Annotations

Annotation is a way to associate a human-readable description or value with a specific technical attestation key. It is like adding a comment or a sticky note to a piece of data in the attestation report to make it understandable to a person. It helps turn raw, technical attestation data into something more informative and actionable for administrators or users.

In other words, an attestation report contains lots of technical data points about the system and workload being verified. Some of these data points might be obscure codes, hashes, or measurements that aren't immediately meaningful to a human. An annotation allows you to look at one of these technical keys and associate with a value.

For example, if an attestation report includes a particular measurement value, like a hash of the operating system's kernel: key: "sha256:abcdef123456..." (a technical value from the report) Without an annotation, you just have this string of characters, and you don't know what it represents. You could create an annotation that links this specific key to a meaningful value: key: "sha256:abcdef123456..." value: "Expected hash for Ubuntu 22.04 LTS kernel version 5.15.0-91" Now, when you review the attestation and see that specific hash or key, you can look up its annotation and immediately understand that it corresponds to a verified version of the Ubuntu kernel or value.

For more information about creating annotation using vHSM CLI, see Annotations.