{"id":28690758,"url":"https://github.com/enarx/steward","last_synced_at":"2025-06-14T06:07:27.033Z","repository":{"id":37580570,"uuid":"452069992","full_name":"enarx/steward","owner":"enarx","description":"A Confidential Computing-Aware Certificate Authority","archived":false,"fork":false,"pushed_at":"2025-03-11T22:49:44.000Z","size":577,"stargazers_count":10,"open_issues_count":26,"forks_count":10,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-11T23:29:54.683Z","etag":null,"topics":["confidential-computing","remote-attestation"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enarx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-25T22:58:51.000Z","updated_at":"2025-03-11T22:49:47.000Z","dependencies_parsed_at":"2024-03-13T03:24:29.765Z","dependency_job_id":"1845d878-66b3-434e-9d93-1e38c6dde713","html_url":"https://github.com/enarx/steward","commit_stats":null,"previous_names":["profianinc/steward"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/enarx/steward","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enarx%2Fsteward","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enarx%2Fsteward/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enarx%2Fsteward/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enarx%2Fsteward/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enarx","download_url":"https://codeload.github.com/enarx/steward/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enarx%2Fsteward/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259768620,"owners_count":22908231,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["confidential-computing","remote-attestation"],"created_at":"2025-06-14T06:07:23.400Z","updated_at":"2025-06-14T06:07:27.016Z","avatar_url":"https://github.com/enarx.png","language":"Rust","funding_links":[],"categories":["Code Repositories"],"sub_categories":["Rust"],"readme":"# steward\n\n\n## Overview\n\nSteward is a critical element of the Confidential Computing infrastructure.\nThe promise of Confidential Computing is fully utilized when the workload\nruntime (Enarx WebAssembly) deployed into a Trusted Execution Environment\n(TEE) is assessed and verified for correctness before an actual workload\nis released into a TEE from the registry (Drawbridge). An external\n**attestation service** must perform evidence verification and assessment\nof the hardware's trustworthiness.\n\n**Steward implements such attestation service in a modular, pluggable\nand scalable way.**\n\n**Modular:** The architecture of the Trusted Execution Environments\nsignificantly differs between hardware vendors. As a result, the content\nand structure of the evidence information are vendor-specific. The Steward\nemploys modular design to process specific types of evidence in different\nbackends.\n\n**Pluggable:** Steward employs a pluggable and extensible architecture\nto allow the addition of new evidence information to the evidence payload\nas well as the support of new hardware architectures.\n\n**Scalable:** Steward service is stateless. It receives a request with\nall the information from the client and makes an assessment. As a result,\nit is very lightweight and can be scaled up and down in response to\nthe request load.\n\nAttesting the hardware and workload runtime is only one part of\nthe Steward's responsibility. The other is the translation of the vendor\nand use-case-specific attestation evidence into a format that standard\nservices and interfaces on the Internet can trust. Such a standard is PKI,\nso Steward acts as a Certificate Authority that assesses the attestation\nevidence and issues a certificate based on this evidence. The certificate\nis returned to the workload and used by it to participate in\nthe authenticated data exchanges with other services over the encrypted\nconnections.\n\n## Design Materials\n\n- [Attestation Concept](https://hackmd.io/@enarx/r1Yg2kb_s)\n- [Attestation Flow](https://hackmd.io/@enarx/SySK2_tHo)\n- [Full Provisioning Flow](https://hackmd.io/@enarx/rJ55urrvo)\n\n## Licensing\n\nSteward is released under the Apache-2.0 license.\n\nLicense: Apache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenarx%2Fsteward","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenarx%2Fsteward","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenarx%2Fsteward/lists"}