config {
+  // Bootz server address (IP:port).
+  string server_address = 1;
+  // Bootz server trust anchor cert key pair.
+  CertKeyPair trust_anchor = 2;
+  // Owner certificate key pair.
+  CertKeyPair owner_certificate = 3;
+  // Based64 encoding of ASN.1 DER vendor CA certificates.
+  repeated string vendor_ca_certs = 4;
+  // Chassis owned by the organization.
+  repeated Chassis chassis = 5;
+}
+
+message CertKeyPair {
+  // Base64 encoding of ASN.1 DER certificate.
+  string cert = 1;
+  // Base64 encoding of PKCS#8 DER private key.
+  string key = 2;
+}
+
+message Chassis {
+  // Chassis manufacturer.
+  string manufacturer = 1;
+  // For fixed form factor chassis, populate only 1 control card to represent
+  // the chassis itself. For modular form factor chassis, populate 2 control
+  // cards.
+  repeated ControlCard control_cards = 2;
+  // The intended hostname of the chassis.
+  string hostname = 3;
+  // Boot mode defines the boot mode that can be secure or insecure.
+  bootz.BootMode boot_mode = 4;
+  // Whether Streaming Bootz is supported or not.
+  bool streaming_supported = 5;
+  // Software image to be loaded on the chassis.
+  bootz.SoftwareImage intended_image = 6;
+  // Bootloader password.
+  string boot_password_hash = 7;
+  // Boot config to be loaded on the chassis.
+  bootz.BootConfig boot_config = 8;
+  // Credentials.
+  bootz.Credentials credentials = 9;
+  // Pathz.
+  gnsi.pathz.v1.UploadRequest pathz = 10;
+  // Authz.
+  gnsi.authz.v1.UploadRequest authz = 11;
+  // Certz profiles.
+  bootz.CertzProfiles certz_profiles = 12;
+}
+
+message ControlCard {
+  // Serial number of the control card.
+  string serial_number = 1;
+  // Base64 encoding of ownership voucher.
+  string ownership_voucher = 2;
+  // Base64 encoding of PKIX DER EK/PPK public key.
+  // This field is not populated for control cards having IDevID.
+  string public_key = 3;
+  // Public key type: EK or PPK.
+  // This field is not populated for control cards having IDevID.
+  openconfig.attestz.Key public_key_type = 4;
+}
diff --git a/server/proto/config/config.pb.go b/server/proto/config/config.pb.go
new file mode 100755
index 0000000..34c9670
--- /dev/null
+++ b/server/proto/config/config.pb.go
@@ -0,0 +1,461 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v7.34.1
+// source: github.com/openconfig/bootz/server/proto/config.proto
+
+package config
+
+import (
+	tpm_enrollz "github.com/openconfig/attestz/proto/tpm_enrollz"
+	bootz "github.com/openconfig/bootz/proto/bootz"
+	authz "github.com/openconfig/gnsi/authz"
+	pathz "github.com/openconfig/gnsi/pathz"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Config struct {
+	state            protoimpl.MessageState `protogen:"open.v1"`
+	ServerAddress    string                 `protobuf:"bytes,1,opt,name=server_address,json=serverAddress,proto3" json:"server_address,omitempty"`
+	TrustAnchor      *CertKeyPair           `protobuf:"bytes,2,opt,name=trust_anchor,json=trustAnchor,proto3" json:"trust_anchor,omitempty"`
+	OwnerCertificate *CertKeyPair           `protobuf:"bytes,3,opt,name=owner_certificate,json=ownerCertificate,proto3" json:"owner_certificate,omitempty"`
+	VendorCaCerts    []string               `protobuf:"bytes,4,rep,name=vendor_ca_certs,json=vendorCaCerts,proto3" json:"vendor_ca_certs,omitempty"`
+	Chassis          []*Chassis             `protobuf:"bytes,5,rep,name=chassis,proto3" json:"chassis,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *Config) Reset() {
+	*x = Config{}
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Config) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Config) ProtoMessage() {}
+
+func (x *Config) ProtoReflect() protoreflect.Message {
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Config.ProtoReflect.Descriptor instead.
+func (*Config) Descriptor() ([]byte, []int) {
+	return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Config) GetServerAddress() string {
+	if x != nil {
+		return x.ServerAddress
+	}
+	return ""
+}
+
+func (x *Config) GetTrustAnchor() *CertKeyPair {
+	if x != nil {
+		return x.TrustAnchor
+	}
+	return nil
+}
+
+func (x *Config) GetOwnerCertificate() *CertKeyPair {
+	if x != nil {
+		return x.OwnerCertificate
+	}
+	return nil
+}
+
+func (x *Config) GetVendorCaCerts() []string {
+	if x != nil {
+		return x.VendorCaCerts
+	}
+	return nil
+}
+
+func (x *Config) GetChassis() []*Chassis {
+	if x != nil {
+		return x.Chassis
+	}
+	return nil
+}
+
+type CertKeyPair struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Cert          string                 `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"`
+	Key           string                 `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CertKeyPair) Reset() {
+	*x = CertKeyPair{}
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CertKeyPair) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CertKeyPair) ProtoMessage() {}
+
+func (x *CertKeyPair) ProtoReflect() protoreflect.Message {
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CertKeyPair.ProtoReflect.Descriptor instead.
+func (*CertKeyPair) Descriptor() ([]byte, []int) {
+	return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *CertKeyPair) GetCert() string {
+	if x != nil {
+		return x.Cert
+	}
+	return ""
+}
+
+func (x *CertKeyPair) GetKey() string {
+	if x != nil {
+		return x.Key
+	}
+	return ""
+}
+
+type Chassis struct {
+	state              protoimpl.MessageState `protogen:"open.v1"`
+	Manufacturer       string                 `protobuf:"bytes,1,opt,name=manufacturer,proto3" json:"manufacturer,omitempty"`
+	ControlCards       []*ControlCard         `protobuf:"bytes,2,rep,name=control_cards,json=controlCards,proto3" json:"control_cards,omitempty"`
+	Hostname           string                 `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`
+	BootMode           bootz.BootMode         `protobuf:"varint,4,opt,name=boot_mode,json=bootMode,proto3,enum=bootz.BootMode" json:"boot_mode,omitempty"`
+	StreamingSupported bool                   `protobuf:"varint,5,opt,name=streaming_supported,json=streamingSupported,proto3" json:"streaming_supported,omitempty"`
+	IntendedImage      *bootz.SoftwareImage   `protobuf:"bytes,6,opt,name=intended_image,json=intendedImage,proto3" json:"intended_image,omitempty"`
+	BootPasswordHash   string                 `protobuf:"bytes,7,opt,name=boot_password_hash,json=bootPasswordHash,proto3" json:"boot_password_hash,omitempty"`
+	BootConfig         *bootz.BootConfig      `protobuf:"bytes,8,opt,name=boot_config,json=bootConfig,proto3" json:"boot_config,omitempty"`
+	Credentials        *bootz.Credentials     `protobuf:"bytes,9,opt,name=credentials,proto3" json:"credentials,omitempty"`
+	Pathz              *pathz.UploadRequest   `protobuf:"bytes,10,opt,name=pathz,proto3" json:"pathz,omitempty"`
+	Authz              *authz.UploadRequest   `protobuf:"bytes,11,opt,name=authz,proto3" json:"authz,omitempty"`
+	CertzProfiles      *bootz.CertzProfiles   `protobuf:"bytes,12,opt,name=certz_profiles,json=certzProfiles,proto3" json:"certz_profiles,omitempty"`
+	unknownFields      protoimpl.UnknownFields
+	sizeCache          protoimpl.SizeCache
+}
+
+func (x *Chassis) Reset() {
+	*x = Chassis{}
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Chassis) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Chassis) ProtoMessage() {}
+
+func (x *Chassis) ProtoReflect() protoreflect.Message {
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Chassis.ProtoReflect.Descriptor instead.
+func (*Chassis) Descriptor() ([]byte, []int) {
+	return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Chassis) GetManufacturer() string {
+	if x != nil {
+		return x.Manufacturer
+	}
+	return ""
+}
+
+func (x *Chassis) GetControlCards() []*ControlCard {
+	if x != nil {
+		return x.ControlCards
+	}
+	return nil
+}
+
+func (x *Chassis) GetHostname() string {
+	if x != nil {
+		return x.Hostname
+	}
+	return ""
+}
+
+func (x *Chassis) GetBootMode() bootz.BootMode {
+	if x != nil {
+		return x.BootMode
+	}
+	return bootz.BootMode(0)
+}
+
+func (x *Chassis) GetStreamingSupported() bool {
+	if x != nil {
+		return x.StreamingSupported
+	}
+	return false
+}
+
+func (x *Chassis) GetIntendedImage() *bootz.SoftwareImage {
+	if x != nil {
+		return x.IntendedImage
+	}
+	return nil
+}
+
+func (x *Chassis) GetBootPasswordHash() string {
+	if x != nil {
+		return x.BootPasswordHash
+	}
+	return ""
+}
+
+func (x *Chassis) GetBootConfig() *bootz.BootConfig {
+	if x != nil {
+		return x.BootConfig
+	}
+	return nil
+}
+
+func (x *Chassis) GetCredentials() *bootz.Credentials {
+	if x != nil {
+		return x.Credentials
+	}
+	return nil
+}
+
+func (x *Chassis) GetPathz() *pathz.UploadRequest {
+	if x != nil {
+		return x.Pathz
+	}
+	return nil
+}
+
+func (x *Chassis) GetAuthz() *authz.UploadRequest {
+	if x != nil {
+		return x.Authz
+	}
+	return nil
+}
+
+func (x *Chassis) GetCertzProfiles() *bootz.CertzProfiles {
+	if x != nil {
+		return x.CertzProfiles
+	}
+	return nil
+}
+
+type ControlCard struct {
+	state            protoimpl.MessageState `protogen:"open.v1"`
+	SerialNumber     string                 `protobuf:"bytes,1,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
+	OwnershipVoucher string                 `protobuf:"bytes,2,opt,name=ownership_voucher,json=ownershipVoucher,proto3" json:"ownership_voucher,omitempty"`
+	PublicKey        string                 `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
+	PublicKeyType    tpm_enrollz.Key        `protobuf:"varint,4,opt,name=public_key_type,json=publicKeyType,proto3,enum=openconfig.attestz.Key" json:"public_key_type,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *ControlCard) Reset() {
+	*x = ControlCard{}
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ControlCard) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ControlCard) ProtoMessage() {}
+
+func (x *ControlCard) ProtoReflect() protoreflect.Message {
+	mi := &file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ControlCard.ProtoReflect.Descriptor instead.
