Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-26 00:35:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

DO NOT MERGE! attestation: use ark from THIM

Browse source 
remove this commit eventually.
This commit is contained in:
Otto Bittner 2024-04-09 17:34:40 +02:00 committed by Malte Poll
parent 6fa51f73d8
commit 1e7d21e071
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/attestation/azure/snp/validator.go
View file

@ -122,6 +122,11 @@ func (v *Validator) getTrustedKey(ctx context.Context, attDoc vtpm.AttestationDo
return nil, fmt.Errorf("parsing ASK certificate: %w", err) return nil, fmt.Errorf("parsing ASK certificate: %w", err)
} }
ark, err := x509.ParseCertificate(att.CertificateChain.ArkCert)
if err != nil {
return nil, fmt.Errorf("parsing ARK certificate: %w", err)
}
verifyOpts := &verify.Options{ verifyOpts := &verify.Options{
TrustedRoots: map[string][]*trust.AMDRootCerts{ TrustedRoots: map[string][]*trust.AMDRootCerts{
"Genoa": { "Genoa": {
@ -129,7 +134,7 @@ func (v *Validator) getTrustedKey(ctx context.Context, attDoc vtpm.AttestationDo
Product: "Genoa", Product: "Genoa",
ProductCerts: &trust.ProductCerts{ ProductCerts: &trust.ProductCerts{
Ask: ask, Ask: ask,
Ark: trustedArk, Ark: ark,
}, },
}, },
}, },