Tpm support by jlmucb · Pull Request #321 · ccc-certifier-framework/certifier-framework-for-confidential-computing

jlmucb · 2026-06-22T23:01:14Z

tpm support, bug fixes better shell fiels

paulengland

Approve to merge into main

jlmucb · 2026-06-24T22:53:29Z

This upgrade includes bug fixes (including security related ones), better instructions, better scripts, complex measurement support, further support for VM-scale protection (including a keyserver and utilities), some cloud platform support, and most importantly, the Certifier now has TPM support.

TPM support is important for a few reasons:
1. It greatly increases the number of possible platforms, both client and
server.
2. Cloud vendors, like Amazon, use CC to start foundation software but only
allow granular support for attestation, measurement and sealing through a
virtual TPM in the CC attested foundation. This is the only practical
way to get CC support on some vendors, and, it extends "real" CC
protection to a lot of cloud platforms.
3. If a program is "just" protected by the TPM, absent additional capability
in the HW (like Nitro or SEV), it does not provide all the CC guarentees
but it's a lot better than nothing and upgrading to "real" CC
with the Certifier is easy now.

jlmucb and others added 30 commits March 7, 2026 15:19

kdfa

cb753b1

updated kdf

4c91881

kdf

7a26c9b

tiny

1ac5cad

new kdfa

274526e

new kdfa

4a67dcd

kdfa

13e8fdf

kdfa

c8e2e8d

kdfa

0d21d6c

small fix

096e10f

seed size

6fc2f69

small fix

a0cf565

endian for AC

64f5883

small fix

8d6049d

more debug

eb85f52

debug

aaa5df5

more debug

755ab13

changed kdfa

d7e296e

small add

1d54328

trying another oaep encrypt

7bc831f

test for oaep

e691f70

changed oaep encrypt

20702db

paul test

060d6e9

kdfa

9f69818

kdfa test

aa97578

fixed kdfa

f7c0211

OAEP check

9610376

padding

2544a3e

Add oaep call doc for oaep

fe70c46

sha256 in pad

99fdc61

jlmucb and others added 25 commits June 10, 2026 11:46

Copyright notices

88b6f50

clean-files and more instructions for certifier_test

ac54991

added "just-compile"

2c34486

rm simulated for tpm

99a5a1b

seperate tpm and sev instructions

a2b9850

small fix to instructions

bf27ca4

changes for tpm simulator instructions ans scripts:

cb5b387

Portabiltiy fixes for vtpm manufacture and startup scripts (#317)

635975c

some fixes for the simulator scripts

28c0e91

fixed handle leak

c5de541

shell fix

4c9c272

small shell change

2a57a46

small shell add

5cbb1a5

close enclave

de919f1

dependencies

73275f5

more shell script changes

2a4944d

shell errors

9202e24

runs through simple_app

e2e6646

shells and makes

51b80bb

more make fixes

df87ead

more shell fixes

4686792

more shell fixes

cecbfaf

more shell scritps

f590e7f

more shell

9a2ae99

more shell fixes

38b1127

jlmucb assigned paulengland Jun 23, 2026

jlmucb requested a review from paulengland June 24, 2026 16:45

paulengland approved these changes Jun 24, 2026

View reviewed changes

jlmucb merged commit 6aeaca0 into main Jun 24, 2026
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Tpm support#321

Tpm support#321
jlmucb merged 423 commits into
mainfrom
tpm_support

jlmucb commented Jun 22, 2026

Uh oh!

paulengland left a comment

Uh oh!

Uh oh!

jlmucb commented Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

jlmucb commented Jun 22, 2026

Uh oh!

paulengland left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

jlmucb commented Jun 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants