CSR-ATTESTATION-WITH-DICE-CMW.asn

CsrAttestationDiceExample DEFINITIONS IMPLICIT TAGS ::= BEGIN

IMPORTS 

tcg-dice-conceptual-message-wrapper FROM TcgDiceAttestation
DiceConceptualMessageWrapper FROM TcgDiceAttestation
tcg-dice-TcbInfo FROM TcgDiceAttestation
DiceTcbInfo FROM TcgDiceAttestation
EvidenceStatementSet FROM CsrAttestation
;

tcgDiceCmwEvidenceStatementES EVIDENCE-STATEMENT ::= { 
  DiceConceptualMessageWrapper IDENTIFIED BY tcg-dice-conceptual-message-wrapper }

tcgDiceTcbInfoEvidenceStatementES EVIDENCE-STATEMENT ::= {
  DiceTcbInfo IDENTIFIED BY tcg-dice-TcbInfo }
-- where ConceptualMessageWrapper, tcg-dice-conceptual-message-wrapper, DiceTcbInfo, and tcg-dice-TcbInfo
-- are defined in DICE-Attestation-Architecture-Version-1.1-Revision-18_6Jan2024.pdf

EvidenceStatementSet EVIDENCE-STATEMENT ::= {
  tcgDiceEvidenceStatementES, 
  tcgDiceTcbInfoEvidenceStatementES 
  ...
}
END

TcgDiceAttestation DEFINITIONS AUTOMATIC TAGS ::= BEGIN

EXPORTS ALL;

tcg OBJECT IDENTIFIER ::= { 2 23 133 }
tcg-dice OBJECT IDENTIFIER ::= { tcg platformClass(5) dice(4) }
tcg-dice-TcbInfo OBJECT IDENTIFIER ::= { tcg-dice tcbinfo(1) }
tcg-dice-endorsement-manifest-uri OBJECT IDENTIFIER ::= { tcg-dice manifest-uri(3) }
tcg-dice-Ueid OBJECT IDENTIFIER ::= { tcg-dice ueid(4) }
tcg-dice-MultiTcbInfo OBJECT IDENTIFIER ::= {tcg-dice multitcbinfo(5) }
tcg-dice-UCCS-evidence OBJECT IDENTIFIER ::= {tcg-dice uccs-evidence(6) }
tcg-dice-manifest-evidence OBJECT IDENTIFIER ::= {tcg-dice manifest-evidience(7) }
tcg-dice-MultiTcbInfoComp OBJECT IDENTIFIER ::= {tcg-dice multitcbinfocomp(8) }
tcg-dice-conceptual-message-wrapper OBJECT IDENTIFIER ::= { tcg-dice cmw(9) }
tcg-dice-TcbFreshness OBJECT IDENTIFIER ::= { tcg-dice tcb-freshness(11) }

DiceConceptualMessageWrapper ::= SEQUENCE {
  cmw OCTET STRING
}

DiceTcbInfo ::= SEQUENCE {
  vendor [0] IMPLICIT UTF8String OPTIONAL,
  model [1] IMPLICIT UTF8String OPTIONAL,
  version [2] IMPLICIT UTF8String OPTIONAL,
  svn [3] IMPLICIT INTEGER OPTIONAL,
  layer [4] IMPLICIT INTEGER OPTIONAL,
  index [5] IMPLICIT INTEGER OPTIONAL,
  fwids [6] IMPLICIT FWIDLIST OPTIONAL,
  flags [7] IMPLICIT OperationalFlags OPTIONAL,
  vendorInfo [8] IMPLICIT OCTET STRING OPTIONAL,
  type [9] IMPLICIT OCTET STRING OPTIONAL,
  flagsMask [10]IMPLICIT OperationalFlagsMask OPTIONAL,
  integrityRegisters [11] IMPLICIT IrList OPTIONAL
}

FWIDLIST ::= SEQUENCE SIZE (1..MAX) OF FWID
  FWID ::= SEQUENCE {
  hashAlg OBJECT IDENTIFIER,
  digest OCTET STRING
}

OperationalFlags ::= BIT STRING {
  notConfigured (0),
  notSecure (1),
  recovery (2),
  debug (3),
  notReplayProtected (4),
  notIntegrityProtected (5),
  notRuntimeMeasured (6),
  notImmutable (7),
  notTcb (8),
  fixedWidth (31)
}

OperationalFlagsMask ::= BIT STRING {
  notConfigured (0),
  notSecure (1),
  recovery (2),
  debug (3),
  notReplayProtected (4),
  notIntegrityProtected (5),
  notRuntimeMeasured (6),
  notImmutable (7),
  notTcb (8),
  fixedWidth (31)
}

IrList ::= SEQUENCE SIZE (1..MAX) OF IntegrityRegister

IntegrityRegister ::= SEQUENCE {
  registerName IA5String OPTIONAL,
  registerNum INTEGER OPTIONAL,
  hashAlg OBJECT IDENTIFIER,
  digest OCTET STRING
}

EndorsementManifestURI ::= SEQUENCE {
  emUri UTF8String
}

TcgUeid ::= SEQUENCE {
  ueid OCTET STRING
}

DiceTcbInfoSeq ::= SEQUENCE SIZE (1..MAX) OF DiceTcbInfo

DiceTcbInfoComp ::= SEQUENCE SIZE (1..MAX) OF TcbInfoComp

TcbInfoComp ::= SEQUENCE {
  commonFields [0] IMPLICIT DiceTcbInfo,
  evidenceValues [1] IMPLICIT DiceTcbInfoSeq
}

UccsEvidence ::= SEQUENCE {
  uccs OCTET STRING
} 

Manifest ::= SEQUENCE {
  format ManifestFormat,
  manifest OCTET STRING
}

ManifestFormat ::= ENUMERATED {
  swid-xml    (0),
  coswid-cbor (1),
  coswid-json (2),
  tagged-cbor (3)
}

DiceTcbFreshness ::= SEQUENCE {
  nonce OCTET STRING
}
END