AB#2386: TrustedLaunch support for azure attestation

* There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>
2025-05-02 06:16:08 -04:00 · 2022-08-31 20:10:49 +02:00 · 2022-08-31 20:10:49 +02:00 · 405db3286e
commit 405db3286e
parent 4bfb98d35a
33 changed files with 749 additions and 431 deletions
--- a/cli/internal/cmd/create.go
+++ b/cli/internal/cmd/create.go
@ -73,6 +73,9 @@ func create(cmd *cobra.Command, creator cloudCreator, fileHandler file.Handler,

 	if config.IsAzureNonCVM() {
 		cmd.Println("Disabling Confidential VMs is insecure. Use only for evaluation purposes.")
+		if config.EnforcesIdKeyDigest() {
+			cmd.Println("Your config asks for enforcing the idkeydigest. This is only available on Confidential VMs. It will not be enforced.")
+		}
 	}

 	var instanceType string