syntax = "proto3";

package substrate.attestation.v2;

// ─── Layer 1: Platform Claim ────────────────────────────────────────
//
// Hardware-rooted identity and integrity measurements. Anchored to TPM
// Endorsement Key (EK) and backed by TPM Quote over PCR digest.

message PlatformClaim {
    uint32 sat_version = 1;               // MUST be 2
    uint32 layer = 2;                     // MUST be 1
    string machine_id = 3;               // H(TPM EK public key)
    bytes tpm_ek_public = 4;
    bytes tpm_ak_cert = 5;
    bytes pcr_digest = 6;
    string pcr_bank = 7;                 // "sha256" or "sha384"
    repeated uint32 pcr_selection = 8;
    optional bytes ima_log_hash = 9;
    bool uefi_secureboot = 10;
    uint64 boot_timestamp = 11;          // TPM monotonic counter
    bytes nonce = 12;
    bytes claim_hash = 13;               // Computed, not serialized for hashing
    TpmQuoteBinding tpm_binding = 14;
}

message TpmQuoteBinding {
    bytes quoted = 1;
    bytes signature = 2;
    string signature_algorithm = 3;      // "ECDSA-P256"
}