1description: >
2    Implement to represent component integrity information acquired from a
3    secure authentication or measurement of the protected components. A trusted
4    component (e.g., iRoT or TPM) is typically involved to provide the info
5    using a security protocol (e.g., SPDM).
6
7properties:
8    - name: Enabled
9      type: boolean
10      default: false
11      description: >
12          An indication of whether security protocols are enabled for the
13          component.
14
15    - name: Type
16      type: enum[self.SecurityTechnologyType]
17      default: Unknown
18      flags:
19          - readonly
20      description: >
21          The type of security technology for the component.
22
23    - name: TypeVersion
24      type: string
25      flags:
26          - readonly
27      description: >
28          The version of the security technology. Human readable format, e.g.
29          "1.1" for SPDM.
30
31    - name: LastUpdated
32      type: uint64
33      flags:
34          - readonly
35      description: >
36          The date and time when information for the component was last updated.
37          Firmware update, device certificate change or other device state
38          change that leads to component integrity change should update this
39          date. It is represented in milliseconds since the UNIX epoch.
40
41associations:
42    - name: authenticating
43      description: >
44          Objects that implement ComponentIntegrity can implement the
45          "authenticating" association to provide a link to the target component
46          whose integrity this resource authenticates.
47      reverse_name: authenticated_by
48      required_endpoint_interfaces:
49          - xyz.openbmc_project.Inventory.Item
50    - name: reporting
51      description: >
52          Objects that implement ComponentIntegrity can implement the
53          "reporting" association to provide a link to the target trusted
54          component whose integrity this resource reports.
55      reverse_name: reported_by
56      required_endpoint_interfaces:
57          - xyz.openbmc_project.Inventory.Item.TrustedComponent
58
59enumerations:
60    - name: SecurityTechnologyType
61      description: >
62          The security technology used for the component.
63      values:
64          - name: OEM
65            description: >
66                OEM-specific. If it is neither SPDM nor TPM, tag it OEM.
67          - name: SPDM
68            description: >
69                Security Protocol and Data Model (SPDM) protocol.
70          - name: TPM
71            description: >
72                Trusted Platform Module (TPM).
73          - name: Unknown
74            description: >
75                Security technology not known yet.
76