2022-05-12 04:15:00 -04:00
|
|
|
package config
|
|
|
|
|
2022-05-16 12:54:25 -04:00
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
|
2022-06-01 09:08:42 -04:00
|
|
|
"github.com/edgelesssys/constellation/internal/attestation/vtpm"
|
2022-05-16 12:54:25 -04:00
|
|
|
)
|
2022-05-12 04:15:00 -04:00
|
|
|
|
|
|
|
type Measurements map[uint32][]byte
|
|
|
|
|
2022-05-16 12:54:25 -04:00
|
|
|
var (
|
|
|
|
// gcpPCRs is a map of the expected PCR values for a GCP Constellation node.
|
|
|
|
// TODO: Get a full list once we have stable releases.
|
|
|
|
gcpPCRs = Measurements{
|
|
|
|
0: {0x0F, 0x35, 0xC2, 0x14, 0x60, 0x8D, 0x93, 0xC7, 0xA6, 0xE6, 0x8A, 0xE7, 0x35, 0x9B, 0x4A, 0x8B, 0xE5, 0xA0, 0xE9, 0x9E, 0xEA, 0x91, 0x07, 0xEC, 0xE4, 0x27, 0xC4, 0xDE, 0xA4, 0xE4, 0x39, 0xCF},
|
|
|
|
uint32(vtpm.PCRIndexOwnerID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
}
|
|
|
|
|
|
|
|
// azurePCRs is a map of the expected PCR values for an Azure Constellation node.
|
|
|
|
// TODO: Get a full list once we have a working setup with stable releases.
|
|
|
|
azurePCRs = Measurements{
|
|
|
|
uint32(vtpm.PCRIndexOwnerID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
}
|
|
|
|
|
|
|
|
qemuPCRs = Measurements{
|
|
|
|
uint32(vtpm.PCRIndexOwnerID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
uint32(vtpm.PCRIndexClusterID): {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
2022-05-12 04:15:00 -04:00
|
|
|
func (m Measurements) MarshalYAML() (interface{}, error) {
|
|
|
|
base64Map := make(map[uint32]string)
|
|
|
|
|
|
|
|
for key, value := range m {
|
|
|
|
base64Map[key] = base64.StdEncoding.EncodeToString(value[:])
|
|
|
|
}
|
|
|
|
|
|
|
|
return base64Map, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *Measurements) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|
|
|
base64Map := make(map[uint32]string)
|
|
|
|
err := unmarshal(base64Map)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
*m = make(Measurements)
|
|
|
|
for key, value := range base64Map {
|
|
|
|
measurement, err := base64.StdEncoding.DecodeString(value)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
(*m)[key] = measurement
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|