Veraison

The tools and services that you will use in this Learning Path derive from an Open-Source project called Veraison . Veraison is a project that was founded within Arm but has since been donated to the Confidential Computing Consortium as an ongoing community project with a growing number of contributors from other organizations. Veraison addresses the verification aspect of attestation. It provides reusable tools and components that can be deployed in the construction of verification services or libraries.

Confidential computing is a new, and fast-growing industry. There are many stakeholders, including:

  • Hardware manufacturers.
  • Firmware vendors.
  • Service providers.
  • Application developers.
  • End users.
  • Regulators.

Attestation is an end-to-end process that has the potential to impact all of these stakeholders. Good alignment and interoperability are both essential. The Veraison project is being developed in parallel with several standardization efforts across various industry bodies.

Veraison demonstrates the effectiveness of these standards in practice, facilitating their ongoing development within open communities, and makes it possible to build functioning software from them.

In this Learning Path, you will use some of the command-line tools that Veraison provides. You will also make use of an attestation verifier service that is built entirely from Veraison components.

Now that you have some background information, you can move on to the next section where you will download a file that contains an example of a CCA attestation token. You will then use command-line tools to inspect the contents of the token, and you will see how to use an attestation verifier service to verify and evaluate the token.

Back
Next