api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429)

2024-09-19 15:56:03 +00:00 · 2023-10-17 17:36:50 +02:00 · 2023-10-17 17:36:50 +02:00 · 5819a11d25
commit 5819a11d25
parent 0c89f57ac5
11 changed files with 211 additions and 110 deletions
--- a/.github/actions/e2e_verify/action.yml
+++ b/.github/actions/e2e_verify/action.yml
@ -66,18 +66,14 @@ runs:
          forwarderPID=$!
          sleep 5

-          verifyOut=$(constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090)
-
-          kill $forwarderPID
-
-          if [[ ${{ inputs.cloudProvider }} != "azure" ]]; then
-            continue
+          if [[ ${{ inputs.cloudProvider }} == "azure" ]]; then
+            echo "Extracting Azure TCB versions for API update"
+            constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
+          else
+            constellation verify --cluster-id "${clusterID}" --force --node-endpoint localhost:9090
          fi

-          echo "Extracting TCB versions for API update"
-          startMAAToken="Microsoft Azure Attestation Token:"
-          endMAAToken="Verification OK"
-          sed -n "/${startMAAToken}/,/${endMAAToken}/ { /${startMAAToken}/d; /${endMAAToken}/d; p }" <<< "${verifyOut}" > "maa-claims-${node}.json"
+          kill $forwarderPID
        done

    - name: Login to AWS
@ -94,8 +90,8 @@ runs:
        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
      run: |
-        for file in $(ls maa-claims-*.json); do
+        for file in $(ls snp-report-*.json); do
          path=$(realpath "${file}")
          cat "${path}"
-          bazel run //internal/api/attestationconfigapi/cli -- --maa-claims-path "${path}"
+          bazel run //internal/api/attestationconfigapi/cli -- --snp-report-path "${path}"
        done
--- a/bazel/toolchains/go_module_deps.bzl
+++ b/bazel/toolchains/go_module_deps.bzl
@ -2480,8 +2480,9 @@ def go_dependencies():
        build_file_generation = "on",
        build_file_proto_mode = "disable_global",
        importpath = "github.com/google/go-sev-guest",
-        sum = "h1:XlvpFmmyMGvXmCIBTScYt7AX3ClvW8gfFN3SBCRVuKY=",
-        version = "v0.9.1",
+        replace = "github.com/google/go-sev-guest",
+        sum = "h1:6o4Z/vQqNUH+cEagfx1Ez5ElK70iZulEXZwmLnRo44I=",
+        version = "v0.0.0-20230928233922-2dcbba0a4b9d",
    )
    go_repository(
        name = "com_github_google_go_tdx_guest",
--- a/cli/internal/cmd/verify.go
+++ b/cli/internal/cmd/verify.go
@ -712,18 +712,26 @@ func newCertificates(certTypeName string, cert []byte, log debugLog) (certs []ve
 			if err != nil {
 				return certs, fmt.Errorf("parsing VCEK certificate extensions: %w", err)
 			}
+			certPEM := pem.EncodeToMemory(&pem.Block{
+				Type:  "CERTIFICATE",
+				Bytes: cert.Raw,
+			})
 			certs = append(certs, verify.Certificate{
-				Certificate:   cert,
-				CertTypeName:  certTypeName,
-				StructVersion: vcekExts.StructVersion,
-				ProductName:   vcekExts.ProductName,
-				TCBVersion:    newTCBVersion(vcekExts.TCBVersion),
-				HardwareID:    vcekExts.HWID,
+				CertificatePEM: string(certPEM),
+				CertTypeName:   certTypeName,
+				StructVersion:  vcekExts.StructVersion,
+				ProductName:    vcekExts.ProductName,
+				TCBVersion:     newTCBVersion(vcekExts.TCBVersion),
+				HardwareID:     vcekExts.HWID,
 			})
 		} else {
+			certPEM := pem.EncodeToMemory(&pem.Block{
+				Type:  "CERTIFICATE",
+				Bytes: cert.Raw,
+			})
 			certs = append(certs, verify.Certificate{
-				Certificate:  cert,
-				CertTypeName: certTypeName,
+				CertificatePEM: string(certPEM),
+				CertTypeName:   certTypeName,
 			})
 		}
 		i++
@ -783,7 +791,7 @@ func newSNPReport(reportBytes []byte) (res verify.SNPReport, err error) {
 		SignerInfo: verify.SignerInfo{
 			AuthorKey:   signerInfo.AuthorKeyEn,
 			MaskChipKey: signerInfo.MaskChipKey,
-			SigningKey:  signerInfo.SigningKey,
+			SigningKey:  signerInfo.SigningKey.String(),
 		},
 		ReportData:      report.ReportData,
 		Measurement:     report.Measurement,
--- a/go.mod
+++ b/go.mod
@ -33,6 +33,7 @@ replace (

