2.2.2.13 EvaluationLog
The EvaluationLog structure defines the policy evaluation log entry indicating whether the attestation has passed or not.
-
{ "id": "EvaluationLog", "description": "Verifies the Evaluation Log entry ", "type": "object", "properties": { "Result": { "type": "boolean" "required": true }, "Reason": { "type": "string" "required": true }, "additionalProperties": false } }
Result: A Boolean indicating whether policy evaluation is successful or not. True if the policy evaluation is successful; otherwise, False.
Reason: A base64Binary string representing policy evaluation failure reasons. The list of GUIDs identifying the type of policy evaluation failure are given below.
-
GUID
Name/Policy Description
6a460ee1-62ea-416f-ae6c-04e29634506d
SecureBootEnabledGuid - Secure Boot is enabled.
756dc455-9528-479a-a86a-c646417316c9
SecureBootSettingsGuid - Secure Boot measurements match the expected values.
20188fda-d40b-460d-b078-2e7898a42ae9
DebugModeUefiGuid - UEFI debug mode is disabled.
81f110ba-53c5-4064-9d64-51029fa24f49
SystemIntegrityCiKnownGoodGuid - Code Integrity measurements match the expected values.
75ad09c9-7254-4d00-96f3-3b09d0aaac54
FullBootGuid - The last boot was a full boot.
75d595de-12f5-41e9-a61e-469d3205ecca
VsmIdkPresent - The Virtual Secure Mode Identity Key is present.
6c0a6d29-5bcb-4f28-bafb-f71eb60fdae0
VsmRunning - Virtual Secure Mode is running.
da0776e5-6570-44b3-9a17-7e95b4fc7779
IommuEnabled - IOMMU required for VSM to launch.
347da547-d266-4939-bf3d-9ec73a90bdbc
BitLockerEnabled - BitLocker enabled.
12df0ee9-b38e-4086-90f8-703d9e7cb878
PagefileEncryptionEnabled - Pagefile encryption enabled.
5408BD30-3250-4AC1-A150-C410AF756699
HypervisorEnforcedCiPolicy - Policy which ensures that CI is being enforced by the hypervisor.
A32022C6-DCCD-4BF5-BE76-3B5CA1542559
NoHibernation- Policy which ensures that hibernation is disabled.
2A796E36-E918-454F-B610-60F086E8D334
NoDumps - Policy which ensures that crash dumps are disabled.
6F390A71-753C-43AA-A326-74E30AEDCD9D
DumpEncryption - Policy which ensures that crash dumps are encrypted if they are enabled.
85DAC0A4-8BA9-4A7F-A342-211862CE0BE8
DumpEncryptionKey - Policy which ensures that the crash dump encryption key is expected if crash dumps are enabled.