attestation: docs and config changes for SNP attestation (#1959)

* docs: describe SEV-SNP support on AWS
* config: remove launchMeasurement

awsSEVSNP attestation config should not have this value.
It doesn't have a function yet.

docs/docs/getting-started/first-steps.md

@@ -50,11 +50,19 @@ If you encounter any problem with the following steps, make sure to use the [lat
     <tabItem value="aws" label="AWS">
 
     ```bash
-    constellation iam create aws --zone=eu-central-1a --prefix=constellTest --generate-config
+    constellation iam create aws --zone=us-east-2a --prefix=constellTest --generate-config
     ```
 
-    This command creates IAM configuration for the AWS zone `eu-central-1a` using the prefix `constellTest` for all named resources being created. It also creates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
+    This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also creates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
 
+    Depending on the attestation variant selected on config generation, different regions are available.
+    AMD SEV-SNP machines (requires the default attestation variant `awsSEVSNP`) are currently available in the following regions:
+     * `eu-west-1`
+     * `us-east-2`
+
+    You can find a list of regions that support AMD SEV-SNP in [AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html).
+
+    NitroTPM machines (requires the attestation variant `awsNitroTPM`) are available in all regions.
     Constellation OS images are currently replicated to the following regions:
      * `eu-central-1`
      * `eu-west-1`

docs/docs/workflows/config.md

@@ -62,7 +62,22 @@ By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to crea
 </tabItem>
 <tabItem value="aws" label="AWS">
 
-By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options.
+By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster.
+Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file.
+If you are using the default attestation variant `awsSEVSNP`, you can use the instance types described in [AWS's AMD SEV-SNP docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html).
+Please mind the region restrictions mentioned in the [Getting started](../getting-started/first-steps.md#create-a-cluster) section.
+
+If you are using the attestation variant `awsNitroTPM`, you can choose any of the [nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html).
+
+The Constellation CLI can also print the supported instance types with: `constellation config instance-types`.
+
+:::caution
+Due to a bug in AWS's SNP implementation, SNP report generation currently fails in unforeseeable circumstances.
+Therefore, even if you select attestation type `awsSEVSNP`, Constellation still uses NitroTPM-based attestation.
+Nonetheless, runtime encryption is enabled.
+AWS is currently investigating the issue.
+SNP-based attestation will be enabled as soon as a fix is verified.
+:::
 
 </tabItem>
 </tabs>
@@ -120,10 +135,10 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml`
 You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials).
 
 ```bash
-constellation iam create aws --zone=eu-central-1a --prefix=constellTest
+constellation iam create aws --zone=us-east-2a --prefix=constellTest
 ```
 
-This command creates IAM configuration for the AWS zone `eu-central-1a` using the prefix `constellTest` for all named resources being created.
+This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created.
 
 Constellation OS images are currently replicated to the following regions:
 

internal/config/attestation_test.go

@@ -27,7 +27,7 @@ func TestUnmarshalAttestationConfig(t *testing.T) {
 		cfg AttestationCfg
 	}{
 		"AWSSEVSNP": {
-			cfg: &AWSSEVSNP{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSSEVSNP{}), LaunchMeasurement: measurements.PlaceHolderMeasurement(48)},
+			cfg: &AWSSEVSNP{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSSEVSNP{})},
 		},
 		"AWSNitroTPM": {
 			cfg: &AWSNitroTPM{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSNitroTPM{})},

internal/config/config.go

@@ -19,7 +19,6 @@ All config relevant definitions, parsing and validation functions should go here
 package config
 
 import (
-	"bytes"
 	"context"
 	"errors"
 	"fmt"
@@ -276,7 +275,7 @@ type QEMUConfig struct {
 // if not required.
 type AttestationConfig struct {
 	// description: |
-	//   AWS SEV-SNP attestation. WARNING: NOT PRODUCTION READY, TESTING ONLY, NO MEANINGFUL ATTESTATION.
+	//   AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. Please see https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information.
 	AWSSEVSNP *AWSSEVSNP `yaml:"awsSEVSNP,omitempty" validate:"omitempty,dive"`
 	// description: |
 	//   AWS Nitro TPM attestation.
@@ -358,7 +357,7 @@ func Default() *Config {
 		// AWS uses aws-nitro-tpm as attestation variant
 		// AWS will have aws-sev-snp as attestation variant
 		Attestation: AttestationConfig{
-			AWSSEVSNP:          &AWSSEVSNP{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSSEVSNP{}), LaunchMeasurement: measurements.WithAllBytes(0x00, measurements.Enforce, measurements.PCRMeasurementLength)},
+			AWSSEVSNP:          &AWSSEVSNP{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSSEVSNP{})},
 			AWSNitroTPM:        &AWSNitroTPM{Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSNitroTPM{})},
 			AzureSEVSNP:        DefaultForAzureSEVSNP(),
 			AzureTrustedLaunch: &AzureTrustedLaunch{Measurements: measurements.DefaultsFor(cloudprovider.Azure, variant.AzureTrustedLaunch{})},
@@ -788,9 +787,10 @@ type AWSSEVSNP struct {
 	// description: |
 	//   Expected TPM measurements.
 	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
+	// TODO (derpsteb): reenable launchMeasurement once SNP is fixed on AWS.
 	// description: |
 	//   Expected launch measurement in SNP report.
-	LaunchMeasurement measurements.Measurement `json:"launchMeasurement" yaml:"launchMeasurement" validate:"required"`
+	// LaunchMeasurement measurements.Measurement `json:"launchMeasurement" yaml:"launchMeasurement" validate:"required"`
 }
 
 // GetVariant returns aws-sev-snp as the variant.
@@ -814,12 +814,13 @@ func (c AWSSEVSNP) EqualTo(other AttestationCfg) (bool, error) {
 	if !ok {
 		return false, fmt.Errorf("cannot compare %T with %T", c, other)
 	}
-	if !bytes.Equal(c.LaunchMeasurement.Expected, otherCfg.LaunchMeasurement.Expected) {
-		return false, nil
-	}
-	if c.LaunchMeasurement.ValidationOpt != otherCfg.LaunchMeasurement.ValidationOpt {
-		return false, nil
-	}
+	// TODO (derpsteb): reenable launchMeasurement once SNP is fixed on AWS.
+	// if !bytes.Equal(c.LaunchMeasurement.Expected, otherCfg.LaunchMeasurement.Expected) {
+	// 	return false, nil
+	// }
+	// if c.LaunchMeasurement.ValidationOpt != otherCfg.LaunchMeasurement.ValidationOpt {
+	// 	return false, nil
+	// }
 
 	return c.Measurements.EqualTo(otherCfg.Measurements), nil
 }

internal/config/config_doc.go

@@ -425,8 +425,8 @@ func init() {
 	AttestationConfigDoc.Fields[0].Name = "awsSEVSNP"
 	AttestationConfigDoc.Fields[0].Type = "AWSSEVSNP"
 	AttestationConfigDoc.Fields[0].Note = ""
-	AttestationConfigDoc.Fields[0].Description = "AWS SEV-SNP attestation. WARNING: NOT PRODUCTION READY, TESTING ONLY, NO MEANINGFUL ATTESTATION."
-	AttestationConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS SEV-SNP attestation. WARNING: NOT PRODUCTION READY, TESTING ONLY, NO MEANINGFUL ATTESTATION."
+	AttestationConfigDoc.Fields[0].Description = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. Please see https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
+	AttestationConfigDoc.Fields[0].Comments[encoder.LineComment] = "AWS SEV-SNP attestation. WARNING: Attestation temporarily relies on AWS nitroTPM. Please see https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information."
 	AttestationConfigDoc.Fields[1].Name = "awsNitroTPM"
 	AttestationConfigDoc.Fields[1].Type = "AWSNitroTPM"
 	AttestationConfigDoc.Fields[1].Note = ""
@@ -472,17 +472,12 @@ func init() {
 			FieldName: "awsSEVSNP",
 		},
 	}
-	AWSSEVSNPDoc.Fields = make([]encoder.Doc, 2)
+	AWSSEVSNPDoc.Fields = make([]encoder.Doc, 1)
 	AWSSEVSNPDoc.Fields[0].Name = "measurements"
 	AWSSEVSNPDoc.Fields[0].Type = "M"
 	AWSSEVSNPDoc.Fields[0].Note = ""
 	AWSSEVSNPDoc.Fields[0].Description = "Expected TPM measurements."
 	AWSSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements."
-	AWSSEVSNPDoc.Fields[1].Name = "launchMeasurement"
-	AWSSEVSNPDoc.Fields[1].Type = "Measurement"
-	AWSSEVSNPDoc.Fields[1].Note = ""
-	AWSSEVSNPDoc.Fields[1].Description = "Expected launch measurement in SNP report."
-	AWSSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Expected launch measurement in SNP report."
 
 	AWSNitroTPMDoc.Type = "AWSNitroTPM"
 	AWSNitroTPMDoc.Comments[encoder.LineComment] = "AWSNitroTPM is the configuration for AWS Nitro TPM attestation."