 replace (
 	github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api => ./operators/constellation-node-operator/api
+	github.com/google/go-sev-guest => github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d
 	github.com/google/go-tpm => github.com/thomasten/go-tpm v0.0.0-20230629092004-f43f8e2a59eb
 	github.com/google/go-tpm-tools => github.com/msanft/go-tpm-tools v0.0.0-20231009082622-266280269413
 	github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c
--- a/go.sum
+++ b/go.sum
@ -574,8 +574,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
 github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
-github.com/google/go-sev-guest v0.9.1 h1:XlvpFmmyMGvXmCIBTScYt7AX3ClvW8gfFN3SBCRVuKY=
-github.com/google/go-sev-guest v0.9.1/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs=
+github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d h1:6o4Z/vQqNUH+cEagfx1Ez5ElK70iZulEXZwmLnRo44I=
+github.com/google/go-sev-guest v0.0.0-20230928233922-2dcbba0a4b9d/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs=
 github.com/google/go-tdx-guest v0.2.2 h1:MgHcWLCEHVpqR0LXxtgJq2uG0oNNszV8+5XYtKs7+Yg=
 github.com/google/go-tdx-guest v0.2.2/go.mod h1:a8EIh1l5x7jmIrrOuH//xWn6y4Sk4yupwmMcJE006RI=
 github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=
--- a/internal/api/attestationconfigapi/cli/BUILD.bazel
+++ b/internal/api/attestationconfigapi/cli/BUILD.bazel
@ -19,11 +19,14 @@ go_library(
    deps = [
        "//internal/api/attestationconfigapi",
        "//internal/constants",
+        "//internal/file",
        "//internal/logger",
        "//internal/staticupload",
+        "//internal/verify",
        "@com_github_aws_aws_sdk_go//aws",
        "@com_github_aws_aws_sdk_go_v2_service_s3//:s3",
        "@com_github_aws_aws_sdk_go_v2_service_s3//types",
+        "@com_github_spf13_afero//:afero",
        "@com_github_spf13_cobra//:cobra",
        "@org_uber_go_zap//:zap",
    ],
@ -31,9 +34,13 @@ go_library(

 go_test(
    name = "cli_test",
-    srcs = ["delete_test.go"],
+    srcs = [
+        "delete_test.go",
+        "main_test.go",
+    ],
    embed = [":cli_lib"],
    deps = [
+        "//internal/verify",
        "@com_github_stretchr_testify//assert",
        "@com_github_stretchr_testify//require",
    ],
--- a/internal/api/attestationconfigapi/cli/delete.go
+++ b/internal/api/attestationconfigapi/cli/delete.go
@ -73,12 +73,12 @@ func runDelete(cmd *cobra.Command, _ []string) (retErr error) {
 	if err != nil {
 		return fmt.Errorf("getting testing flag: %w", err)
 	}
-	_, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	cfg := staticupload.Config{
 		Bucket:         bucket,
 		Region:         region,
-		DistributionID: distribution,
+		DistributionID: apiCfg.distribution,
 	}
 	client, clientClose, err := attestationconfigapi.NewClient(cmd.Context(), cfg,
 		[]byte(cosignPwd), []byte(privateKey), false, 1, log)
@ -113,13 +113,13 @@ func runRecursiveDelete(cmd *cobra.Command, _ []string) (retErr error) {
 	if err != nil {
 		return fmt.Errorf("getting testing flag: %w", err)
 	}
-	_, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi")
 	client, closeFn, err := staticupload.New(cmd.Context(), staticupload.Config{
 		Bucket:         bucket,
 		Region:         region,
-		DistributionID: distribution,
+		DistributionID: apiCfg.distribution,
 	}, log)
 	if err != nil {
 		return fmt.Errorf("create static upload client: %w", err)
--- a/internal/api/attestationconfigapi/cli/e2e/test.sh.in
+++ b/internal/api/attestationconfigapi/cli/e2e/test.sh.in
@ -31,53 +31,95 @@ registerExitHandler "rm -rf $tmpdir"
 ${configapi_cli} delete recursive --region "$region" --bucket "$bucket"

