Difference between revisions of "Attestation"

From MgmtWiki
Jump to: navigation, search
(Solutions)
(Solutions)
 
(3 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
==Context==
 
==Context==
 
A [[Remote Attestation]] Service was proposed as a service that would accept statements from a [[TPM]] to verify that the code running on the computer was that approved by the manufacturer.
 
A [[Remote Attestation]] Service was proposed as a service that would accept statements from a [[TPM]] to verify that the code running on the computer was that approved by the manufacturer.
 +
 +
==Solutions==
 +
* [https://www.cisa.gov/sites/default/files/2024-03/Self-Attestation-Common-Form-03082024-FINAL.pdf US CISA Secure Software Development Attestation Form Instructions] The purpose of this form is to provide the Federal Government assurances that software used by agencies is securely developed. (2024-03)
 +
* [https://developer.android.com/training/articles/security-key-attestation Verifying hardware-backed key pairs with Key Attestation] in Android for [[Smartphone]]s.<blockquote>Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The link describes how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data. </blockquote>
 +
* [https://developer.apple.com/documentation/devicecheck/dcappattestservice/3573911-attestkey attestKey(_:clientDataHash:completionHandler:)] Asks Apple to attest to the validity of a generated cryptographic key.
  
 
==References==
 
==References==
* Also see wiki page [[Attested]] for details of an [[Attestation]].
+
* See wiki page [[Attested]] for details of an [[Attestation]].
 
+
* See wiki page [[Hardware-Enabled Security]]
==Solutions==
 
* [https://developer.android.com/training/articles/security-key-attestation Verifying hardware-backed key pairs with Key Attestation] in Android for [[Smartphone]]s.<blockquote>Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The following sections describe how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data. </blockquote>
 
  
 
[[Category: Attestation]]
 
[[Category: Attestation]]
 
[[Category: Assurance]]
 
[[Category: Assurance]]
 +
[[Category: Hardware]]

Latest revision as of 13:24, 20 March 2024

Full Title or Meme

Attestation in computing devices typically means a statement from a Trust Authority about the security of statements made by some other computing device.

Context

A Remote Attestation Service was proposed as a service that would accept statements from a TPM to verify that the code running on the computer was that approved by the manufacturer.

Solutions

References