variant: add SEV-SNP attestation variant

2025-04-21 23:59:09 -04:00 · 2024-04-04 16:31:16 +02:00 · 2024-04-04 16:31:16 +02:00 · 02f78b2bae
commit 02f78b2bae
parent 10f1b1430e
1 changed files with 22 additions and 1 deletions
--- a/internal/attestation/variant/variant.go
+++ b/internal/attestation/variant/variant.go
@ -44,6 +44,7 @@ const (
 	awsNitroTPM        = "aws-nitro-tpm"
 	awsSEVSNP          = "aws-sev-snp"
 	gcpSEVES           = "gcp-sev-es"
+	gcpSEVSNP          = "gcp-sev-snp"
 	azureTDX           = "azure-tdx"
 	azureSEVSNP        = "azure-sev-snp"
 	azureTrustedLaunch = "azure-trustedlaunch"
@ -54,7 +55,7 @@ const (
 var providerAttestationMapping = map[cloudprovider.Provider][]Variant{
 	cloudprovider.AWS:       {AWSSEVSNP{}, AWSNitroTPM{}},
 	cloudprovider.Azure:     {AzureSEVSNP{}, AzureTDX{}, AzureTrustedLaunch{}},
-	cloudprovider.GCP:       {GCPSEVES{}},
+	cloudprovider.GCP:       {GCPSEVES{}, GCPSEVSNP{}},
 	cloudprovider.QEMU:      {QEMUVTPM{}},
 	cloudprovider.OpenStack: {QEMUVTPM{}},
 }
@ -110,6 +111,8 @@ func FromString(oid string) (Variant, error) {
 		return AWSNitroTPM{}, nil
 	case gcpSEVES:
 		return GCPSEVES{}, nil
+	case gcpSEVSNP:
+		return GCPSEVSNP{}, nil
 	case azureSEVSNP:
 		return AzureSEVSNP{}, nil
 	case azureTrustedLaunch:
@ -209,6 +212,24 @@ func (GCPSEVES) Equal(other Getter) bool {
 	return other.OID().Equal(GCPSEVES{}.OID())
 }

+// GCPSEVSNP holds the GCP SEV-SNP OID.
+type GCPSEVSNP struct{}
+
+// OID returns the struct's object identifier.
+func (GCPSEVSNP) OID() asn1.ObjectIdentifier {
+	return asn1.ObjectIdentifier{1, 3, 9900, 3, 2}
+}
+
+// String returns the string representation of the OID.
+func (GCPSEVSNP) String() string {
+	return gcpSEVSNP
+}
+
+// Equal returns true if the other variant is also GCPSEVSNP.
+func (GCPSEVSNP) Equal(other Getter) bool {
+	return other.OID().Equal(GCPSEVSNP{}.OID())
+}
+
 // AzureTDX holds the OID for Azure TDX CVMs.
 type AzureTDX struct{}