config: move all config types into file config.go (#1878)

docgen only includes doc comments from one single file in
it's output. Therefore all config types need to be located in config.go

internal/config/BUILD.bazel

@@ -6,14 +6,12 @@ go_library(
     srcs = [
         "attestation.go",
         "attestationversion.go",
-        "azure.go",
         "config.go",
         "config_doc.go",
         # keep
         "image_enterprise.go",
         # keep
         "image_oss.go",
-        "qemu.go",
         "validation.go",
     ],
     importpath = "github.com/edgelesssys/constellation/v2/internal/config",

internal/config/azure.go

@@ -1,146 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package config
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-
-	configapi "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
-	attestationconfigfetcher "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/fetcher"
-
-	"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
-	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
-	"github.com/edgelesssys/constellation/v2/internal/variant"
-)
-
-// AzureSEVSNP is the configuration for Azure SEV-SNP attestation.
-type AzureSEVSNP struct {
-	// description: |
-	//   Expected TPM measurements.
-	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
-	// description: |
-	//   Lowest acceptable bootloader version.
-	BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"`
-	// description: |
-	//   Lowest acceptable TEE version.
-	TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"`
-	// description: |
-	//   Lowest acceptable SEV-SNP version.
-	SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"`
-	// description: |
-	//   Lowest acceptable microcode version.
-	MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"`
-	// description: |
-	//   Configuration for validating the firmware signature.
-	FirmwareSignerConfig SNPFirmwareSignerConfig `json:"firmwareSignerConfig" yaml:"firmwareSignerConfig"`
-	// description: |
-	//   AMD Root Key certificate used to verify the SEV-SNP certificate chain.
-	AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"`
-}
-
-// DefaultForAzureSEVSNP returns the default configuration for Azure SEV-SNP attestation.
-// Version numbers have placeholder values and the latest available values can be fetched using [AzureSEVSNP.FetchAndSetLatestVersionNumbers].
-func DefaultForAzureSEVSNP() *AzureSEVSNP {
-	return &AzureSEVSNP{
-		Measurements:      measurements.DefaultsFor(cloudprovider.Azure, variant.AzureSEVSNP{}),
-		BootloaderVersion: NewLatestPlaceholderVersion(),
-		TEEVersion:        NewLatestPlaceholderVersion(),
-		SNPVersion:        NewLatestPlaceholderVersion(),
-		MicrocodeVersion:  NewLatestPlaceholderVersion(),
-		FirmwareSignerConfig: SNPFirmwareSignerConfig{
-			AcceptedKeyDigests: idkeydigest.DefaultList(),
-			EnforcementPolicy:  idkeydigest.MAAFallback,
-		},
-		// AMD root key. Received from the AMD Key Distribution System API (KDS).
-		AMDRootKey: mustParsePEM(`-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n`),
-	}
-}
-
-// GetVariant returns azure-sev-snp as the variant.
-func (AzureSEVSNP) GetVariant() variant.Variant {
-	return variant.AzureSEVSNP{}
-}
-
-// GetMeasurements returns the measurements used for attestation.
-func (c AzureSEVSNP) GetMeasurements() measurements.M {
-	return c.Measurements
-}
-
-// SetMeasurements updates a config's measurements using the given measurements.
-func (c *AzureSEVSNP) SetMeasurements(m measurements.M) {
-	c.Measurements = m
-}
-
-// EqualTo returns true if the config is equal to the given config.
-func (c AzureSEVSNP) EqualTo(old AttestationCfg) (bool, error) {
-	otherCfg, ok := old.(*AzureSEVSNP)
-	if !ok {
-		return false, fmt.Errorf("cannot compare %T with %T", c, old)
-	}
-
-	firmwareSignerCfgEqual := c.FirmwareSignerConfig.EqualTo(otherCfg.FirmwareSignerConfig)
-	measurementsEqual := c.Measurements.EqualTo(otherCfg.Measurements)
-	bootloaderEqual := c.BootloaderVersion == otherCfg.BootloaderVersion
-	teeEqual := c.TEEVersion == otherCfg.TEEVersion
-	snpEqual := c.SNPVersion == otherCfg.SNPVersion
-	microcodeEqual := c.MicrocodeVersion == otherCfg.MicrocodeVersion
-	rootKeyEqual := bytes.Equal(c.AMDRootKey.Raw, otherCfg.AMDRootKey.Raw)
-
-	return firmwareSignerCfgEqual && measurementsEqual && bootloaderEqual && teeEqual && snpEqual && microcodeEqual && rootKeyEqual, nil
-}
-
-// FetchAndSetLatestVersionNumbers fetches the latest version numbers from the configapi and sets them.
-func (c *AzureSEVSNP) FetchAndSetLatestVersionNumbers(fetcher attestationconfigfetcher.AttestationConfigAPIFetcher) error {
-	versions, err := fetcher.FetchAzureSEVSNPVersionLatest(context.Background())
-	if err != nil {
-		return err
-	}
-	// set number and keep isLatest flag
-	c.mergeVersionNumbers(versions.AzureSEVSNPVersion)
-	return nil
-}
-
-func (c *AzureSEVSNP) mergeVersionNumbers(versions configapi.AzureSEVSNPVersion) {
-	c.BootloaderVersion.Value = versions.Bootloader
-	c.TEEVersion.Value = versions.TEE
-	c.SNPVersion.Value = versions.SNP
-	c.MicrocodeVersion.Value = versions.Microcode
-}
-
-// AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation.
-type AzureTrustedLaunch struct {
-	// description: |
-	//   Expected TPM measurements.
-	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
-}
-
-// GetVariant returns azure-trusted-launch as the variant.
-func (AzureTrustedLaunch) GetVariant() variant.Variant {
-	return variant.AzureTrustedLaunch{}
-}
-
-// GetMeasurements returns the measurements used for attestation.
-func (c AzureTrustedLaunch) GetMeasurements() measurements.M {
-	return c.Measurements
-}
-
-// SetMeasurements updates a config's measurements using the given measurements.
-func (c *AzureTrustedLaunch) SetMeasurements(m measurements.M) {
-	c.Measurements = m
-}
-
-// EqualTo returns true if the config is equal to the given config.
-func (c AzureTrustedLaunch) EqualTo(other AttestationCfg) (bool, error) {
-	otherCfg, ok := other.(*AzureTrustedLaunch)
-	if !ok {
-		return false, fmt.Errorf("cannot compare %T with %T", c, other)
-	}
-	return c.Measurements.EqualTo(otherCfg.Measurements), nil
-}

internal/config/config.go

@@ -19,6 +19,8 @@ All config relevant definitions, parsing and validation functions should go here
 package config
 
 import (
+	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io/fs"
@@ -31,6 +33,7 @@ import (
 	"github.com/go-playground/validator/v10"
 	en_translations "github.com/go-playground/validator/v10/translations/en"
 
+	configapi "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
 	attestationconfigfetcher "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/fetcher"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
@@ -831,3 +834,190 @@ func (c GCPSEVES) EqualTo(other AttestationCfg) (bool, error) {
 func toPtr[T any](v T) *T {
 	return &v
 }
+
+// QEMUVTPM is the configuration for QEMU vTPM attestation.
+type QEMUVTPM struct {
+	// description: |
+	//   Expected TPM measurements.
+	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
+}
+
+// GetVariant returns qemu-vtpm as the variant.
+func (QEMUVTPM) GetVariant() variant.Variant {
+	return variant.QEMUVTPM{}
+}
+
+// GetMeasurements returns the measurements used for attestation.
+func (c QEMUVTPM) GetMeasurements() measurements.M {
+	return c.Measurements
+}
+
+// SetMeasurements updates a config's measurements using the given measurements.
+func (c *QEMUVTPM) SetMeasurements(m measurements.M) {
+	c.Measurements = m
+}
+
+// EqualTo returns true if the config is equal to the given config.
+func (c QEMUVTPM) EqualTo(other AttestationCfg) (bool, error) {
+	otherCfg, ok := other.(*QEMUVTPM)
+	if !ok {
+		return false, fmt.Errorf("cannot compare %T with %T", c, other)
+	}
+	return c.Measurements.EqualTo(otherCfg.Measurements), nil
+}
+
+// QEMUTDX is the configuration for QEMU TDX attestation.
+type QEMUTDX struct {
+	// description: |
+	//   Expected TDX measurements.
+	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
+}
+
+// GetVariant returns qemu-tdx as the variant.
+func (QEMUTDX) GetVariant() variant.Variant {
+	return variant.QEMUTDX{}
+}
+
+// GetMeasurements returns the measurements used for attestation.
+func (c QEMUTDX) GetMeasurements() measurements.M {
+	return c.Measurements
+}
+
+// SetMeasurements updates a config's measurements using the given measurements.
+func (c *QEMUTDX) SetMeasurements(m measurements.M) {
+	c.Measurements = m
+}
+
+// EqualTo returns true if the config is equal to the given config.
+func (c QEMUTDX) EqualTo(other AttestationCfg) (bool, error) {
+	otherCfg, ok := other.(*QEMUTDX)
+	if !ok {
+		return false, fmt.Errorf("cannot compare %T with %T", c, other)
+	}
+	return c.Measurements.EqualTo(otherCfg.Measurements), nil
+}
+
+// AzureSEVSNP is the configuration for Azure SEV-SNP attestation.
+type AzureSEVSNP struct {
+	// description: |
+	//   Expected TPM measurements.
+	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
+	// description: |
+	//   Lowest acceptable bootloader version.
+	BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"`
+	// description: |
+	//   Lowest acceptable TEE version.
+	TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"`
+	// description: |
+	//   Lowest acceptable SEV-SNP version.
+	SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"`
+	// description: |
+	//   Lowest acceptable microcode version.
+	MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"`
+	// description: |
+	//   Configuration for validating the firmware signature.
+	FirmwareSignerConfig SNPFirmwareSignerConfig `json:"firmwareSignerConfig" yaml:"firmwareSignerConfig"`
+	// description: |
+	//   AMD Root Key certificate used to verify the SEV-SNP certificate chain.
+	AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"`
+}
+
+// DefaultForAzureSEVSNP returns the default configuration for Azure SEV-SNP attestation.
+// Version numbers have placeholder values and the latest available values can be fetched using [AzureSEVSNP.FetchAndSetLatestVersionNumbers].
