pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

//! Workload Integrity Abstractions
//!
//! Provides descriptors and identity models for workloads running on
//! the platform.
//!
//! **SECURITY NOTE**: This module provides metadata abstractions only. It
//! does NOT claim workload isolation guarantees, memory shielding, or full
//! container/runtime security.

use crate::digest::TypedDigest;
use alloc::string::String;
use alloc::vec::Vec;

/// High-level identity descriptor for a running workload (e.g. Docker container, VM).
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub struct WorkloadIdentity {
    /// Unique identifier of the workload.
    pub workload_id: String,
    /// Cryptographic digest of the workload image/executable.
    pub image_digest: TypedDigest,
    /// Optional identifier of the supply-chain signer.
    pub signer: Option<String>,
}

/// Collected evidence of workloads executing on the platform.
#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
pub struct WorkloadIntegrityEvidence {
    /// List of workloads observed on the system.
    pub workloads: Vec<WorkloadIdentity>,
}