api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429)

2025-05-02 14:26:23 -04:00 · 2023-10-17 17:36:50 +02:00 · 2023-10-17 17:36:50 +02:00 · 5819a11d25
commit 5819a11d25
parent 0c89f57ac5
11 changed files with 211 additions and 110 deletions
--- a/internal/api/attestationconfigapi/cli/BUILD.bazel
+++ b/internal/api/attestationconfigapi/cli/BUILD.bazel
@ -19,11 +19,14 @@ go_library(
    deps = [
        "//internal/api/attestationconfigapi",
        "//internal/constants",
+        "//internal/file",
        "//internal/logger",
        "//internal/staticupload",
+        "//internal/verify",
        "@com_github_aws_aws_sdk_go//aws",
        "@com_github_aws_aws_sdk_go_v2_service_s3//:s3",
        "@com_github_aws_aws_sdk_go_v2_service_s3//types",
+        "@com_github_spf13_afero//:afero",
        "@com_github_spf13_cobra//:cobra",
        "@org_uber_go_zap//:zap",
    ],
@ -31,9 +34,13 @@ go_library(

 go_test(
    name = "cli_test",
-    srcs = ["delete_test.go"],
+    srcs = [
+        "delete_test.go",
+        "main_test.go",
+    ],
    embed = [":cli_lib"],
    deps = [
+        "//internal/verify",
        "@com_github_stretchr_testify//assert",
        "@com_github_stretchr_testify//require",
    ],
--- a/internal/api/attestationconfigapi/cli/delete.go
+++ b/internal/api/attestationconfigapi/cli/delete.go
@ -73,12 +73,12 @@ func runDelete(cmd *cobra.Command, _ []string) (retErr error) {
 	if err != nil {
 		return fmt.Errorf("getting testing flag: %w", err)
 	}
-	_, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	cfg := staticupload.Config{
 		Bucket:         bucket,
 		Region:         region,
-		DistributionID: distribution,
+		DistributionID: apiCfg.distribution,
 	}
 	client, clientClose, err := attestationconfigapi.NewClient(cmd.Context(), cfg,
 		[]byte(cosignPwd), []byte(privateKey), false, 1, log)
@ -113,13 +113,13 @@ func runRecursiveDelete(cmd *cobra.Command, _ []string) (retErr error) {
 	if err != nil {
 		return fmt.Errorf("getting testing flag: %w", err)
 	}
-	_, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi")
 	client, closeFn, err := staticupload.New(cmd.Context(), staticupload.Config{
 		Bucket:         bucket,
 		Region:         region,
-		DistributionID: distribution,
+		DistributionID: apiCfg.distribution,
 	}, log)
 	if err != nil {
 		return fmt.Errorf("create static upload client: %w", err)
--- a/internal/api/attestationconfigapi/cli/e2e/test.sh.in
+++ b/internal/api/attestationconfigapi/cli/e2e/test.sh.in
@ -31,53 +31,95 @@ registerExitHandler "rm -rf $tmpdir"
 ${configapi_cli} delete recursive --region "$region" --bucket "$bucket"

 # the high version numbers ensure that it's newer than the current latest value
-readonly current_claim_path="$tmpdir/currentMaaClaim.json"
-cat << EOF > "$current_claim_path"
+readonly current_report_path="$tmpdir/currentSnpReport.json"
+cat << EOF > "$current_report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 1,
-    "x-ms-sevsnpvm-snpfw-svn": 1,
-    "x-ms-sevsnpvm-microcode-svn": 1,
-    "x-ms-sevsnpvm-bootloader-svn": 1
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    },
+    "committed_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    },
+    "launch_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    }
  }
 }
 EOF
 # upload a fake latest version for the fetcher
-${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"
+${configapi_cli} --force --snp-report-path "$current_report_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"

 # the high version numbers ensure that it's newer than the current latest value
-readonly claim_path="$tmpdir/maaClaim.json"
-cat << EOF > "$claim_path"
+readonly report_path="$tmpdir/snpReport.json"
+cat << EOF > "$report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 255,
-    "x-ms-sevsnpvm-snpfw-svn": 255,
-    "x-ms-sevsnpvm-microcode-svn": 255,
-    "x-ms-sevsnpvm-bootloader-svn": 255
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    },
+    "committed_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    },
+    "launch_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    }
  }
 }
 EOF

 # has an older version
-readonly older_claim_path="$tmpdir/maaClaimOld.json"
-cat << EOF > "$older_claim_path"
+readonly older_report_path="$tmpdir/snpReportOld.json"
+cat << EOF > "$older_report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 255,
-    "x-ms-sevsnpvm-snpfw-svn": 255,
-    "x-ms-sevsnpvm-microcode-svn": 254,
-    "x-ms-sevsnpvm-bootloader-svn": 255
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    },
+    "committed_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    },
+    "launch_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    }
  }
 }
 EOF