+func DefaultForAzureSEVSNP() *AzureSEVSNP {
+	return &AzureSEVSNP{
+		Measurements:      measurements.DefaultsFor(cloudprovider.Azure, variant.AzureSEVSNP{}),
+		BootloaderVersion: NewLatestPlaceholderVersion(),
+		TEEVersion:        NewLatestPlaceholderVersion(),
+		SNPVersion:        NewLatestPlaceholderVersion(),
+		MicrocodeVersion:  NewLatestPlaceholderVersion(),
+		FirmwareSignerConfig: SNPFirmwareSignerConfig{
+			AcceptedKeyDigests: idkeydigest.DefaultList(),
+			EnforcementPolicy:  idkeydigest.MAAFallback,
+		},
+		// AMD root key. Received from the AMD Key Distribution System API (KDS).
+		AMDRootKey: mustParsePEM(`-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n`),
+	}
+}
+
+// GetVariant returns azure-sev-snp as the variant.
+func (AzureSEVSNP) GetVariant() variant.Variant {
+	return variant.AzureSEVSNP{}
+}
+
+// GetMeasurements returns the measurements used for attestation.
+func (c AzureSEVSNP) GetMeasurements() measurements.M {
+	return c.Measurements
+}
+
+// SetMeasurements updates a config's measurements using the given measurements.
+func (c *AzureSEVSNP) SetMeasurements(m measurements.M) {
+	c.Measurements = m
+}
+
+// EqualTo returns true if the config is equal to the given config.
+func (c AzureSEVSNP) EqualTo(old AttestationCfg) (bool, error) {
+	otherCfg, ok := old.(*AzureSEVSNP)
+	if !ok {
+		return false, fmt.Errorf("cannot compare %T with %T", c, old)
+	}
+
+	firmwareSignerCfgEqual := c.FirmwareSignerConfig.EqualTo(otherCfg.FirmwareSignerConfig)
+	measurementsEqual := c.Measurements.EqualTo(otherCfg.Measurements)
+	bootloaderEqual := c.BootloaderVersion == otherCfg.BootloaderVersion
+	teeEqual := c.TEEVersion == otherCfg.TEEVersion
+	snpEqual := c.SNPVersion == otherCfg.SNPVersion
+	microcodeEqual := c.MicrocodeVersion == otherCfg.MicrocodeVersion
+	rootKeyEqual := bytes.Equal(c.AMDRootKey.Raw, otherCfg.AMDRootKey.Raw)
+
+	return firmwareSignerCfgEqual && measurementsEqual && bootloaderEqual && teeEqual && snpEqual && microcodeEqual && rootKeyEqual, nil
+}
+
+// FetchAndSetLatestVersionNumbers fetches the latest version numbers from the configapi and sets them.
+func (c *AzureSEVSNP) FetchAndSetLatestVersionNumbers(fetcher attestationconfigfetcher.AttestationConfigAPIFetcher) error {
+	versions, err := fetcher.FetchAzureSEVSNPVersionLatest(context.Background())
+	if err != nil {
+		return err
+	}
+	// set number and keep isLatest flag
+	c.mergeVersionNumbers(versions.AzureSEVSNPVersion)
+	return nil
+}
+
+func (c *AzureSEVSNP) mergeVersionNumbers(versions configapi.AzureSEVSNPVersion) {
+	c.BootloaderVersion.Value = versions.Bootloader
+	c.TEEVersion.Value = versions.TEE
+	c.SNPVersion.Value = versions.SNP
+	c.MicrocodeVersion.Value = versions.Microcode
+}
+
+// AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation.
+type AzureTrustedLaunch struct {
+	// description: |
+	//   Expected TPM measurements.
+	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
+}
+
+// GetVariant returns azure-trusted-launch as the variant.
+func (AzureTrustedLaunch) GetVariant() variant.Variant {
+	return variant.AzureTrustedLaunch{}
+}
+
+// GetMeasurements returns the measurements used for attestation.
+func (c AzureTrustedLaunch) GetMeasurements() measurements.M {
+	return c.Measurements
+}
+
+// SetMeasurements updates a config's measurements using the given measurements.
+func (c *AzureTrustedLaunch) SetMeasurements(m measurements.M) {
+	c.Measurements = m
+}
+
+// EqualTo returns true if the config is equal to the given config.
+func (c AzureTrustedLaunch) EqualTo(other AttestationCfg) (bool, error) {
+	otherCfg, ok := other.(*AzureTrustedLaunch)
+	if !ok {
+		return false, fmt.Errorf("cannot compare %T with %T", c, other)
+	}
+	return c.Measurements.EqualTo(otherCfg.Measurements), nil
+}

internal/config/config_doc.go

@@ -22,6 +22,10 @@ var (
 	AWSNitroTPMDoc             encoder.Doc
 	SNPFirmwareSignerConfigDoc encoder.Doc
 	GCPSEVESDoc                encoder.Doc
+	QEMUVTPMDoc                encoder.Doc
+	QEMUTDXDoc                 encoder.Doc
+	AzureSEVSNPDoc             encoder.Doc
+	AzureTrustedLaunchDoc      encoder.Doc
 )
 
 func init() {
@@ -476,6 +480,12 @@ func init() {
 	SNPFirmwareSignerConfigDoc.Type = "SNPFirmwareSignerConfig"
 	SNPFirmwareSignerConfigDoc.Comments[encoder.LineComment] = "SNPFirmwareSignerConfig is the configuration for validating the firmware signer."
 	SNPFirmwareSignerConfigDoc.Description = "SNPFirmwareSignerConfig is the configuration for validating the firmware signer."
+	SNPFirmwareSignerConfigDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "AzureSEVSNP",
+			FieldName: "firmwareSignerConfig",
+		},
+	}
 	SNPFirmwareSignerConfigDoc.Fields = make([]encoder.Doc, 3)
 	SNPFirmwareSignerConfigDoc.Fields[0].Name = "acceptedKeyDigests"
 	SNPFirmwareSignerConfigDoc.Fields[0].Type = "List"
@@ -508,6 +518,100 @@ func init() {
 	GCPSEVESDoc.Fields[0].Note = ""
 	GCPSEVESDoc.Fields[0].Description = "Expected TPM measurements."
 	GCPSEVESDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
+
+	QEMUVTPMDoc.Type = "QEMUVTPM"
+	QEMUVTPMDoc.Comments[encoder.LineComment] = "QEMUVTPM is the configuration for QEMU vTPM attestation."
+	QEMUVTPMDoc.Description = "QEMUVTPM is the configuration for QEMU vTPM attestation."
+	QEMUVTPMDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "AttestationConfig",
+			FieldName: "qemuVTPM",
+		},
+	}
+	QEMUVTPMDoc.Fields = make([]encoder.Doc, 1)
+	QEMUVTPMDoc.Fields[0].Name = "measurements"
+	QEMUVTPMDoc.Fields[0].Type = "M"
+	QEMUVTPMDoc.Fields[0].Note = ""
+	QEMUVTPMDoc.Fields[0].Description = "Expected TPM measurements."
+	QEMUVTPMDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
+
+	QEMUTDXDoc.Type = "QEMUTDX"
+	QEMUTDXDoc.Comments[encoder.LineComment] = "QEMUTDX is the configuration for QEMU TDX attestation."
+	QEMUTDXDoc.Description = "QEMUTDX is the configuration for QEMU TDX attestation."
+	QEMUTDXDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "AttestationConfig",
+			FieldName: "qemuTDX",
+		},
+	}
+	QEMUTDXDoc.Fields = make([]encoder.Doc, 1)
+	QEMUTDXDoc.Fields[0].Name = "measurements"
+	QEMUTDXDoc.Fields[0].Type = "M"
+	QEMUTDXDoc.Fields[0].Note = ""
+	QEMUTDXDoc.Fields[0].Description = "Expected TDX measurements."
+	QEMUTDXDoc.Fields[0].Comments[encoder.LineComment] = "Expected TDX measurements."
+
+	AzureSEVSNPDoc.Type = "AzureSEVSNP"
+	AzureSEVSNPDoc.Comments[encoder.LineComment] = "AzureSEVSNP is the configuration for Azure SEV-SNP attestation."
+	AzureSEVSNPDoc.Description = "AzureSEVSNP is the configuration for Azure SEV-SNP attestation."
+	AzureSEVSNPDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "AttestationConfig",
+			FieldName: "azureSEVSNP",
+		},
+	}
+	AzureSEVSNPDoc.Fields = make([]encoder.Doc, 7)
+	AzureSEVSNPDoc.Fields[0].Name = "measurements"
