Enable retrieval of trust anchors and reference values from a CoSERV distribution endpoint #40
Description
Summary
Feature request to allow the local trust anchor and reference value stores to be populated by retrieving them from an endorsement distribution API endpoint using CoSERV.
Details
Currently, one must use the golden command to populate the trust anchor and reference value stores from existing CCA evidence. This feature request is to allow them to be populated from an endorsement distribution API endpoint instead.
Veraison is being expanded to support an endorsement distribution API alongside the existing endorsement provisioning and verification (challenge-response) APIs. At time of writing, this API is being developed in a coserv feature branch of Veraison services and is not mainline. Initially, it would make sense to create a corresponding coserv branch of this repo and implement this request there until it can be upstreamed to main.
There is a dependency on this issue in the rust-apiclient crate, which will make it possible to call Veraison's endorsement distribution API from Rust client code.
The requirement is to add a new sub-command to the CLI with inputs as follows:
- Base URL to the endorsement distribution endpoint, eg:
--apiserver https://<veraison-host>:<veraison-port>/endorsement-distribution/v1/coserv - Arm CCA
instanceIdstring - Arm CCA
implementationIdstring
The operation of this command would form a CoSERV query based on the input strings, and make a single API call via the rust-apiclient crate. On success, it will unpack the CoSERV results and use them to populate the local TA and RV files.
The behaviours of the existing golden, verify and appraise commands remain the same.