Annotations
Learn more about annotations for Attestation Reporting.
Introduction
Annotation is a way to associate a human-readable description or value with a specific technical attestation key. It is like adding a comment or a sticky note to a piece of data in the attestation report to make it understandable to a person. It helps turn raw, technical attestation data into something more informative and actionable for administrators or users.
In other words, an attestation report contains lots of technical, sometime cryptographically obfuscated information about the platform security processor and workload being verified. Some of these data points might be obscure codes, hashes, or measurements that aren't immediately meaningful to a human.
What are Annotations?
An annotation allows you to look at one of these technical keys and associate with a value.
Example
Consider an attestation report including a particular measurement value, like a hash of the operating system's kernel
// Some technical value from the report
key: "sha256:abcdef123456..."
Without an annotation, you just have this string of characters, and you don't know what it represents. You could create an annotation that links this specific key to a meaningful value
Example
// Some annotated report
key: "sha256:abcdef123456..."
value: "Expected hash for Ubuntu 22.04 LTS kernel version 5.15.0-91"
Now, when you review the attestation and see that specific hash or key, you can look up its annotation and immediately understand that it corresponds to a verified version of the Ubuntu kernel or value.
Next Steps
For more information about creating annotation using vHSM CLI, see Annotations.
Last updated
Was this helpful?