+	AzureSEVSNPDoc.Fields[0].Type = "M"
+	AzureSEVSNPDoc.Fields[0].Note = ""
+	AzureSEVSNPDoc.Fields[0].Description = "Expected TPM measurements."
+	AzureSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
+	AzureSEVSNPDoc.Fields[1].Name = "bootloaderVersion"
+	AzureSEVSNPDoc.Fields[1].Type = "AttestationVersion"
+	AzureSEVSNPDoc.Fields[1].Note = ""
+	AzureSEVSNPDoc.Fields[1].Description = "Lowest acceptable bootloader version."
+	AzureSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Lowest acceptable bootloader version."
+	AzureSEVSNPDoc.Fields[2].Name = "teeVersion"
+	AzureSEVSNPDoc.Fields[2].Type = "AttestationVersion"
+	AzureSEVSNPDoc.Fields[2].Note = ""
+	AzureSEVSNPDoc.Fields[2].Description = "Lowest acceptable TEE version."
+	AzureSEVSNPDoc.Fields[2].Comments[encoder.LineComment] = "Lowest acceptable TEE version."
+	AzureSEVSNPDoc.Fields[3].Name = "snpVersion"
+	AzureSEVSNPDoc.Fields[3].Type = "AttestationVersion"
+	AzureSEVSNPDoc.Fields[3].Note = ""
+	AzureSEVSNPDoc.Fields[3].Description = "Lowest acceptable SEV-SNP version."
+	AzureSEVSNPDoc.Fields[3].Comments[encoder.LineComment] = "Lowest acceptable SEV-SNP version."
+	AzureSEVSNPDoc.Fields[4].Name = "microcodeVersion"
+	AzureSEVSNPDoc.Fields[4].Type = "AttestationVersion"
+	AzureSEVSNPDoc.Fields[4].Note = ""
+	AzureSEVSNPDoc.Fields[4].Description = "Lowest acceptable microcode version."
+	AzureSEVSNPDoc.Fields[4].Comments[encoder.LineComment] = "Lowest acceptable microcode version."
+	AzureSEVSNPDoc.Fields[5].Name = "firmwareSignerConfig"
+	AzureSEVSNPDoc.Fields[5].Type = "SNPFirmwareSignerConfig"
+	AzureSEVSNPDoc.Fields[5].Note = ""
+	AzureSEVSNPDoc.Fields[5].Description = "Configuration for validating the firmware signature."
+	AzureSEVSNPDoc.Fields[5].Comments[encoder.LineComment] = "Configuration for validating the firmware signature."
+	AzureSEVSNPDoc.Fields[6].Name = "amdRootKey"
+	AzureSEVSNPDoc.Fields[6].Type = "Certificate"
+	AzureSEVSNPDoc.Fields[6].Note = ""
+	AzureSEVSNPDoc.Fields[6].Description = "AMD Root Key certificate used to verify the SEV-SNP certificate chain."
+	AzureSEVSNPDoc.Fields[6].Comments[encoder.LineComment] = "AMD Root Key certificate used to verify the SEV-SNP certificate chain."
+
+	AzureTrustedLaunchDoc.Type = "AzureTrustedLaunch"
+	AzureTrustedLaunchDoc.Comments[encoder.LineComment] = "AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation."
+	AzureTrustedLaunchDoc.Description = "AzureTrustedLaunch is the configuration for Azure Trusted Launch attestation."
+	AzureTrustedLaunchDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "AttestationConfig",
+			FieldName: "azureTrustedLaunch",
+		},
+	}
+	AzureTrustedLaunchDoc.Fields = make([]encoder.Doc, 1)
+	AzureTrustedLaunchDoc.Fields[0].Name = "measurements"
+	AzureTrustedLaunchDoc.Fields[0].Type = "M"
+	AzureTrustedLaunchDoc.Fields[0].Note = ""
+	AzureTrustedLaunchDoc.Fields[0].Description = "Expected TPM measurements."
+	AzureTrustedLaunchDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
 }
 
