Skip to content

Proposing new RTMR1 Signer-Anchor Measurement #916

Description

@haitaohuang

This proposal changes what MigTD measures into RTMR1. Today RTMR1 extends over the raw bytes of the policy/identity issuer certificate chain. This makes RTMR1 far more sensitive than the runtime trust model:  validate_peer_cert_chain  only requires a matching root CA (DER) and leaf Subject — not the leaf key or exact chain bytes.

This mismatch causes three problems: (1) routine leaf-key rotation churns RTMR1, forcing a new build and endorsement for a runtime no-op; (2) regional leaf certificates fragment RTMR1 into one value per region despite an identical trust anchor; (3) CoRIM-based Azure (MAA) attestation embeds the chain via  x5chain , so hashing the chain into RTMR1 duplicates it as a second source of truth.

Proposed fix: extend RTMR1 over a stable signer anchor  A = H("MIGTD-RTMR1-ANCHOR-V1" || R || S) , where  R = H(DER(root))  and  S = H(DER(leaf subject)) . The CFV still ships the full chain (unchanged); only the hashed input changes.

Benefits: no rotation churn, region-independent measurement, no CoRIM duplication, and RTMR1 sensitivity that exactly matches the runtime trust model. Root-CA changes remain visible. Scope: RTMR1 only.

This is a follow-up on #908 and the full proposal is in the second commit of PR #910

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions