{"id":40819735,"url":"https://github.com/cc-api/evidence-api","last_synced_at":"2026-01-21T21:46:49.379Z","repository":{"id":211044156,"uuid":"727036828","full_name":"cc-api/evidence-api","owner":"cc-api","description":"Unified API to Access TCG Compliant measurement, event log, quote in Confidential Computing Environment.","archived":false,"fork":false,"pushed_at":"2024-11-06T21:29:44.000Z","size":2800,"stargazers_count":39,"open_issues_count":6,"forks_count":21,"subscribers_count":14,"default_branch":"main","last_synced_at":"2026-01-15T00:59:28.374Z","etag":null,"topics":["confidential-computing","trusted-computing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cc-api.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-04T03:40:01.000Z","updated_at":"2025-12-17T08:53:12.000Z","dependencies_parsed_at":"2024-01-29T09:43:10.371Z","dependency_job_id":"f350d706-48c4-48d7-b89d-515a9913f0aa","html_url":"https://github.com/cc-api/evidence-api","commit_stats":null,"previous_names":["cc-api/cc-trusted-api","cc-api/evidence-api"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/cc-api/evidence-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cc-api%2Fevidence-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cc-api%2Fevidence-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cc-api%2Fevidence-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cc-api%2Fevidence-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cc-api","download_url":"https://codeload.github.com/cc-api/evidence-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cc-api%2Fevidence-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28644149,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T21:29:11.980Z","status":"ssl_error","status_checked_at":"2026-01-21T21:24:31.872Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["confidential-computing","trusted-computing"],"created_at":"2026-01-21T21:46:48.611Z","updated_at":"2026-01-21T21:46:49.374Z","avatar_url":"https://github.com/cc-api.png","language":"Python","readme":"[![Python Code Scan](https://github.com/cc-api/evidence-api/actions/workflows/pylint.yaml/badge.svg)](https://github.com/cc-api/evidence-api/actions/workflows/pylint.yaml)\n[![Document Scan](https://github.com/cc-api/evidence-api/actions/workflows/doclint.yaml/badge.svg)](https://github.com/cc-api/evidence-api/actions/workflows/doclint.yaml)\n[![Python License Check](https://github.com/cc-api/evidence-api/actions/workflows/pylicense.yaml/badge.svg)](https://github.com/cc-api/evidence-api/actions/workflows/pylicense.yaml)\n[![VMSDK Python Test](https://github.com/cc-api/evidence-api/actions/workflows/vmsdk-test-python.yaml/badge.svg)](https://github.com/cc-api/evidence-api/actions/workflows/vmsdk-test-python.yaml)\n\n# Evidence API\n\nEvidence API helps the diverse applications to access and process the trust states\nwhich was represented by integrity measurement, event record, report/quote in the confidential\ncomputing environment. Find more details in the [wiki](https://github.com/cc-api/evidence-api/wiki).\n\n![](docs/evidence-api-overview.png)\n\n\n## APIs\n\nEvidence APIs aims to collect confidential evidence (i.e., measurement, event log, quote) for zero-trust design, supporting multiple deployment environments (firmware/VM/cloud native cluster).\nThe [APIs](common/python/evidence_api/api.py) are designed to be vendor agnostic and TCG compliant APIs. The APIs will keep evolving on demand. \n\n| API | Description  | Parameters  | Response  |\n| --- | ------------- |----- |----- |\n| get_default_algorithms | Get the default Digest algorithms supported by trusted foundation. | | A `TcgAlgorithmRegistry` object telling the default algorithms |\n| get_measurement_count | Get the count of measurement register. | | An integer telling the count of measurement registers |\n| get_cc_measurement | Get measurement register according to given selected index and algorithms. | imr_select ([int, int]): The first is index of measurement register, the second is the algorithms ID | An integer telling the count of measurement registers |\n| get_cc_report | Get the quote for given nonce and data. | nonce: a number used to protect private communications by preventing replay attacks\u003cbr\u003e data: the data specified by user\u003cbr\u003e extraArgs: the placeholder for extra arguments required in vTPM or other TEE cases  | A `CcReport` (i.e. quote) object |\n| get_cc_eventlog | Get eventlog for given index and count. | start: the index of the event log to start fetching\u003cbr\u003e count: the number of event logs to fetch | A `TcgEventLog` object |\n| replay_cc_eventlog | Replay event logs fetched through `get_cc_eventlog` api. | event_logs: a list of event logs fetched using `get_cc_eventlog` api | A dict listing the replay result containing information including IMR index number, algorithm using and replayed measurement |\n\n## SDKs\n\nIt provides different SDKs for producing the confidential primitives in different deployment environments.\nChoose correct SDK according to your environment. Installation guide can be found at the readme of each implementation.\n\n| SDK | Deployment Scenarios | Installation Guide |\n| --- | --------------- | -- |\n| Firmware SDK | Firmware Application | |\n| [VM SDK](https://github.com/cc-api/cc-trusted-vmsdk) | Confidential Virtual Machine | [Guide](https://github.com/cc-api/cc-trusted-vmsdk/blob/main/README.md) |\n| [Container Integrity Measurement Agent (CIMA)](https://github.com/cc-api/container-integrity-measurement-agent) | Confidential Cluster/Container | [Guide](https://github.com/cc-api/confidential-cloud-native-primitives/blob/main/deployment/README.md) |\n\n## How to use the APIs\n\nThis section contains the brief samples of APIs. You can find more examples at [API usage example](docs/API-usage-example.md).\n\n### An example of `get_cc_measurement` API\n\nBelow example code collects measurements from all integrity registers of the platform using API `get_measurement_count`, `get_default_algorithms` and `get_cc_measurement` using `VMSDK` in python.\n\n```\nfrom cctrusted import CCTrustedVmSdk\n\n# Get total count of measurement registers, Intel® TDX is 4, vTPM is 24\ncount = CCTrustedVmSdk.inst().get_measurement_count()\nfor index in range(CCTrustedVmSdk.inst().get_measurement_count()):\n    # Get default digest algorithms, Intel® TDX is SHA384, vTPM is SHA256\n    alg = CCTrustedVmSdk.inst().get_default_algorithms()\n    # Get digest object for given index and given algorithms\n    digest_obj = CCTrustedVmSdk.inst().get_cc_measurement([index, alg.alg_id])\n\n    hash_str = \"\"\n    for hash_item in digest_obj.hash:\n        hash_str += \"\".join([f\"{hash_item:02x}\", \" \"])\n\n    LOG.info(\"Algorithms: %s\", str(alg))\n    LOG.info(\"HASH: %s\", hash_str)\n```\n\nRun [cc_imr_cli.py](https://github.com/cc-api/cc-trusted-vmsdk/blob/main/src/python/cc_imr_cli.py) to execute the sample.\n\n```\n$ git clone https://github.com/cc-api/cc-trusted-vmsdk.git\n$ cd cc-trusted-vmsdk\n$ sudo su\n# source setupenv.sh\n# cd src/python\n# python3 cc_imr_cli.py\n```\n\nBelow is the example output for `get_cc_measurement` API on Intel® TDX via VM SDK:\n```\ncctrusted.cvm DEBUG    Successful open device node /dev/tdx_guest\ncctrusted.cvm DEBUG    Successful read TDREPORT from /dev/tdx_guest.\ncctrusted.cvm DEBUG    Successful parse TDREPORT.\ncctrusted.cvm INFO     ======================================\ncctrusted.cvm INFO     CVM type = TDX\ncctrusted.cvm INFO     CVM version = 1.5\ncctrusted.cvm INFO     ======================================\n__main__ INFO     Algorithms: TPM_ALG_SHA384\n__main__ INFO     HASH: c1 57 27 ca c1 f5 7d 0e 91 10 6d a1 80 b3 ea ba 72 11 66 61 e1 7b a0 55 37 73 84 3a 9b 07 2e cf a3 8c c8 03 df b5 5e 0f 87 ec 23 67 80 ad b3 a6\ncctrusted.cvm INFO     ======================================\ncctrusted.cvm INFO     CVM type = TDX\ncctrusted.cvm INFO     CVM version = 1.5\ncctrusted.cvm INFO     ======================================\n__main__ INFO     Algorithms: TPM_ALG_SHA384\n__main__ INFO     HASH: ee 35 46 2b 47 53 58 1b 4c 5a 53 8d c1 92 51 89 ba 9d 21 f5 19 7b 6b 15 ce 10 a6 00 fb d3 12 e0 e3 5c 2b 87 01 fc b2 17 51 82 43 3c 9b 12 b9 dc\ncctrusted.cvm INFO     ======================================\ncctrusted.cvm INFO     CVM type = TDX\ncctrusted.cvm INFO     CVM version = 1.5\ncctrusted.cvm INFO     ======================================\n__main__ INFO     Algorithms: TPM_ALG_SHA384\n__main__ INFO     HASH: 9a c0 ba 4e db 45 03 08 9a a4 a9 2a fe 97 cb 15 94 18 2f 44 aa e0 e5 8d 6f 90 a2 22 9c f9 a4 22 86 5d 87 35 d6 0b 87 3d 6b ec 36 41 d8 96 68 00\ncctrusted.cvm INFO     ======================================\ncctrusted.cvm INFO     CVM type = TDX\ncctrusted.cvm INFO     CVM version = 1.5\ncctrusted.cvm INFO     ======================================\n__main__ INFO     Algorithms: TPM_ALG_SHA384\n__main__ INFO     HASH: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\n```\n\n### An example of `get_cc_report` API\n\nBelow example code collect the CcReport (i.e. quote) on the platform using `get_cc_report` API using `VMSDK` implemented by python.\n\n```\nfrom cctrusted import CCTrustedVmSdk\n\n# Specify the `nonce`, `data` and `extraArgs` as None in the example\nquote = CCTrustedVmSdk.inst().get_cc_report(None, None, None)\nif quote is not None:\n    # Dump CcReport (i.e. quote) object as raw data\n    quote.dump(is_raw=True)\n```\n\nRun [cc_quote_cli.py](https://github.com/cc-api/cc-trusted-vmsdk/blob/main/src/python/cc_quote_cli.py) to execute the sample.\n\n```\n$ git clone https://github.com/cc-api/cc-trusted-vmsdk.git\n$ cd cc-trusted-vmsdk\n$ sudo su\n# source setupenv.sh\n# cd src/python\n# python3 cc_quote_cli.py\n```\n\nBelow is the example output for `get_cc_report` API on Intel® TDX via VM SDK:\n\n```\nroot@tdx-guest:/home/tdx/cc-trusted-vmsdk/src/python# python3 ./cc_quote_cli.py\ncctrusted.cvm DEBUG    Successful open device node /dev/tdx_guest\ncctrusted.cvm DEBUG    Successful read TDREPORT from /dev/tdx_guest.\ncctrusted.cvm DEBUG    Successful parse TDREPORT.\ncctrusted.cvm INFO     Using report data directly to generate quote\ncctrusted.cvm DEBUG    Successful open device node /dev/tdx_guest\ncctrusted.cvm DEBUG    Successful get Quote from /dev/tdx_guest.\nevidence_api.tdx.quote INFO     ======================================\nevidence_api.tdx.quote INFO     TD Quote\nevidence_api.tdx.quote INFO     ======================================\nevidence_api.tdx.quote INFO     TD Quote Header:\nevidence_api.binaryblob INFO     00000000  04 00 02 00 81 00 00 00 00 00 00 00 93 9A 72 33  ..............r3\nevidence_api.binaryblob INFO     00000010  F7 9C 4C A9 94 0A 0D B3 95 7F 06 07 C6 0E 85 25  ..L............%\nevidence_api.binaryblob INFO     00000020  C8 09 3C 0E A0 64 EF F1 29 6B 85 83 00 00 00 00  ..\u003c..d..)k......\nevidence_api.tdx.quote INFO     TD Quote Body:\nevidence_api.binaryblob INFO     00000000  04 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nevidence_api.binaryblob INFO     00000010  97 90 D8 9A 10 21 0E C6 96 8A 77 3C EE 2C A0 5B  .....!....w\u003c.,.[\nevidence_api.binaryblob INFO     00000020  5A A9 73 09 F3 67 27 A9 68 52 7B E4 60 6F C1 9E  Z.s..g'.hR{.`o..\n...\nevidence_api.binaryblob INFO     00000230  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\nevidence_api.binaryblob INFO     00000240  00 00 00 00 00 00 00 00                          ........\nevidence_api.tdx.quote INFO     TD Quote Signature:\nevidence_api.binaryblob INFO     00000000  16 1F E4 F6 8C 05 D4 8F E2 EB EB C8 32 1A CE 6C  ............2..l\nevidence_api.binaryblob INFO     00000010  90 2A B5 EA 74 F5 4C 4D A2 6A 30 AC 5C A5 13 84  .*..t.LM.j0.\\...\nevidence_api.binaryblob INFO     00000020  3D CB A2 31 20 43 8C 38 63 3D EE D1 7F B4 9F B5  =..1 C.8c=......\n...\nevidence_api.binaryblob INFO     000010D0  44 20 43 45 52 54 49 46 49 43 41 54 45 2D 2D 2D  D CERTIFICATE---\nevidence_api.binaryblob INFO     000010E0  2D 2D 0A 00                                      --..\n```\n\n### An example of `get_cc_eventlog` API\n\nBelow example code collects all boot time event logs on the platform using API `get_cc_eventlog` implemented in `VMSDK` in python. Sample Event logs collected within container using `CCNP` API can be found [here](https://github.com/cc-api/confidential-cloud-native-primitives/blob/main/docs/sample-output-for-node-measurement-tool-full.txt).\n\n```\nfrom cctrusted import CCTrustedVmSdk\n\n# Specify the index of event log to start fetching(optional argument, default as 0)\nstart = 0\n# Specify the number of event logs to be fetched.(optional argument, default as total number of event logs available)\ncount = 5\n\nevent_logs = CCTrustedVmSdk.inst().get_cc_eventlog(start, count)\n    if event_logs is not None:\n        LOG.info(\"Total %d of event logs fetched.\", len(event_logs))\n        # Dump event as formatted\n        for event in event_logs:\n            event_logs.dump()\n```\n\nRun [cc_event_log_cli.py](https://github.com/cc-api/cc-trusted-vmsdk/blob/main/src/python/cc_event_log_cli.py) to execute the sample.\n\n```\n$ git clone https://github.com/cc-api/cc-trusted-vmsdk.git\n$ cd cc-trusted-vmsdk\n$ sudo su\n# source setupenv.sh\n# cd src/python\n# python3 cc_event_log_cli.py [-s \u003cstart_index_of_event_log\u003e] [-c \u003ccount_of_event_logs\u003e]\n```\n\nBelow is the description of the output of `get_cc_eventlog` API on Intel® TDX via VM SDK. Full event logs can be found in [API usage example](docs/API-usage-example.md).\n\n\u003cimg src=\"docs/vmsdk-event-log-desc-screenshot.png\" alt=\"vmsdk event log output description\" width=\"1100\"\u003e\n\n## 6. Contributors\n\n\u003c!-- spell-checker: disable --\u003e\n\n\u003c!-- readme: contributors -start --\u003e\n\u003ctable\u003e\n\u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/kenplusplus\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/31843217?v=4\" width=\"100;\" alt=\"kenplusplus\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eLu Ken\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/Ruoyu-y\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/70305231?v=4\" width=\"100;\" alt=\"Ruoyu-y\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eYing Ruoyu\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/intelzhongjie\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/56340883?v=4\" width=\"100;\" alt=\"intelzhongjie\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eShi Zhongjie\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/hairongchen\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/105473940?v=4\" width=\"100;\" alt=\"hairongchen\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eHairongchen\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/wenhuizhang\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/2313277?v=4\" width=\"100;\" alt=\"wenhuizhang\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eWenhui Zhang\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/ruomengh\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/90233733?v=4\" width=\"100;\" alt=\"ruomengh\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eRuomeng Hao\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/dongx1x\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/34326010?v=4\" width=\"100;\" alt=\"dongx1x\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eXiaocheng Dong\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/jyao1\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/12147155?v=4\" width=\"100;\" alt=\"jyao1\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eJiewen Yao\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/leyao-daily\"\u003e\n            \u003cimg src=\"https://avatars.githubusercontent.com/u/54387247?v=4\" width=\"100;\" alt=\"leyao-daily\"/\u003e\n            \u003cbr /\u003e\n            \u003csub\u003e\u003cb\u003eLe Yao\u003c/b\u003e\u003c/sub\u003e\n        \u003c/a\u003e\n    \u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\u003c!-- readme: contributors -end --\u003e\n\n\u003c!-- spell-checker: enable --\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcc-api%2Fevidence-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcc-api%2Fevidence-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcc-api%2Fevidence-api/lists"}