 func (_ Config) Doc() *encoder.Doc {
@@ -554,6 +658,22 @@ func (_ GCPSEVES) Doc() *encoder.Doc {
 	return &GCPSEVESDoc
 }
 
+func (_ QEMUVTPM) Doc() *encoder.Doc {
+	return &QEMUVTPMDoc
+}
+
+func (_ QEMUTDX) Doc() *encoder.Doc {
+	return &QEMUTDXDoc
+}
+
+func (_ AzureSEVSNP) Doc() *encoder.Doc {
+	return &AzureSEVSNPDoc
+}
+
+func (_ AzureTrustedLaunch) Doc() *encoder.Doc {
+	return &AzureTrustedLaunchDoc
+}
+
 // GetConfigurationDoc returns documentation for the file ./config_doc.go.
 func GetConfigurationDoc() *encoder.FileDoc {
 	return &encoder.FileDoc{
@@ -571,6 +691,10 @@ func GetConfigurationDoc() *encoder.FileDoc {
 			&AWSNitroTPMDoc,
 			&SNPFirmwareSignerConfigDoc,
 			&GCPSEVESDoc,
+			&QEMUVTPMDoc,
+			&QEMUTDXDoc,
+			&AzureSEVSNPDoc,
+			&AzureTrustedLaunchDoc,
 		},
 	}
 }

internal/config/qemu.go

@@ -1,76 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package config
-
-import (
-	"fmt"
-
-	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
-	"github.com/edgelesssys/constellation/v2/internal/variant"
-)
-
-// QEMUVTPM is the configuration for QEMU vTPM attestation.
-type QEMUVTPM struct {
-	// description: |
-	//   Expected TPM measurements.
-	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
-}
-
-// GetVariant returns qemu-vtpm as the variant.
-func (QEMUVTPM) GetVariant() variant.Variant {
-	return variant.QEMUVTPM{}
-}
-
-// GetMeasurements returns the measurements used for attestation.
-func (c QEMUVTPM) GetMeasurements() measurements.M {
-	return c.Measurements
-}
-
-// SetMeasurements updates a config's measurements using the given measurements.
-func (c *QEMUVTPM) SetMeasurements(m measurements.M) {
-	c.Measurements = m
-}
-
-// EqualTo returns true if the config is equal to the given config.
-func (c QEMUVTPM) EqualTo(other AttestationCfg) (bool, error) {
-	otherCfg, ok := other.(*QEMUVTPM)
-	if !ok {
-		return false, fmt.Errorf("cannot compare %T with %T", c, other)
-	}
-	return c.Measurements.EqualTo(otherCfg.Measurements), nil
-}
-
-// QEMUTDX is the configuration for QEMU TDX attestation.
-type QEMUTDX struct {
-	// description: |
-	//   Expected TDX measurements.
-	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
-}
-
-// GetVariant returns qemu-tdx as the variant.
-func (QEMUTDX) GetVariant() variant.Variant {
-	return variant.QEMUTDX{}
-}
-
-// GetMeasurements returns the measurements used for attestation.
-func (c QEMUTDX) GetMeasurements() measurements.M {
-	return c.Measurements
-}
-
-// SetMeasurements updates a config's measurements using the given measurements.
-func (c *QEMUTDX) SetMeasurements(m measurements.M) {
-	c.Measurements = m
-}
-
-// EqualTo returns true if the config is equal to the given config.
-func (c QEMUTDX) EqualTo(other AttestationCfg) (bool, error) {
-	otherCfg, ok := other.(*QEMUTDX)
-	if !ok {
-		return false, fmt.Errorf("cannot compare %T with %T", c, other)
-	}
-	return c.Measurements.EqualTo(otherCfg.Measurements), nil
-}