+func (*ControlCard) Descriptor() ([]byte, []int) {
+	return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ControlCard) GetSerialNumber() string {
+	if x != nil {
+		return x.SerialNumber
+	}
+	return ""
+}
+
+func (x *ControlCard) GetOwnershipVoucher() string {
+	if x != nil {
+		return x.OwnershipVoucher
+	}
+	return ""
+}
+
+func (x *ControlCard) GetPublicKey() string {
+	if x != nil {
+		return x.PublicKey
+	}
+	return ""
+}
+
+func (x *ControlCard) GetPublicKeyType() tpm_enrollz.Key {
+	if x != nil {
+		return x.PublicKeyType
+	}
+	return tpm_enrollz.Key(0)
+}
+
+var File_github_com_openconfig_bootz_server_proto_config_proto protoreflect.FileDescriptor
+
+const file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc = "" +
+	"\n" +
+	"5github.com/openconfig/bootz/server/proto/config.proto\x12\x06config\x1a5github.com/openconfig/attestz/proto/tpm_enrollz.proto\x1a-github.com/openconfig/bootz/proto/bootz.proto\x1a,github.com/openconfig/gnsi/authz/authz.proto\x1a,github.com/openconfig/gnsi/pathz/pathz.proto\"\xfc\x01\n" +
+	"\x06Config\x12%\n" +
+	"\x0eserver_address\x18\x01 \x01(\tR\rserverAddress\x126\n" +
+	"\ftrust_anchor\x18\x02 \x01(\v2\x13.config.CertKeyPairR\vtrustAnchor\x12@\n" +
+	"\x11owner_certificate\x18\x03 \x01(\v2\x13.config.CertKeyPairR\x10ownerCertificate\x12&\n" +
+	"\x0fvendor_ca_certs\x18\x04 \x03(\tR\rvendorCaCerts\x12)\n" +
+	"\achassis\x18\x05 \x03(\v2\x0f.config.ChassisR\achassis\"3\n" +
+	"\vCertKeyPair\x12\x12\n" +
+	"\x04cert\x18\x01 \x01(\tR\x04cert\x12\x10\n" +
+	"\x03key\x18\x02 \x01(\tR\x03key\"\xdc\x04\n" +
+	"\aChassis\x12\"\n" +
+	"\fmanufacturer\x18\x01 \x01(\tR\fmanufacturer\x128\n" +
+	"\rcontrol_cards\x18\x02 \x03(\v2\x13.config.ControlCardR\fcontrolCards\x12\x1a\n" +
+	"\bhostname\x18\x03 \x01(\tR\bhostname\x12,\n" +
+	"\tboot_mode\x18\x04 \x01(\x0e2\x0f.bootz.BootModeR\bbootMode\x12/\n" +
+	"\x13streaming_supported\x18\x05 \x01(\bR\x12streamingSupported\x12;\n" +
+	"\x0eintended_image\x18\x06 \x01(\v2\x14.bootz.SoftwareImageR\rintendedImage\x12,\n" +
+	"\x12boot_password_hash\x18\a \x01(\tR\x10bootPasswordHash\x122\n" +
+	"\vboot_config\x18\b \x01(\v2\x11.bootz.BootConfigR\n" +
+	"bootConfig\x124\n" +
+	"\vcredentials\x18\t \x01(\v2\x12.bootz.CredentialsR\vcredentials\x122\n" +
+	"\x05pathz\x18\n" +
+	" \x01(\v2\x1c.gnsi.pathz.v1.UploadRequestR\x05pathz\x122\n" +
+	"\x05authz\x18\v \x01(\v2\x1c.gnsi.authz.v1.UploadRequestR\x05authz\x12;\n" +
+	"\x0ecertz_profiles\x18\f \x01(\v2\x14.bootz.CertzProfilesR\rcertzProfiles\"\xbf\x01\n" +
+	"\vControlCard\x12#\n" +
+	"\rserial_number\x18\x01 \x01(\tR\fserialNumber\x12+\n" +
+	"\x11ownership_voucher\x18\x02 \x01(\tR\x10ownershipVoucher\x12\x1d\n" +
+	"\n" +
+	"public_key\x18\x03 \x01(\tR\tpublicKey\x12?\n" +
+	"\x0fpublic_key_type\x18\x04 \x01(\x0e2\x17.openconfig.attestz.KeyR\rpublicKeyTypeB1Z/github.com/openconfig/bootz/server/proto/configb\x06proto3"
+
+var (
+	file_github_com_openconfig_bootz_server_proto_config_proto_rawDescOnce sync.Once
+	file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData []byte
+)
+
+func file_github_com_openconfig_bootz_server_proto_config_proto_rawDescGZIP() []byte {
+	file_github_com_openconfig_bootz_server_proto_config_proto_rawDescOnce.Do(func() {
+		file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc), len(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc)))
+	})
+	return file_github_com_openconfig_bootz_server_proto_config_proto_rawDescData
+}
+
+var file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_github_com_openconfig_bootz_server_proto_config_proto_goTypes = []any{
+	(*Config)(nil),              // 0: config.Config
+	(*CertKeyPair)(nil),         // 1: config.CertKeyPair
+	(*Chassis)(nil),             // 2: config.Chassis
+	(*ControlCard)(nil),         // 3: config.ControlCard
+	(bootz.BootMode)(0),         // 4: bootz.BootMode
+	(*bootz.SoftwareImage)(nil), // 5: bootz.SoftwareImage
+	(*bootz.BootConfig)(nil),    // 6: bootz.BootConfig
+	(*bootz.Credentials)(nil),   // 7: bootz.Credentials
+	(*pathz.UploadRequest)(nil), // 8: gnsi.pathz.v1.UploadRequest
+	(*authz.UploadRequest)(nil), // 9: gnsi.authz.v1.UploadRequest
+	(*bootz.CertzProfiles)(nil), // 10: bootz.CertzProfiles
+	(tpm_enrollz.Key)(0),        // 11: openconfig.attestz.Key
+}
+var file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs = []int32{
+	1,  // 0: config.Config.trust_anchor:type_name -> config.CertKeyPair
+	1,  // 1: config.Config.owner_certificate:type_name -> config.CertKeyPair
+	2,  // 2: config.Config.chassis:type_name -> config.Chassis
+	3,  // 3: config.Chassis.control_cards:type_name -> config.ControlCard
+	4,  // 4: config.Chassis.boot_mode:type_name -> bootz.BootMode
+	5,  // 5: config.Chassis.intended_image:type_name -> bootz.SoftwareImage
+	6,  // 6: config.Chassis.boot_config:type_name -> bootz.BootConfig
+	7,  // 7: config.Chassis.credentials:type_name -> bootz.Credentials
+	8,  // 8: config.Chassis.pathz:type_name -> gnsi.pathz.v1.UploadRequest
+	9,  // 9: config.Chassis.authz:type_name -> gnsi.authz.v1.UploadRequest
+	10, // 10: config.Chassis.certz_profiles:type_name -> bootz.CertzProfiles
+	11, // 11: config.ControlCard.public_key_type:type_name -> openconfig.attestz.Key
+	12, // [12:12] is the sub-list for method output_type
+	12, // [12:12] is the sub-list for method input_type
+	12, // [12:12] is the sub-list for extension type_name
+	12, // [12:12] is the sub-list for extension extendee
+	0,  // [0:12] is the sub-list for field type_name
+}
+
+func init() { file_github_com_openconfig_bootz_server_proto_config_proto_init() }
+func file_github_com_openconfig_bootz_server_proto_config_proto_init() {
+	if File_github_com_openconfig_bootz_server_proto_config_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc), len(file_github_com_openconfig_bootz_server_proto_config_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_github_com_openconfig_bootz_server_proto_config_proto_goTypes,
+		DependencyIndexes: file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs,
+		MessageInfos:      file_github_com_openconfig_bootz_server_proto_config_proto_msgTypes,
+	}.Build()
+	File_github_com_openconfig_bootz_server_proto_config_proto = out.File
+	file_github_com_openconfig_bootz_server_proto_config_proto_goTypes = nil
+	file_github_com_openconfig_bootz_server_proto_config_proto_depIdxs = nil
+}