 # the high version numbers ensure that it's newer than the current latest value
-readonly current_claim_path="$tmpdir/currentMaaClaim.json"
-cat << EOF > "$current_claim_path"
+readonly current_report_path="$tmpdir/currentSnpReport.json"
+cat << EOF > "$current_report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 1,
-    "x-ms-sevsnpvm-snpfw-svn": 1,
-    "x-ms-sevsnpvm-microcode-svn": 1,
-    "x-ms-sevsnpvm-bootloader-svn": 1
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    },
+    "committed_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    },
+    "launch_tcb": {
+      "bootloader": 1,
+      "tee": 1,
+      "snp": 1,
+      "microcode": 1
+    }
  }
 }
 EOF
 # upload a fake latest version for the fetcher
-${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"
+${configapi_cli} --force --snp-report-path "$current_report_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"

 # the high version numbers ensure that it's newer than the current latest value
-readonly claim_path="$tmpdir/maaClaim.json"
-cat << EOF > "$claim_path"
+readonly report_path="$tmpdir/snpReport.json"
+cat << EOF > "$report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 255,
-    "x-ms-sevsnpvm-snpfw-svn": 255,
-    "x-ms-sevsnpvm-microcode-svn": 255,
-    "x-ms-sevsnpvm-bootloader-svn": 255
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    },
+    "committed_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    },
+    "launch_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 255
+    }
  }
 }
 EOF

 # has an older version
-readonly older_claim_path="$tmpdir/maaClaimOld.json"
-cat << EOF > "$older_claim_path"
+readonly older_report_path="$tmpdir/snpReportOld.json"
+cat << EOF > "$older_report_path"
 {
-  "x-ms-isolation-tee": {
-    "x-ms-sevsnpvm-tee-svn": 255,
-    "x-ms-sevsnpvm-snpfw-svn": 255,
-    "x-ms-sevsnpvm-microcode-svn": 254,
-    "x-ms-sevsnpvm-bootloader-svn": 255
+  "snp_report": {
+    "reported_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    },
+    "committed_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    },
+    "launch_tcb": {
+      "bootloader": 255,
+      "tee": 255,
+      "snp": 255,
+      "microcode": 254
+    }
  }
 }
 EOF

 # report 3 versions with different dates to fill the reporter cache
 readonly date_oldest="2023-02-01-03-04"
-${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
 readonly date_older="2023-02-02-03-04"
-${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$older_report_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
 readonly date="2023-02-03-03-04"
-${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3
+${configapi_cli} --snp-report-path "$report_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3

 # expect that $date_oldest is served as latest version
 baseurl="https://d33dzgxuwsgbpw.cloudfront.net/constellation/v1/attestation/azure-sev-snp"
--- a/internal/api/attestationconfigapi/cli/main.go
+++ b/internal/api/attestationconfigapi/cli/main.go
@ -15,7 +15,6 @@ Any version update is then pushed to the API.
 package main

 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@ -23,11 +22,13 @@ import (

 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
-	"go.uber.org/zap"
-
+	"github.com/edgelesssys/constellation/v2/internal/verify"
+	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
+	"go.uber.org/zap"
 )

 const (
@ -67,7 +68,7 @@ func newRootCmd() *cobra.Command {
 		PreRunE: envCheck,
 		RunE:    runCmd,
 	}
-	rootCmd.Flags().StringP("maa-claims-path", "t", "", "File path to a json file containing the MAA claims.")
+	rootCmd.Flags().StringP("snp-report-path", "t", "", "File path to a file containing the Constellation verify output.")
 	rootCmd.Flags().StringP("upload-date", "d", "", "upload a version with this date as version name.")
 	rootCmd.Flags().BoolP("force", "f", false, "Use force to manually push a new latest version."+
 		" The version gets saved to the cache but the version selection logic is skipped.")
@ -75,7 +76,7 @@ func newRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().StringP("region", "r", awsRegion, "region of the targeted bucket.")
 	rootCmd.PersistentFlags().StringP("bucket", "b", awsBucket, "bucket targeted by all operations.")
 	rootCmd.PersistentFlags().Bool("testing", false, "upload to S3 test bucket.")
-	must(rootCmd.MarkFlagRequired("maa-claims-path"))
+	must(rootCmd.MarkFlagRequired("snp-report-path"))
 	rootCmd.AddCommand(newDeleteCmd())
 	return rootCmd
 }
@ -104,17 +105,20 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 		DistributionID: flags.distribution,
 	}

-	log.Infof("Reading MAA claims from file: %s", flags.maaFilePath)
-	maaClaimsBytes, err := os.ReadFile(flags.maaFilePath)
-	if err != nil {
-		return fmt.Errorf("reading MAA claims file: %w", err)
+	log.Infof("Reading SNP report from file: %s", flags.snpReportPath)
+
+	fs := file.NewHandler(afero.NewOsFs())
+	var report verify.Report
+	if err := fs.ReadJSON(flags.snpReportPath, &report); err != nil {
+		return fmt.Errorf("reading snp report: %w", err)
 	}
-	var maaTCB maaTokenTCBClaims
-	if err = json.Unmarshal(maaClaimsBytes, &maaTCB); err != nil {
-		return fmt.Errorf("unmarshalling MAA claims file: %w", err)
+	snpReport := report.SNPReport
+	if !allEqual(snpReport.LaunchTCB, snpReport.CommittedTCB, snpReport.ReportedTCB) {
+		return fmt.Errorf("TCB versions are not equal: \nLaunchTCB:%+v\nCommitted TCB:%+v\nReportedTCB:%+v",
+			snpReport.LaunchTCB, snpReport.CommittedTCB, snpReport.ReportedTCB)
 	}
-	inputVersion := maaTCB.ToAzureSEVSNPVersion()
-	log.Infof("Input version: %+v", inputVersion)
+	inputVersion := convertTCBVersionToAzureVersion(snpReport.LaunchTCB)
+	log.Infof("Input report: %+v", inputVersion)

 	client, clientClose, err := attestationconfigapi.NewClient(ctx, cfg,
 		[]byte(cosignPwd), []byte(privateKey), false, flags.cacheWindowSize, log)
@ -129,7 +133,7 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 		return fmt.Errorf("creating client: %w", err)
 	}

-	latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(flags.url, constants.CosignPublicKeyDev).FetchAzureSEVSNPVersionLatest(ctx)
+	latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(flags.url, flags.cosignPublicKey).FetchAzureSEVSNPVersionLatest(ctx)
 	if err != nil {
 		if errors.Is(err, attestationconfigapi.ErrNoVersionsFound) {
 			log.Infof("No versions found in API, but assuming that we are uploading the first version.")
@ -148,9 +152,34 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 	return nil
 }

+func allEqual(args ...verify.TCBVersion) bool {
+	if len(args) < 2 {
+		return true
+	}
+
+	firstArg := args[0]
+	for _, arg := range args[1:] {
+		if arg != firstArg {
+			return false
+		}
+	}
+
+	return true
+}
+
+func convertTCBVersionToAzureVersion(tcb verify.TCBVersion) attestationconfigapi.AzureSEVSNPVersion {
+	return attestationconfigapi.AzureSEVSNPVersion{
+		Bootloader: tcb.Bootloader,
+		TEE:        tcb.TEE,
+		SNP:        tcb.SNP,
+		Microcode:  tcb.Microcode,
+	}
+}
+
 type config struct {
-	maaFilePath     string
+	snpReportPath   string
 	uploadDate      time.Time
+	cosignPublicKey string
 	region          string
 	bucket          string
 	distribution    string
@ -160,7 +189,7 @@ type config struct {
 }

 func parseCliFlags(cmd *cobra.Command) (config, error) {
-	maaFilePath, err := cmd.Flags().GetString("maa-claims-path")
+	snpReportFilePath, err := cmd.Flags().GetString("snp-report-path")
 	if err != nil {
 		return config{}, fmt.Errorf("getting maa claims path: %w", err)
 	}
@ -191,7 +220,7 @@ func parseCliFlags(cmd *cobra.Command) (config, error) {
 	if err != nil {
 		return config{}, fmt.Errorf("getting testing flag: %w", err)
 	}
-	url, distribution := getEnvironment(testing)
+	apiCfg := getAPIEnvironment(testing)

 	force, err := cmd.Flags().GetBool("force")
 	if err != nil {
@ -203,41 +232,29 @@ func parseCliFlags(cmd *cobra.Command) (config, error) {
 		return config{}, fmt.Errorf("getting cache window size: %w", err)
 	}
 	return config{
-		maaFilePath:     maaFilePath,
+		snpReportPath:   snpReportFilePath,
 		uploadDate:      uploadDate,
+		cosignPublicKey: apiCfg.cosignPublicKey,
 		region:          region,
 		bucket:          bucket,
-		url:             url,
-		distribution:    distribution,
+		url:             apiCfg.url,
+		distribution:    apiCfg.distribution,
 		force:           force,
 		cacheWindowSize: cacheWindowSize,
 	}, nil
 }

