TCG Reference Integrity Manifest (RIM) Information Model
This specification defines Reference Integrity Manifest (RIM) structures that a Verifier uses to validate expected values (Assertions) against actual values (Evidence). This RIM Information Model defines an abstract structure for assembling reference measurements (Assertions) that manufacturers and other supply chain entities assert as expected values.
A RIM information model has several characteristics. It:
- Identifies the creator (issuer) of the RIM instance.
- Identifies the supply chain entity that produces reference values.
- Contains reference measurements for installable software / firmware.
- Contains reference measurements for embedded firmware.
- Identifies the component, device or environment.
- Contains its own integrity protection capability (e.g., digital signature verification).
- Places constraints on RIM binding specifications that help ensure semantic interoperability and promote good security practices.
RIM binding specifications define a realization of RIM information model expressions. RIM binding specifications define formats, protocols, storage, and delivery methods used to instantiate and convey reference information to a Verifier. RIM binding may instantiate, store, and retrieve RIM data on an Attester’s platform.
RIM Binding Specification(s) include: