AB#2386: TrustedLaunch support for azure attestation

* There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>
2025-11-12 08:36:36 -05:00 · 2022-08-31 20:10:49 +02:00 · 2022-08-31 20:10:49 +02:00 · 405db3286e
commit 405db3286e
parent 4bfb98d35a
33 changed files with 749 additions and 431 deletions
--- a/internal/cloud/vmtype/vmtype.go
+++ b/internal/cloud/vmtype/vmtype.go
@ -0,0 +1,33 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package vmtype
+
+import "strings"
+
+//go:generate stringer -type=VMType
+
+// VMType describes different vm types we support. Introduced for Azure SNP / Trusted Launch attestation.
+type VMType uint32
+
+const (
+	Unknown VMType = iota
+	AzureCVM
+	AzureTrustedLaunch
+)
+
+// FromString returns a VMType from a string.
+func FromString(s string) VMType {
+	s = strings.ToLower(s)
+	switch s {
+	case "azurecvm":
+		return AzureCVM
+	case "azuretrustedlaunch":
+		return AzureTrustedLaunch
+	default:
+		return Unknown
+	}
+}
--- a/internal/cloud/vmtype/vmtype_string.go
+++ b/internal/cloud/vmtype/vmtype_string.go
@ -0,0 +1,25 @@
+// Code generated by "stringer -type=VMType"; DO NOT EDIT.
+
+package vmtype
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[Unknown-0]
+	_ = x[AzureCVM-1]
+	_ = x[AzureTrustedLaunch-2]
+}
+
+const _VMType_name = "UnknownAzureCVMAzureTrustedLaunch"
+
+var _VMType_index = [...]uint8{0, 7, 15, 33}
+
+func (i VMType) String() string {
+	if i >= VMType(len(_VMType_index)-1) {
+		return "VMType(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _VMType_name[_VMType_index[i]:_VMType_index[i+1]]
+}