Create Identity
Identities in this system are versioned by their creation timestamp. For verification purposes, the most recently created identity for a given name is always used. This design allows you to easily update an identity when it becomes outdated without needing to change your policy or the attestation configuration itself. For more information about reading, deleting, or updating identities, see vHSM nitride CLI .
Create a new identity named test-local of the type firmware :
test-local of the type firmware :Example: Create a file named firmware.json with these content:
{
"type": "firmware",
"name": "test-local",
"values": {
"measurement": "eb5c02d3ba319e65218994fc47925cf8a5e9a433081c44d4d989434f15a7c6d715d302401b3147da04e49abc99e50aea"
}
}Description of values field content by Identity type:
The content you put in the values field within the request body depends on the type of the identity you are creating or updating.
platform
It would typically contain platform-specific attestation data.
firmware
Used for firmware-level identities.
- measurement: The OVMF/UEFI measurement (e.g., a SHA256 hash). For more information, see Get Firmware Measurement.
- firmware: The firmware version of the platform. Supports semantic versioning constraints like >= 1.55.22.
- root_of_trust: The certificate chain used in the verification process.
workload
Used for workload-level identities.
- hash: A human-readable name of the hash function used (e.g., "sha256").
- pcrs: A dictionary mapping integer PCR (Platform Configuration Register) indices to their encoded PCR values (strings).
metadata
More details about the identity.
Register the identity
Example:
Output
Possible Error Response:
If there is an issue with the request body, such as unknown identity type, you might receive an error:
Last updated
Was this helpful?