-func getEnvironment(testing bool) (url string, distributionID string) {
+type apiConfig struct {
+	url             string
+	distribution    string
+	cosignPublicKey string
+}
+
+func getAPIEnvironment(testing bool) apiConfig {
 	if testing {
-		return "https://d33dzgxuwsgbpw.cloudfront.net", "ETZGUP1CWRC2P"
-	}
-	return constants.CDNRepositoryURL, constants.CDNDefaultDistributionID
-}
-
-// maaTokenTCBClaims describes the TCB information in a MAA token.
-type maaTokenTCBClaims struct {
-	IsolationTEE struct {
-		TEESvn        uint8 `json:"x-ms-sevsnpvm-tee-svn"`
-		SNPFwSvn      uint8 `json:"x-ms-sevsnpvm-snpfw-svn"`
-		MicrocodeSvn  uint8 `json:"x-ms-sevsnpvm-microcode-svn"`
-		BootloaderSvn uint8 `json:"x-ms-sevsnpvm-bootloader-svn"`
-	} `json:"x-ms-isolation-tee"`
-}
-
-func (c maaTokenTCBClaims) ToAzureSEVSNPVersion() attestationconfigapi.AzureSEVSNPVersion {
-	return attestationconfigapi.AzureSEVSNPVersion{
-		TEE:        c.IsolationTEE.TEESvn,
-		SNP:        c.IsolationTEE.SNPFwSvn,
-		Microcode:  c.IsolationTEE.MicrocodeSvn,
-		Bootloader: c.IsolationTEE.BootloaderSvn,
+		return apiConfig{url: "https://d33dzgxuwsgbpw.cloudfront.net", distribution: "ETZGUP1CWRC2P", cosignPublicKey: constants.CosignPublicKeyDev}
 	}
+	return apiConfig{url: constants.CDNRepositoryURL, distribution: constants.CDNDefaultDistributionID, cosignPublicKey: constants.CosignPublicKeyReleases}
 }

 func must(err error) {
--- a/internal/api/attestationconfigapi/cli/main_test.go
+++ b/internal/api/attestationconfigapi/cli/main_test.go
@ -0,0 +1,32 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package main
+
+import (
+	"testing"
+
+	"github.com/edgelesssys/constellation/v2/internal/verify"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAllEqual(t *testing.T) {
+	// Test case 1: One input arg
+	assert.True(t, allEqual(verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4}), "Expected allEqual to return true for one input arg, but got false")
+
+	// Test case 2: Three input args that are equal
+	assert.True(t, allEqual(
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 1, Microcode: 2, SNP: 3, TEE: 4},
+	), "Expected allEqual to return true for three equal input args, but got false")
+
+	// Test case 3: Three input args where second and third element are different
+	assert.False(t, allEqual(
+		verify.TCBVersion{Bootloader: 2, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 2, Microcode: 2, SNP: 3, TEE: 4},
+		verify.TCBVersion{Bootloader: 2, Microcode: 3, SNP: 3, TEE: 4},
+	), "Expected allEqual to return false for three input args with different second and third elements, but got true")
+}
--- a/internal/verify/verify.go
+++ b/internal/verify/verify.go
@ -13,9 +13,6 @@ the attestationconfigapi upload tool through JSON serialization.
 package verify

 import (
-	"crypto/x509"
-	"fmt"
-
 	"github.com/golang-jwt/jwt/v5"
 )

@ -29,12 +26,12 @@ type Report struct {

 // Certificate contains the certificate data and additional information.
 type Certificate struct {
-	*x509.Certificate `json:"certificate"`
-	CertTypeName      string     `json:"cert_type_name"`
-	StructVersion     uint8      `json:"struct_version"`
-	ProductName       string     `json:"product_name"`
-	HardwareID        []byte     `json:"hardware_id"`
-	TCBVersion        TCBVersion `json:"tcb_version"`
+	CertificatePEM string     `json:"certificate"`
+	CertTypeName   string     `json:"cert_type_name"`
+	StructVersion  uint8      `json:"struct_version"`
+	ProductName    string     `json:"product_name"`
+	HardwareID     []byte     `json:"hardware_id"`
+	TCBVersion     TCBVersion `json:"tcb_version"`
 }

 // TCBVersion contains the TCB version data.
@ -57,9 +54,9 @@ type PlatformInfo struct {

 // SignerInfo contains the signer information.
 type SignerInfo struct {
-	AuthorKey   bool         `json:"author_key_en"`
-	MaskChipKey bool         `json:"mask_chip_key"`
-	SigningKey  fmt.Stringer `json:"signing_key"`
+	AuthorKey   bool   `json:"author_key_en"`
+	MaskChipKey bool   `json:"mask_chip_key"`
+	SigningKey  string `json:"signing_key"`
 }

 // SNPReport contains the SNP report data.