 # report 3 versions with different dates to fill the reporter cache
 readonly date_oldest="2023-02-01-03-04"
-${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
 readonly date_older="2023-02-02-03-04"
-${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
 readonly date="2023-02-03-03-04"
-${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$report_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3

 # expect that $date_oldest is served as latest version
 baseurl="https://d33dzgxuwsgbpw.cloudfront.net/constellation/v1/attestation/azure-sev-snp"
--- a/internal/api/attestationconfigapi/cli/main.go
+++ b/internal/api/attestationconfigapi/cli/main.go
@ -15,7 +15,6 @@ Any version update is then pushed to the API.
 package main

 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@ -23,11 +22,13 @@ import (

 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
-	"go.uber.org/zap"
-
+	"github.com/edgelesssys/constellation/v2/internal/verify"
+	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
+	"go.uber.org/zap"
 )

 const (
@ -67,7 +68,7 @@ func newRootCmd() *cobra.Command {
 		PreRunE: envCheck,
 		RunE:    runCmd,
 	}
-	rootCmd.Flags().StringP("maa-claims-path", "t", "", "File path to a json file containing the MAA claims.")
+	rootCmd.Flags().StringP("snp-report-path", "t", "", "File path to a file containing the Constellation verify output.")
 	rootCmd.Flags().StringP("upload-date", "d", "", "upload a version with this date as version name.")
 	rootCmd.Flags().BoolP("force", "f", false, "Use force to manually push a new latest version."+
 		" The version gets saved to the cache but the version selection logic is skipped.")
@ -75,7 +76,7 @@ func newRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().StringP("region", "r", awsRegion, "region of the targeted bucket.")
 	rootCmd.PersistentFlags().StringP("bucket", "b", awsBucket, "bucket targeted by all operations.")
 	rootCmd.PersistentFlags().Bool("testing", false, "upload to S3 test bucket.")
-	must(rootCmd.MarkFlagRequired("maa-claims-path"))
+	must(rootCmd.MarkFlagRequired("snp-report-path"))
 	rootCmd.AddCommand(newDeleteCmd())
 	return rootCmd
 }
@ -104,17 +105,20 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 		DistributionID: flags.distribution,
 	}

-	log.Infof("Reading MAA claims from file: %s", flags.maaFilePath)
-	maaClaimsBytes, err := os.ReadFile(flags.maaFilePath)
-	if err != nil {
-		return fmt.Errorf("reading MAA claims file: %w", err)
+	log.Infof("Reading SNP report from file: %s", flags.snpReportPath)
+
+	fs := file.NewHandler(afero.NewOsFs())
+	var report verify.Report
+	if err := fs.ReadJSON(flags.snpReportPath, &report); err != nil {
+		return fmt.Errorf("reading snp report: %w", err)
 	}
-	var maaTCB maaTokenTCBClaims
-	if err = json.Unmarshal(maaClaimsBytes, &maaTCB); err != nil {
-		return fmt.Errorf("unmarshalling MAA claims file: %w", err)
+	snpReport := report.SNPReport
+	if !allEqual(snpReport.LaunchTCB, snpReport.CommittedTCB, snpReport.ReportedTCB) {
+		return fmt.Errorf("TCB versions are not equal: \nLaunchTCB:%+v\nCommitted TCB:%+v\nReportedTCB:%+v",
+			snpReport.LaunchTCB, snpReport.CommittedTCB, snpReport.ReportedTCB)
 	}
-	inputVersion := maaTCB.ToAzureSEVSNPVersion()
-	log.Infof("Input version: %+v", inputVersion)
+	inputVersion := convertTCBVersionToAzureVersion(snpReport.LaunchTCB)
+	log.Infof("Input report: %+v", inputVersion)

 	client, clientClose, err := attestationconfigapi.NewClient(ctx, cfg,
 		[]byte(cosignPwd), []byte(privateKey), false, flags.cacheWindowSize, log)
@ -129,7 +133,7 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 		return fmt.Errorf("creating client: %w", err)
 	}

-	latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(flags.url, constants.CosignPublicKeyDev).FetchAzureSEVSNPVersionLatest(ctx)
+	latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(flags.url, flags.cosignPublicKey).FetchAzureSEVSNPVersionLatest(ctx)
 	if err != nil {
 		if errors.Is(err, attestationconfigapi.ErrNoVersionsFound) {
 			log.Infof("No versions found in API, but assuming that we are uploading the first version.")
@ -148,9 +152,34 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 	return nil
 }

+func allEqual(args ...verify.TCBVersion) bool {
+	if len(args) < 2 {
+		return true
+	}
+
+	firstArg := args[0]
+	for _, arg := range args[1:] {
+		if arg != firstArg {
+			return false
+		}
+	}
+
+	return true
+}
+
+func convertTCBVersionToAzureVersion(tcb verify.TCBVersion) attestationconfigapi.AzureSEVSNPVersion {
+	return attestationconfigapi.AzureSEVSNPVersion{
+		Bootloader: tcb.Bootloader,
+		TEE:        tcb.TEE,
+		SNP:        tcb.SNP,
+		Microcode:  tcb.Microcode,
+	}
+}
+
 type config struct {
-	maaFilePath     string
+	snpReportPath   string
 	uploadDate      time.Time
+	cosignPublicKey string
 	region          string
 	bucket          string
 	distribution    string
@ -160,7 +189,7 @@ type config struct {
 }

 func parseCliFlags(cmd *cobra.Command) (config, error) {
-	maaFilePath, err := cmd.Flags().GetString("maa-claims-path")
+	snpReportFilePath, err := cmd.Flags().GetString("snp-report-path")
 	if err != nil {
 		return config{}, fmt.Errorf("getting maa claims path: %w", err)
 	}
@ -191,7 +220,7 @@ func parseCliFlags(cmd *cobra.Command) (config, error) {
 	if err != nil {
 		return config{}, fmt.Errorf("getting testing flag: %w", err)
 	}
-	url, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	force, err := cmd.Flags().GetBool("force")
 	if err != nil {
@ -203,41 +232,29 @@ func parseCliFlags(cmd *cobra.Command) (config, error) {
 		return config{}, fmt.Errorf("getting cache window size: %w", err)
 	}
 	return config{
-		maaFilePath:     maaFilePath,
+		snpReportPath:   snpReportFilePath,
 		uploadDate:      uploadDate,
+		cosignPublicKey: apiCfg.cosignPublicKey,
 		region:          region,
 		bucket:          bucket,
-		url:             url,
-		distribution:    distribution,
+		url:             apiCfg.url,
+		distribution:    apiCfg.distribution,
 		force:           force,
 		cacheWindowSize: cacheWindowSize,
 	}, nil
 }

-func getEnvironment(testing bool) (url string, distributionID string) {
+type apiConfig struct {
+	url             string
+	distribution    string
+	cosignPublicKey string
+}
+
+func getAPIEnvironment(testing bool) apiConfig {
 	if testing {
-		return "https://d33dzgxuwsgbpw.cloudfront.net", "ETZGUP1CWRC2P"
-	}
-	return constants.CDNRepositoryURL, constants.CDNDefaultDistributionID
-}
-
-// maaTokenTCBClaims describes the TCB information in a MAA token.
-type maaTokenTCBClaims struct {
-	IsolationTEE struct {
-		TEESvn        uint8 `json:"x-ms-sevsnpvm-tee-svn"`
-		SNPFwSvn      uint8 `json:"x-ms-sevsnpvm-snpfw-svn"`
-		MicrocodeSvn  uint8 `json:"x-ms-sevsnpvm-microcode-svn"`
-		BootloaderSvn uint8 `json:"x-ms-sevsnpvm-bootloader-svn"`
-	} `json:"x-ms-isolation-tee"`
-}
-
-func (c maaTokenTCBClaims) ToAzureSEVSNPVersion() attestationconfigapi.AzureSEVSNPVersion {
-	return attestationconfigapi.AzureSEVSNPVersion{
-		TEE:        c.IsolationTEE.TEESvn,
-		SNP:        c.IsolationTEE.SNPFwSvn,
-		Microcode:  c.IsolationTEE.MicrocodeSvn,
-		Bootloader: c.IsolationTEE.BootloaderSvn,
+		return apiConfig{url: "https://d33dzgxuwsgbpw.cloudfront.net", distribution: "ETZGUP1CWRC2P", cosignPublicKey: constants.CosignPublicKeyDev}
 	}
+	return apiConfig{url: constants.CDNRepositoryURL, distribution: constants.CDNDefaultDistributionID, cosignPublicKey: constants.CosignPublicKeyReleases}
 }

 func must(err error) {
--- a/internal/api/attestationconfigapi/cli/main_test.go
+++ b/internal/api/attestationconfigapi/cli/main_test.go
@ -0,0 +1,32 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package main
+
+import (
+	"testing"
+
+	"github.com/edgelesssys/constellation/v2/internal/verify"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAllEqual(t *testing.T) {
+	// Test case 1: One input arg
+	assert.True(t, allEqual(verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4}), "Expected allEqual to return true for one input arg, but got false")
+
+	// Test case 2: Three input args that are equal
+	assert.True(t, allEqual(
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+	), "Expected allEqual to return true for three equal input args, but got false")
+
+	// Test case 3: Three input args where second and third element are different
+	assert.False(t, allEqual(
+		verify.TCBVersion{Bootloader: 2, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 2, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 2, Microcode: 3, SNP: 3, TEE: 4},
+	), "Expected allEqual to return false for three input args with different second and third elements, but got true")
+}