| CPC H04L 63/20 (2013.01) [G06F 11/3409 (2013.01); G06F 11/3055 (2013.01); G06F 11/3089 (2013.01); G06F 21/57 (2013.01)] | 28 Claims |
|
1. A computing system, comprising:
at least one memory to store instructions; and
processing circuitry to execute the instructions to perform operations that verify a state of a hardware device capable to perform compute operations on behalf of the computing system, the instructions to perform operations to:
obtain layered attestation evidence from the hardware device regarding the state of the hardware device, wherein the layered attestation evidence includes attesting evidence from a first hardware layer of the hardware device that is dependent on attesting evidence from a second hardware layer of the hardware device;
obtain endorsement information to be used to evaluate the layered attestation evidence, the endorsement information obtained from a manifest and relating to a third party verification of the state of the hardware device;
determine an appraisal policy to be used to evaluate the layered attestation evidence, the appraisal policy obtained from an expected device definition;
validate attestation of the state of the hardware device by applying the appraisal policy and the endorsement information to evaluate the layered attestation evidence; and
perform compute operations with the hardware device, in response to the attestation of the state of the hardware device.
|