attestation: print pcr value of mismatch

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-08-04 14:26:05 +02:00 · 2023-08-04 14:26:05 +02:00 · 5dfa0520ce
commit 5dfa0520ce
parent 70861ee8ad
1 changed files with 10 additions and 2 deletions
--- a/internal/attestation/vtpm/attestation.go
+++ b/internal/attestation/vtpm/attestation.go
@ -222,9 +222,17 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
 	for idx, pcr := range v.expected {
 		if !bytes.Equal(pcr.Expected[:], attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx]) {
 			if pcr.ValidationOpt == measurements.Enforce {
-				return nil, fmt.Errorf("untrusted PCR value at PCR index %d", idx)
+				return nil, fmt.Errorf(
+					"untrusted PCR value %x at index %d",
+					attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx],
+					idx,
+				)
 			}
-			v.log.Warnf("Encountered untrusted PCR value at index %d", idx)
+			v.log.Warnf(
+				"Encountered untrusted PCR value %x at index %d",
+				attDoc.Attestation.Quotes[quoteIdx].Pcrs.Pcrs[idx],
+				idx,
+			)
 		}
 	}