A platform trust policy is a security assurance policy for a platform, such as its secure launch control policy, restricting applications to only execute on platforms that meet a specified trust assurance level. Compliance and auditing mechanisms must demonstrate that critical, personal, or sensitive data has only been processed on platforms that meet trust requirements.
Figure 1 - An example of how the platform trust policy relates to workload placement.
In Figure 1, the security assurance levels of compute resources are defined by the platform trust policy. The cloud compute platform’s security must meet trust policy criteria, and it is logged in the attestation service upon secure boot. The consumer, referencing the platform trust policy, selects the security level required for a trusted workload execution. The cloud platform monitor ensures that the compute platform security level is maintained and the compliance confirms that workloads have been securely processed.