mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-05-02 06:16:08 -04:00
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429)
This commit is contained in:
Adrian Stobbe
GitHub
parent
0c89f57ac5
commit
5819a11d25
11 changed files with 211 additions and 110 deletions
|
|
@ -31,53 +31,95 @@ registerExitHandler "rm -rf $tmpdir"
|
|||
${configapi_cli} delete recursive --region "$region" --bucket "$bucket"
|
||||
|
||||
# the high version numbers ensure that it's newer than the current latest value
|
||||
readonly current_claim_path="$tmpdir/currentMaaClaim.json"
|
||||
cat << EOF > "$current_claim_path"
|
||||
readonly current_report_path="$tmpdir/currentSnpReport.json"
|
||||
cat << EOF > "$current_report_path"
|
||||
{
|
||||
"x-ms-isolation-tee": {
|
||||
"x-ms-sevsnpvm-tee-svn": 1,
|
||||
"x-ms-sevsnpvm-snpfw-svn": 1,
|
||||
"x-ms-sevsnpvm-microcode-svn": 1,
|
||||
"x-ms-sevsnpvm-bootloader-svn": 1
|
||||
"snp_report": {
|
||||
"reported_tcb": {
|
||||
"bootloader": 1,
|
||||
"tee": 1,
|
||||
"snp": 1,
|
||||
"microcode": 1
|
||||
},
|
||||
"committed_tcb": {
|
||||
"bootloader": 1,
|
||||
"tee": 1,
|
||||
"snp": 1,
|
||||
"microcode": 1
|
||||
},
|
||||
"launch_tcb": {
|
||||
"bootloader": 1,
|
||||
"tee": 1,
|
||||
"snp": 1,
|
||||
"microcode": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
# upload a fake latest version for the fetcher
|
||||
${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"
|
||||
${configapi_cli} --force --snp-report-path "$current_report_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"
|
||||
|
||||
# the high version numbers ensure that it's newer than the current latest value
|
||||
readonly claim_path="$tmpdir/maaClaim.json"
|
||||
cat << EOF > "$claim_path"
|
||||
readonly report_path="$tmpdir/snpReport.json"
|
||||
cat << EOF > "$report_path"
|
||||
{
|
||||
"x-ms-isolation-tee": {
|
||||
"x-ms-sevsnpvm-tee-svn": 255,
|
||||
"x-ms-sevsnpvm-snpfw-svn": 255,
|
||||
"x-ms-sevsnpvm-microcode-svn": 255,
|
||||
"x-ms-sevsnpvm-bootloader-svn": 255
|
||||
"snp_report": {
|
||||
"reported_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 255
|
||||
},
|
||||
"committed_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 255
|
||||
},
|
||||
"launch_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 255
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# has an older version
|
||||
readonly older_claim_path="$tmpdir/maaClaimOld.json"
|
||||
cat << EOF > "$older_claim_path"
|
||||
readonly older_report_path="$tmpdir/snpReportOld.json"
|
||||
cat << EOF > "$older_report_path"
|
||||
{
|
||||
"x-ms-isolation-tee": {
|
||||
"x-ms-sevsnpvm-tee-svn": 255,
|
||||
"x-ms-sevsnpvm-snpfw-svn": 255,
|
||||
"x-ms-sevsnpvm-microcode-svn": 254,
|
||||
"x-ms-sevsnpvm-bootloader-svn": 255
|
||||
"snp_report": {
|
||||
"reported_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 254
|
||||
},
|
||||
"committed_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 254
|
||||
},
|
||||
"launch_tcb": {
|
||||
"bootloader": 255,
|
||||
"tee": 255,
|
||||
"snp": 255,
|
||||
"microcode": 254
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
# report 3 versions with different dates to fill the reporter cache
|
||||
readonly date_oldest="2023-02-01-03-04"
|
||||
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
readonly date_older="2023-02-02-03-04"
|
||||
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
readonly date="2023-02-03-03-04"
|
||||
${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
${configapi_cli} --snp-report-path "$report_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3
|
||||
|
||||
# expect that $date_oldest is served as latest version
|
||||
baseurl="https://d33dzgxuwsgbpw.cloudfront.net/constellation/v1/attestation/azure-sev-snp"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue