Attestation with Mbed OS

Hello,
for study purposed i got a LPC55S69 Board with Mbed OS installed and need to run attestation on it. My professor told me that this feature should be already availabel but until now i could not really find out wether there is anything available that fulfills my problem or not. I need to attest the whole memory region of the “normal wolrd”. I found that there is something called initial_attestation available in Mbed OS but could not find out there it is suitable or not oe even how to run it. So if anyone used these feature already and could tell me how it exactly works or if there is anything else around then i would be really thankful.

Thanks in advance,
Lukas

Hello Lukas,

The following info seems to be a bit off the topic (attest the whole memory region of the “normal wolrd”). But maybe it helps:

PSA initial attestation
PSA internal storage
What is the attestation API?

The Attestation API provides a way to obtain a health check token from the device, attesting of its components and serial numbers. This works with a challenge/response exchange with a trusted verifier on the cloud to guarantee the token is fresh and not replayed. The properties or claims like device identity, lifecycle and software state are packaged, signed, and transmitted in a standard PSA Entity Attestation Token (EAT) format. Users of this token can validate all internal components of a device to associate it with a trust level.

Best regards,

Zoltan

1 Like

Hello,

First of all thanks for your quick response and support. I read everything you linked there but still could not figure out how specify the claims for the call of psa_initial_attest_get_token and how this function and how this function really works. So if anyone used this feature already to calculate an attestation result i would be really thankful if you gave me some advice on how to use it.

Best regards,
Lukas