kbs: doc: update protocol spec with the latest functionality

KBS protocol version was bumped up to 0.1.1 so updating the spec accordingly. In addition, clarify the error handling of "request": also errors can happen, such as when the "request" version does not meet all the requirements. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Aug 1, 2024 · 1f214a9 · 1f214a9
1 parent 4bd3c34
commit 1f214a9
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/kbs/docs/kbs_attestation_protocol.md b/kbs/docs/kbs_attestation_protocol.md
@@ -70,8 +70,8 @@ The payload format of the request is as follows:
 
 ```json
 {
-    /* Attestation protocol version number used by KBC */
-    "version": "0.1.0",
+    /* KBS protocol version number used by KBC */
+    "version": "0.1.1",
     /*
      * Type of HW-TEE platforms where KBC is located,
      * e.g. "intel-tdx", "amd-sev-snp", etc.
@@ -286,6 +286,10 @@ The authentication service is provided by the KBS through two endpoints:
    the attester and its attestation results with that cookie.
    2. An attestation challenge for the attester to take. This is the content of
    the response, set to a [KBS Challenge](#challenge) JSON payload.
+   3. In case of an error (such as if the KBS rejects the [KBS Request](#request) based
+   on `version` compatibility), an HTTP response with a 401 (`Unauthorized`) status code
+   together with ErrorInformation JSON payload.
+
 2. `/kbs/v0/attest` only accepts `POST` requests whose body is a [KBS Attestation](#attestation)
    JSON payload and the header contains a `Cookie` set to the value received in
    step 1.i. This is how the attester replies to attestation challenge received