Skip to content
/ certifier-framework-for-confidential-computing Public

The Confidential Computing Certifier Framework consists of a client API called the Certifier-API and server-based policy evaluation called the Certifier Service. It simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing support for scalable, policy-driven trust management including

License

Apache-2.0 license
36 stars 12 forks Activity
Star
Notifications

vmware-research/certifier-framework-for-confidential-computing

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
46 branches 1 tag
Code

Latest commit

@yelvmw @gapisback
yelvmw and gapisback (#215) Fix scripts, Makefiles to have test.sh run on dev Linux h/w, e…
f85c449 Oct 30, 2023
(#215) Fix scripts, Makefiles to have test.sh run on dev Linux h/w, e… 
…nvs.

This commit does some clean-up of scripts and Makefiles so that
the newly-added test.sh can be used by other dev engineers on
diff Linux physical machines.

- Fix few Makefiles to allow re-specifying LOCAL_LIB, to point
  to, say, /usr/local/lib (for SSL libs, e.g.)
- Hacky support to allow use of OpenSSL V1.x versions
- Add NO_ENABLE_SEV=1 flag in certifier.mak, so that we can build
  shared library without #include'ing SEV_SNP-specific code.
  Including SEV_SNP-specific code seems to cause pytests to
  "hang", when running pytests on simulated-enclave, as the
  tests end up calling SEV_SNP code-paths.

  - test.sh: Use this new flag when building shared-libraries in
    the test-run_example-simple_app() test-case. This is used to
    execute pytests that need Certifier Service on SEV-enabled h/w.
f85c449

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
(#184) Refactor build.yml test execution into test.sh functions
October 24, 2023 08:10
CI/scripts
(#215) Fix scripts, Makefiles to have test.sh run on dev Linux h/w, e…
October 30, 2023 09:30
Doc
Accelerator verification (#203)
October 12, 2023 10:34
application_service
Add SEV-SNP extended guest request for platform certificates (#201)
October 12, 2023 11:17
certifier_service
Full authentication channel (#209)
October 19, 2023 14:19
deprecated
(#166) Replace hard-coded crypto-algorithm names with string constants
August 22, 2023 18:31
include
simple_app_python: Complete client-server secure communication channel
October 24, 2023 16:50
openenclave_test
(#160) Standardize & appliy clang-format rules to Certifier code base.
August 5, 2023 08:03
sample_apps
simple_app_python: Complete client-server secure communication channel
October 24, 2023 16:50
sev-snp-simulator
Certifier in tee (#188)
August 29, 2023 16:07
src
(#215) Fix scripts, Makefiles to have test.sh run on dev Linux h/w, e…
October 30, 2023 09:30
tests
(#215) Fix scripts, Makefiles to have test.sh run on dev Linux h/w, e…
October 30, 2023 09:30
third_party
(#120) Apply gofmt to all Go-files in Certifier repo. Add CI-checks
June 30, 2023 17:05
utilities
Full authentication channel (#209)
October 19, 2023 14:19
.clang-format
(#160) Standardize & appliy clang-format rules to Certifier code base.
August 5, 2023 08:03
.gitignore
Add Python client-server SSL channel with mTLS communication test.
October 20, 2023 08:00
CODE_OF_CONDUCT.md
Corrections to README, CONTRIBUTING and CODE.
August 4, 2022 10:11
CONTRIBUTING.md
fixed 2 links in the formatting commit messages section that were bro…
February 13, 2023 14:53
CONTRIBUTOR_LADDER.md
adding draft governance and contributor ladder documentation after di…
February 13, 2023 17:05
GOVERNANCE.md
adding draft governance and contributor ladder documentation after di…
February 13, 2023 17:05
INSTALL.md
Add Go wrappers for Certifier TEE primitives (#179)
August 21, 2023 16:30
LICENSE
Adding LICENSE
July 22, 2022 03:16
MAINTAINERS.md
Cleanup and update SECURITY.md contents and maintainer's email IDs.
October 19, 2023 23:33
README.md
Cleanup README.md and other docs. Remove dup misc test from CI.
June 30, 2023 17:05
SECURITY.md
Cleanup and update SECURITY.md contents and maintainer's email IDs.
October 19, 2023 23:33
STATUS
started platform service
February 12, 2023 14:19
Certifier Framework for Confidential Computing Overview Documentation and Installation Feedback and questions Contributing License

README.md

Certifier Framework for Confidential Computing

Overview

The Certifier Framework for Confidential Computing consists of a client API called the Certifier API and server-based policy evaluation server called the Certifier Service.

The Certifier API greatly simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing simple client trust management, including attestation evaluation, secure storage, platform initialization, secret sharing, secure channels and other services.

The Certifier Service provides support for scalable, policy-driven trust management, including attestation evaluation, application upgrade and other Confidential Computing Trust services.

This project was started at VMware Inc.

Except as expressly noted in individual source files, the code and accompanying material is licensed for general use under the Apache 2.0 License. Some test drivers are licensed under GPL 2.0; fortunately, there are very few affected files and none of the GPL code is required in the Certifier API, sample applications, utilities or the Certifier Service.

Please consult the LICENSE file for APACHE 2.0 details and terms. By using this software you agree to those terms of the respective licenses.

The repository contains the complete Certifier Framework source and a number of examples as well as complete instructions. In particular, the sample program in sample_apps/simple_app example_app.cc is a complete guide for building and developing an application, and policy, as well as deploying a service.

Documentation and Installation

Instructions on building the Certifier Framework for Confidential Computing can be found in INSTALL.md and additional documentation can be found in the Doc subdirectory.

Feedback and questions

Feedback and questions can be submitted on the github site. All feedback will be treated as licensed under the Apache license.

Contributing

The certifier-framework-for-confidential-computing project team welcomes contributions from the community. Before you start working with this project please read and sign our Contributor License Agreement (https://cla.vmware.com/cla/1/preview). If you wish to contribute code and you have not signed our Contributor Licence Agreement (CLA), our bot will prompt you to do so when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ.

License

Except as expressly set forth in a source file, the contents of this repository are licensed under the Apache 2.0 license which is included in the LICENSE file. There are a very few files, used for testing (and not included in the API or services) that have other license terms.

About

The Confidential Computing Certifier Framework consists of a client API called the Certifier-API and server-based policy evaluation called the Certifier Service. It simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing support for scalable, policy-driven trust management including

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

36 stars

Watchers

3 watching

Forks

12 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 10

Languages