The following is a quick overview of the Veraison repos. This is a selective list to help get started navigating the work under the Project Veraison organisation. For a full list of repos, see: https://github.com/orgs/veraison/repositories?type=all
Unless specified, code repos are Golang based
services This is the main repo holding the code implementing the attestation verification components that can be used to create a service.
docs Veraison documentation
book Compilation of documentation for various Veraison projects into a reader-friendly format
community Veraison community files. Look here for introductory presentations to the project and CCC membership materials.
veraison.github.io Currently a placeholder for veraison-project.org.
Veraison services expose REST APIs. This set of libraries provides convenient code abstractions for the API model, to be used in client verification and provisioning applications.
apiclient: Veraison API client implementation in Go rust-apiclient: Veraison API client implementation in Rust c-apiclient: Veraison API client implementation in C
This collection of libraries provides manipulation and verification functionality for Attestation formats of various architectures.
psatoken: Platform Security Abstraction (PSA) Attestation Token manipulation library.
ccatoken A library for the Arm Confidential Computing Architecture (CCA) Attestation Token.
rust-ccatoken Rust implementation of the Arm Confidential Computing Architecture (CCA) Attestation Token library.
dice: library providing support functions for manipulating various profiles of DICE.
parsec: Library support for handling the Parsec Key Attestation formats used in the attested TLS PoC.
enact-demo: EnactTrust TPM/Veraison interop demo and related docs
keybroker-demo: A simple key broker protocol demonstration
CLI tools for illustrative interactions with attestation tokens or a Veraison service. Used for demos & integration testing.
evcli CLI for handling attestation evidence
pocli CLI for Veraison services policy management client
gen-corim CLI for generating CoRIM (containing Endorsements and Reference Values) using Evidence
gen-testcase Test case generator for CoRIM-related testing and validation
cca-realm-measurements A tool to calculate Realm Initial Measurements and Realm Extended Measurements for Arm CCA
The Veraison Project supports Attestation related working groups in standards bodies, in particular IETF & TCG. This set of repos provide test bed implementations for some of the standards work, as related to Veraison services.
eat Golang library for manipulating Entity Attestation Tokens (draft-ietf-rats-eat).
These libraries provide functions for working with EAR (EAT Attestation Results), an EAT/JWT serialisation of the Attestation Result for Secure Interactions (AR4SI) information model - see draft-fv-rats-ear
ear: Golang implementation of EAT Attestation Results rust-ear: Rust implementation of EAT Attestation Results c-ear: C implementation of EAT Attestation Results python-ear: Python implementation of EAT Attestation Results
cmw: implementation for RATS WG Conceptual Message Wrappers (draft-ftbs-rats-msg-wrap) for attestation related data encapsulation.
rust-cmw: Rust implementation of RATS WG Conceptual Message Wrappers
ratsd: A RATS conceptual message collection daemon
These libraries provide support for the standard information models used to convey data to a Verifier.
corim: manipulation of Concise Reference Integrity Manifest (CoRIM) and Concise Module Identifier (CoMID) tags. Also includes cocli CLI tool, that assists users creating CoRIM & CoMID tags.
corim-rs: Rust implementation of CoRIM and CoMID manipulation library
swid : SWID and CoSWID manipulation library
go-cose: go library for CBOR Object Signing and Encryption (COSE)
flowchart TD
VR("Veraison Roles")
style VR fill:#f9f,stroke:#333,stroke-width:4px
LG["<b>Logical Group</b> \n <i>Repository name</i>"]
subgraph Daigram[<b>Daigram Convention</b>]
VR -->| Direct Usage | LG
VR -.-> | Possible Usage | LG
LG -->| Direct Dependency | LG
end
flowchart TD
subgraph Veraison["<b>Core Structure </b?"]
style Veraison stroke:#333,stroke-width:4px
SP("Supply Chain")
style SP fill:#f9f,stroke:#333,stroke-width:4px
ATT("Attester")
style ATT fill:#f9f,stroke:#333,stroke-width:4px
COCLI["<b>Endorsement Manipulation CLI Tool</b>
<i>cocli</i>"]
GEN-CORIM["<b>Endorsement creation from Evidence CLI Tool</b>
<i>gen-corim</i>"]
VPF["<b>Verifier Provisioning Formats</b>
<i>corim</i>
<i>corim-rs</i>
<i>coswid</i>"]
COCLI ---> VPF
CL["<b>Common Libraries</b>
<i>go-cose</i>"]
VPF ---> CL
EF["<b>Evidence Formats</b>
<i>dice</i>
<i>eat</i>
<i>psatoken</i>
<i>ccatoken</i>
<i>rust-ccatoken</i>
<i>enacttrust-tpm</i>
<i>parsec (tpm, cca)</i>"]
EF ---> CL
SD["<b>Core Verifier repositories</b>
<i>services</i>
<i>docs</i>
<i>book</i>
<i>ratsd</i>"]
RP("Relying Party")
style RP fill:#f9f,stroke:#333,stroke-width:4px
AR["<b>Attestation Results</b>
<i>ear</i>
<i>c-ear</i>
<i>rust-ear</i>
<i>python-ear</i>"]
RP ---> AR
subgraph Verifier["Verifier"]
style Verifier fill:#f9f,stroke:#333,stroke-width:4px
SD
end
Verifier ---> AR
Verifier ---> VPF
Verifier ---> CL
Verifier ---> EF
SP ---> COCLI
API["<b>API CLIENT LIBRARIES</b>
<i>apiclient</i>
<i>c-apiclient</i>
<i>rust-apiclient</i>"]
SP -.-> API
EVCLI["<b>Evidence Manipulation CLI Tool</b> \n <i>evcli</i> "]
EVCLI ---> API
CMW["<b>CONCEPTUAL MESSAGE WRAPPER</b>
<i>cmw</i>
<i>rust-cmw</i>"]
ATT --->EF
ATT -.-> EVCLI
EVCLI ---> EF
API ---> CMW
Verifier ---> CMW
POCLI["<b>Policy Mgmt CLI Tool</b>
<i>pocli</i>"]
VO("Verifier Owner")
style VO fill:#f9f,stroke:#333,stroke-width:4px
VO --> POCLI
POCLI ---> API
end
flowchart TD
VA["
<i>community</i>
<i>veraison.github.io</i>"]
subgraph Veraison["<b>Administrative Repositories</b>"]
VA
end