Policies, Identities, and Workloads
Learn more about policies, identities, and workloads.
Last updated
Was this helpful?
Learn more about policies, identities, and workloads.
Last updated
Was this helpful?
A Workload is the specific software you want to check, and you need to ensure it's running on a computer precisely as intended and is free from unauthorized changes.
The Policy is like a checklist you create beforehand for this type of program. It lists all the things you expect to be true about the program and the computer it's running on for it to be considered safe and trustworthy. It consists of Identities, and Rules.
Identities: The checklist covers different aspects, or "identities," of the setup. This could include checks about:
The physical computer or Platform
The basic software that starts the computer or Firmware
The specific program or Workload
Any extra details about the environment or Metadata
For more information about how you can create, list, sort, and delete identities using vHSM CLI, see .
Rules: Inside the policy or the the checklist, there are specific rules for each identity. For example, a rule that reads: "The startup software must be version X," or "The program's code must match this exact fingerprint." For more information about how you can create or update a policy using vHSM CLI, see . After the program starts up or runs, it generates a kind of "report card" about itself and its environment. This is the "Attestation Report."
The vHSM API takes that report card and compares it against the specific checklist or the policy you created for that program.
A policy is simply the set of rules or the checklist that defines what a trustworthy configuration looks like for a particular Workload you're interested in. The system then uses this policy to verify if the program's Attestation report meets all the requirements.