pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

//! Trust Domains Modeling
//!
//! Provides explicit separation of concerns for various facets of platform
//! and runtime trust, preventing semantic leakage between domains.

use alloc::string::String;
use alloc::vec::Vec;

/// Explicit classification of distinct trust domains.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
pub enum TrustDomain {
    HardwareIdentity,
    MeasuredBoot,
    SecureBoot,
    RuntimeIntegrity,
    SupplyChain,
    Provenance,
    Transparency,
    ContinuousAttestation,
    // --- Phase 3.0 Sovereign Node Additions ---
    WorkloadIntegrity,
    ConsensusIntegrity,
    // --- Phase 3.3 Byzantine Federation Convergence ---
    DistributedGovernance,
    // --- Phase 3.4 Federation Time Semantics ---
    TemporalTimekeeping,
    // --- Phase 3.5 Infrastructure Resilience ---
    RecoveryIntegrity,
    // --- Phase 3.6 Adaptive Federation Synchronization ---
    FederationAvailability,
}

/// Explicit reasons why a verification decision succeeded or failed.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, serde::Serialize, serde::Deserialize)]
pub enum VerificationDecisionReason {
    /// Verification passed all checks.
    Success,
    /// Secure Boot is required but was disabled or in setup mode.
    SecureBootDisabled,
    /// An unauthorized firmware or policy rollback was detected.
    BaselineRollbackDetected,
    /// The firmware generation reported is completely unknown.
    UnknownFirmwareGeneration,
    /// Measurement drift exceeding permissible bounds was detected.
    CriticalDriftDetected,
    /// An expected OS Kernel measurement was missing from the evidence.
    MissingKernelMeasurement,
    /// The supplied Platform Profile is malformed or invalid.
    InvalidPlatformProfile,
    /// The hardware vendor is not supported by the current policy.
    UnsupportedVendor,
    // --- Phase 2.8 Continuous & Runtime Integrity Additions ---
    /// Runtime integrity subsystem is disabled or unavailable.
    RuntimeIntegrityUnavailable,
    /// IMA log entry did not match expected database or whitelist digest.
    ImaMeasurementMismatch,
    /// Kernel measurement is missing in the runtime log.
    KernelMeasurementMissing,
    /// Unauthorized changes or deviations detected in running executables/libs.
    CriticalRuntimeDrift,
    /// Continuous attestation lease/session duration has expired.
    ContinuousAttestationExpired,
    /// Current policy does not support the requested runtime configuration.
    UnsupportedRuntimePolicy,
    /// The sequence number in the attestation stream is invalid or non-monotonic.
    InvalidAttestationSequence,
    /// A sequence gap was detected indicating potential missed measurements.
    RuntimeMeasurementGap,
    /// The policy epoch sent by the prover does not match the verifier epoch.
    PolicyEpochMismatch,
    // --- Phase 2.9 Federated Trust Additions ---
    /// No valid verifier federation is present in the evaluation context.
    VerifierFederationAbsent,
    /// The distributed consensus vote did not reach the required quorum.
    ConsensusQuorumFailed,
    /// The federated policy epoch has not been approved by quorum.
    FederatedPolicyNotApproved,
    /// Cross-verifier timeline reconciliation detected inconsistencies.
    TimelineInconsistencyDetected,
    // --- Phase 3.0 Sovereign Node Additions ---
    /// The running Bitcoin Core binary does not match the expected identity.
    BitcoinBinaryMismatch,
    /// An unauthorized mutation to the Bitcoin node configuration was detected.
    UnauthorizedConfigMutation,
    /// The node's event timeline diverged from the canonical history.
    NodeTimelineDivergence,
    /// The node identity presented is invalid or unregistered.
    InvalidNodeIdentity,
    /// The Bitcoin node's runtime behavior deviated from permitted parameters.
    RuntimeNodeDrift,
    /// The Bitcoin node attestation session has been replayed.
    ReplayedNodeSession,
    /// Required transparency anchoring for the node was withheld or missing.
    TransparencyWithholding,
    /// The specified policy profile is missing or corrupted.
    PolicyProfileCorruption,
    /// A policy rollback attack against the Bitcoin node was rejected.
    PolicyRollbackRejected,
    // --- Phase 3.3 Byzantine Federation Convergence Additions ---
    /// Verifier identity has been formally revoked.
    VerifierRevoked,
    /// Verifier equivocation (contradictory state commitments) was detected.
    EquivocationDetected,
    /// Byzantine partition detected (multiple conflicting sub-quorums).
    ByzantinePartitionDetected,
    /// Verifier lacks topological authority for this domain.
    TopologyAuthorityExceeded,
    /// Cross-federation conflict or irreconcilable divergence detected.
    CrossFederationConflict,
    /// Governance continuity chain is broken or missing.
    GovernanceContinuityBroken,
    // --- Phase 3.4 Federation Time Semantics Additions ---
    /// Physical time drift exceeds bounded skew limits.
    TimeSkewExceeded,
    /// Logical clock synchronization failed or non-monotonic.
    LogicalClockFailed,
    /// Epoch-key binding validation failed.
    EpochKeyBindingInvalid,
    /// Verifier key registration is not yet anchored.
    VerifierNotAnchored,
    // --- Phase 3.5 Infrastructure Resilience ---
    /// Recovery procedure violated (e.g., partition detected, invalid snapshot, missing lineage).
    RecoveryIntegrityFailure,
    // --- Phase 3.6 Adaptive Federation Synchronization Additions ---
    /// Synchronization collapse detected across peers.
    SynchronizationCollapse,
    /// Eclipse risk detected due to concentrated topology.
    EclipseRiskDetected,
    /// Snapshot proof failed Merkle validation.
    InvalidSnapshotProof,
    /// State reconstruction failed due to invalid lineage or ordering.
    ReconstructionFailure,
    /// Quorum liveness and convergence properties failed.
    FederationLivenessFailure,
}

/// Structured outcome of evaluation for a single trust domain.
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub struct TrustEvaluation {
    /// The trust domain being evaluated.
    pub domain: TrustDomain,
    /// True if the domain is fully trusted according to policy rules.
    pub trusted: bool,
    /// Reasons for failures or confirmations of trust.
    pub reasons: Vec<VerificationDecisionReason>,
    /// Non-fatal warnings observed during evaluation.
    pub warnings: Vec<String>,
}

impl TrustEvaluation {
    /// Creates a trusted evaluation for a given domain.
    #[must_use]
    pub fn trusted(domain: TrustDomain) -> Self {
        Self {
            domain,
            trusted: true,
            reasons: Vec::new(),
            warnings: Vec::new(),
        }
    }

    /// Creates an untrusted evaluation for a given domain.
    #[must_use]
    pub fn untrusted(domain: TrustDomain, reasons: Vec<VerificationDecisionReason>) -> Self {
        Self {
            domain,
            trusted: false,
            reasons,
            warnings: Vec::new(),
        }
    }
}