2.2.2.13 EvaluationLog

The EvaluationLog structure defines the policy evaluation log entry indicating whether the attestation has passed or not.

 {
     "id": "EvaluationLog",
     "description": "Verifies the Evaluation Log entry ",
     "type": "object",
     "properties": {
         "Result": {
             "type": "boolean"
             "required": true
         },
         "Reason": {
             "type": "string"
             "required": true
         },
         "additionalProperties": false
     }
 }

Result: A Boolean indicating whether policy evaluation is successful or not. True if the policy evaluation is successful; otherwise, False.

Reason: A base64Binary string representing policy evaluation failure reasons. The list of GUIDs identifying the type of policy evaluation failure are given below.

GUID

Name/Policy Description

6a460ee1-62ea-416f-ae6c-04e29634506d

SecureBootEnabledGuid - Secure Boot is enabled.

756dc455-9528-479a-a86a-c646417316c9

SecureBootSettingsGuid - Secure Boot measurements match the expected values.

20188fda-d40b-460d-b078-2e7898a42ae9

DebugModeUefiGuid - UEFI debug mode is disabled.

81f110ba-53c5-4064-9d64-51029fa24f49

SystemIntegrityCiKnownGoodGuid - Code Integrity measurements match the expected values.

75ad09c9-7254-4d00-96f3-3b09d0aaac54

FullBootGuid - The last boot was a full boot.

75d595de-12f5-41e9-a61e-469d3205ecca

VsmIdkPresent - The Virtual Secure Mode Identity Key is present.

6c0a6d29-5bcb-4f28-bafb-f71eb60fdae0

VsmRunning - Virtual Secure Mode is running.

da0776e5-6570-44b3-9a17-7e95b4fc7779

IommuEnabled - IOMMU required for VSM to launch.

347da547-d266-4939-bf3d-9ec73a90bdbc

BitLockerEnabled - BitLocker enabled.

12df0ee9-b38e-4086-90f8-703d9e7cb878

PagefileEncryptionEnabled - Pagefile encryption enabled.

5408BD30-3250-4AC1-A150-C410AF756699

HypervisorEnforcedCiPolicy - Policy which ensures that CI is being enforced by the hypervisor.

A32022C6-DCCD-4BF5-BE76-3B5CA1542559

NoHibernation- Policy which ensures that hibernation is disabled.

2A796E36-E918-454F-B610-60F086E8D334

NoDumps - Policy which ensures that crash dumps are disabled.

6F390A71-753C-43AA-A326-74E30AEDCD9D

DumpEncryption - Policy which ensures that crash dumps are encrypted if they are enabled.

85DAC0A4-8BA9-4A7F-A342-211862CE0BE8

DumpEncryptionKey - Policy which ensures that the crash dump encryption key is expected if crash dumps are enabled.