Expand description
§pqrascv-hardware
Hardware trust validation layer for PQ-RASCV v2.
This crate provides the typed abstractions, verification logic, and policy rules for hardware-rooted attestation. It is the bridge between raw hardware evidence (TPM quotes, DICE CDIs, TDX reports) and the policy engine.
§Module Overview
| Module | Purpose |
|---|---|
digest | Typed digest model — eliminates SHA-256/SHA3-256 ambiguity |
pcr | PCR semantic specification — canonical slot meanings |
counter | Hardware monotonic counter evidence |
backend | Hardware backend trait and evidence types |
tpm_verify | TPM 2.0 quote structural verification |
policy | Hardware-aware policy rules |
audit_trace | Cryptographically linked, append-only lineage of evaluation events |
invariants | System-wide assertions to prevent Byzantine violations and equivocation |
consistency_checker | Full divergence drift validation for the global audit trace |
§Trust Model
Hardware (TPM/DICE/TDX/SEV-SNP)
└── HardwareRootOfTrust::collect_evidence(nonce)
└── HardwareEvidence { backend_type, pcr_bank, counter, ... }
└── TpmQuoteVerifier::verify_structure(...)
└── HardwarePolicyEngine::evaluate(...)
└── Ok(()) → evidence is trustworthy§Feature Flags
| Feature | Effect |
|---|---|
std (default) | Enables std::error::Error on error types |
unsafe-test-backend | Enables HardwareBackendType::TestOnly — NEVER in production |
§Security Invariants
HardwareBackendType::TestOnlyis only constructible withunsafe-test-backend.- All PCR digests in
TypedPcrBankmust be SHA3-256 before policy evaluation. TpmQuoteVerifierchecks nonce binding FIRST, before any other validation.HardwarePolicyEngine::hardware_production()rejects non-hardware-rooted backends.CounterEvidence::HardwareMonotonicis the only counter variant accepted byRequireHardwareMonotonicCounter.
Re-exports§
pub use backend::BackendSpecificEvidence;pub use backend::DiceEvidence;pub use backend::HardwareBackendType;pub use backend::HardwareCapabilities;pub use backend::HardwareError;pub use backend::HardwareEvidence;pub use backend::HardwareRootOfTrust;pub use backend::NitroEnclaveEvidence;pub use backend::SevSnpEvidence;pub use backend::TdxEvidence;pub use backend::TpmClockInfo;pub use backend::TpmIdentity;pub use backend::TpmQuoteEvidence;pub use baseline::ExpectedPcr;pub use baseline::PcrBaseline;pub use baseline::PolicyVersion;pub use boot_chain::BootChainEvidence;pub use continuous_attestation::AttestationSession;pub use continuous_attestation::SessionError;pub use counter::CounterEvidence;pub use digest::DigestAlgorithm;pub use digest::TypedDigest;pub use distributed_consensus::ConsensusDecision;pub use distributed_consensus::ConsensusEvaluation;pub use distributed_consensus::VerifierVote;pub use drift::DriftDetectionEngine;pub use drift::DriftPolicyMode;pub use drift::DriftReport;pub use drift::DriftSeverity;pub use governance::GovernanceAction;pub use governance::GovernanceError;pub use governance::GovernanceLog;pub use governance::GovernanceRecord;pub use ima_integration::ImaEvidence;pub use ima_integration::ImaMeasurement;pub use ima_integration::ImaParseError;pub use pcr::PcrMeasurement;pub use pcr::PcrSemantic;pub use pcr::SlotSemanticMismatch;pub use pcr::TypedPcrBank;pub use platform_profiles::PlatformClass;pub use platform_profiles::PlatformProfile;pub use platform_profiles::PlatformVendor;pub use platform_profiles::PlatformVerificationReport;pub use platform_profiles::RuntimeVerificationReport;pub use policy::HardwarePolicyContext;pub use policy::HardwarePolicyEngine;pub use policy::HardwarePolicyError;pub use policy::HardwarePolicyRule;pub use policy_federation::FederatedPolicyEpoch;pub use policy_federation::FederatedPolicyError;pub use policy_federation::FederatedPolicyRegistry;pub use profiles::sovereign_bitcoin_node_profile;pub use reputation::VerifierReputation;pub use runtime_attestation::RuntimeAttestationEvidence;pub use runtime_attestation::RuntimeMeasurement;pub use runtime_attestation::RuntimeMeasurementDomain;pub use runtime_attestation::RuntimePolicyEpoch;pub use runtime_drift::RuntimeDriftEngine;pub use runtime_drift::RuntimeDriftReport;pub use runtime_drift::RuntimeDriftSeverity;pub use runtime_integrity::RuntimeIntegrityEvidence;pub use secure_boot::SecureBootEvidence;pub use secure_boot::SecureBootState;pub use timeline_reconciliation::TimelineConflict;pub use timeline_reconciliation::TimelineConflictType;pub use timeline_reconciliation::TimelineReconciler;pub use timeline_reconciliation::TimelineReconciliationReport;pub use tpm_verify::TpmQuoteVerifier;pub use tpm_verify::TpmVerifyError;pub use transparency_log::TransparencyEvent;pub use trust_domains::TrustDomain;pub use trust_domains::TrustEvaluation;pub use trust_domains::VerificationDecisionReason;pub use verifier_federation::FederationError;pub use verifier_federation::QuorumPolicy;pub use verifier_federation::VerifierFederation;pub use verifier_identity::CertificateError;pub use verifier_identity::IdentityError;pub use verifier_identity::VerifierCapability;pub use verifier_identity::VerifierCertificate;pub use verifier_identity::VerifierIdentity;pub use verifier_timeline::AttestationEvent;pub use verifier_timeline::AttestationTimeline;pub use verifier_timeline::TimelineValidationError;pub use verifier_transparency::TransparencyLogError;pub use verifier_transparency::VerifierEventType;pub use verifier_transparency::VerifierTransparencyEvent;pub use verifier_transparency::VerifierTransparencyLog;pub use workload_integrity::WorkloadIdentity;pub use workload_integrity::WorkloadIntegrityEvidence;
Modules§
- adaptive_
sync - attested_
node_ report - Attested Node Report
- audit_
trace - Append-only audit lineage for deterministic reconstruction.
- backend
- Hardware backend trait and type definitions.
- baseline
- PCR Baseline Management
- bitcoin_
node_ identity - Sovereign Bitcoin Node Identity
- bitcoin_
node_ timeline - Bitcoin Node Event Timeline
- bitcoin_
policy_ profiles - Deterministic Bitcoin Node Policy Profiles
- bitcoin_
runtime_ monitor - Bitcoin Runtime Monitor
- bitcoin_
workload_ integrity - Bitcoin Workload Integrity
- boot_
chain - Boot Chain Evidence
- byzantine_
quorum - Byzantine Quorum Semantics
- canonicalization
- checkpointing
- Rolling Integrity Checkpoints
- consistency_
checker - Full-system consistency validation pass.
- continuous_
attestation - Continuous Attestation Sessions
- counter
- Hardware monotonic counter evidence.
- cross_
federation - Cross-Federation Reconciliation
- delta_
attestation - Delta Attestation Serialization & Hash Chaining
- deployment_
reference - Sovereign Deployment Reference Modeling
- deterministic_
replay - digest
- Typed digest model — eliminates algorithm ambiguity in measurements.
- disaster_
recovery - distributed_
consensus - Distributed Consensus Engine
- drift
- Drift Detection Engine
- eclipse_
resistance - ek_
framework - Endorsement Key (EK) validation framework.
- epoch_
key_ binding - Epoch Key Binding
- equivocation
- Anti-Equivocation Detection
- federation_
liveness - federation_
migration - federation_
snapshot - federation_
sync - Signed Federation Synchronization
- federation_
time - Hybrid Logical Clocks and Federation Time Semantics
- federation_
topology - Topology-Aware Federation Semantics
- federation_
transport - Verifier Federation Synchronization Messaging
- gossip_
protocol - governance
- Federated Governance Model
- governance_
continuity - Governance Continuity Tracking
- hashing
- ima_
integration - Linux IMA/Appraisal Integration
- invariants
- Global system invariants and Byzantine assumptions.
- network_
governance - node_
attestation_ session - Node Attestation Session Lifecycle
- partition_
detection - partition_
healing - pcr
- PCR semantic specification — canonical slot meanings and typed measurements.
- peer_
reputation - platform_
profiles - Platform Profiles
- policy
- policy_
federation - Federated Policy Epoch Management
- pq_
transport - Post-Quantum Federation Transport
- profiles
- Predefined Platform Profiles
- quorum_
reformation - recovery_
governance - recovery_
lineage - reputation
- Verifier Reputation Tracking (AUDIT ONLY)
- retention_
governance - Governed Retention Semantics
- retention_
policy - Bounded Verifier Retention Semantics
- runtime_
attestation - Runtime Attestation Evidence
- runtime_
drift - Runtime Drift Analysis
- runtime_
integrity - Runtime Integrity Evidence
- runtime_
stream - Incremental Runtime Integrity Streaming
- secure_
boot - Secure Boot Policy Semantics
- snapshot_
sync - state_
reconstruction - stream_
reconciliation - Cross-Verifier Stream Reconciliation
- temporal_
ambiguity - Temporal Ambiguity Evidence
- timeline_
compaction - Timeline Compaction Semantics
- timeline_
reconciliation - Cross-Verifier Timeline Reconciliation
- tpm_
structures - Strongly typed TPM 2.0 structure parsing.
- tpm_
verify - Cryptographically sound TPM 2.0 quote verification.
- transparency_
log - Transparency Log
- trust_
domains - Trust Domains Modeling
- verifier_
federation - Verifier Federation Model
- verifier_
identity - Verifier Identity Model
- verifier_
orchestrator - Distributed Verifier Orchestrator
- verifier_
rejoin - verifier_
revocation - Verifier Revocation Semantics
- verifier_
timeline - Verifier Timeline state tracking
- verifier_
transparency - Verifier Transparency Accountability Log
- workload_
integrity - Workload Integrity Abstractions