Cisco-IOS-XE-boot-integrity-oper

Version: 2021-03-01
Cisco-IOS-XE-boot-integrity-oper@2021-03-01


  module Cisco-IOS-XE-boot-integrity-oper {

    yang-version 1;

    namespace
      "http://cisco.com/ns/yang/Cisco-IOS-XE-boot-integrity-oper";

    prefix boot-integrity-ios-xe-oper;

    import cisco-semver {
      prefix cisco-semver;
    }

    organization "Cisco Systems, Inc.";

    contact
      "Cisco Systems, Inc.
     Customer Service

     Postal: 170 W Tasman Drive
     San Jose, CA 95134

     Tel: +1 1800 553-NETS

     E-mail: cs-yang@cisco.com";

    description
      "This module contains a collection of YANG definitions
     for Cisco IOS XE boot integrity visibility.
     Copyright (c) 2017-2020 by Cisco Systems, Inc.
     All rights reserved.";

    revision "2021-03-01" {
      description
        "Restructured system integrity sub tree.";
      reference
        "2.0.0";

    }

    revision "2019-05-01" {
      description "Added semantic version";
      reference
        "1.2.0";

    }

    revision "2018-10-29" {
      description
        "Cleaned up spelling errors in descriptions.";
      reference
        "1.1.0";

    }

    revision "2018-01-31" {
      description "Initial revision";
      reference
        "1.0.0";

    }

    cisco-semver:module-version "2.0.0";
    cisco-semver:module-version "1.2.0";
    cisco-semver:module-version "1.1.0";
    cisco-semver:module-version "1.0.0";

    grouping register-group {
      description
        "Group to aggregate Register (PCR) index and content";
      leaf index {
        type uint8;
        description
          "References PCR Register Index";
      }

      leaf pcr-content {
        type string;
        description
          "References PCR Register Content";
      }
    }  // grouping register-group

    grouping package-integrity-group {
      description
        "Group to aggregate index, name and hash for a given
       package integrity group entry";
      leaf index {
        type uint8;
        description
          "Unique index assigned to each package integrity
         group entry. Assigned for uniqueness.";
      }

      leaf name {
        type string;
        description "Package Name";
      }

      leaf hash {
        type string;
        description "Package Hash";
      }
    }  // grouping package-integrity-group

    grouping system-integrity {
      description
        "System Integrity Measurements";
      leaf platform {
        type string;
        description "Product Identifier";
      }

      leaf boot-ver {
        type string;
        description "Boot 0 Version";
      }

      leaf boot-hash {
        type string;
        description "Boot 0 Hash";
      }

      leaf boot-loader-ver {
        type string;
        description "Boot Loader Version";
      }

      leaf boot-loader-hash {
        type string;
        description "Boot Loader Hash";
      }

      leaf os-version {
        type string;
        description
          "Operating System Version";
      }

      list package-integrity {
        key "index";
        description
          "List of package integrity group describing
         system-calculated hashes for each package artifact
         currently installed or patched to the system.  A package
         artifact in this context may consist of at least one super
         package followed by a sequence of sub-packages and optionally
         where applicable may contain additional entries for software
         maintenance update packages.";
        uses boot-integrity-ios-xe-oper:package-integrity-group;
      }  // list package-integrity

      list register {
        key "index";
        description
          "List for maintaining the Platform Content
         Register (PCR) indices and content.  Currently
         only two entries are expected: index 0 and
         index 8";
        uses boot-integrity-ios-xe-oper:register-group;
      }  // list register
    }  // grouping system-integrity

    grouping sudi-certificate {
      description
        "System Secure Unique Device Identifier Certificate
       Chain Measurements ";
      leaf crca-pem {
        type string;
        description
          "Cisco Root CA PEM Certificate";
      }

      leaf cmca-pem {
        type string;
        description
          "Cisco Manufacturing CA PEM Certificate";
      }

      leaf sudi-pem {
        type string;
        description
          "ACT2 RSA SUDI CA PEM Certificate";
      }

      leaf sudi-signature {
        type string;
        description
          "ACT2 RSA SUDI Certificate Generated Signature";
      }
    }  // grouping sudi-certificate

    container boot-integrity-oper-data {
      config false;
      description
        "Enclosing container for the boot integrity
       measurements of the system.";
      container system-integrity {
        presence "system-integrity";
        description
          "List of system integrity measurements for Boot,
         Boot Loader, and package signatures as well as
         Platform Configuration Registers (PCR) content.
         These measurements are captured utilizing Trust
         Anchor Module (TAM) services communicating with
         Anti-Counterfeit Technology implemented in
         a secure hardware device.";
        uses boot-integrity-ios-xe-oper:system-integrity;
      }  // container system-integrity

      container sudi-certificate {
        presence "sudi-certificate";
        description
          "List of system  certificate measurements for Cisco
         Root CA (CRCA), Cisco Manufacturing CA (CMCA), and
         ACT2 RSA Secure Unique Device Identity (SUDI) CA
         PEM certificates and SUDI generated signatures.
         These measurements are captured utilizing Trusted
         Anchor Module (TAM) services communicating with
         system Anti-Counterfeit Technology implemented in
         a secure hardware device.";
        uses boot-integrity-ios-xe-oper:sudi-certificate;
      }  // container sudi-certificate
    }  // container boot-integrity-oper-data
  }  // module Cisco-IOS-XE-boot-integrity-oper