From 6ed8fce6b0fae3f55a25c82d984c00b9ebd34dd1 Mon Sep 17 00:00:00 2001
From: Otto Bittner <cobittner@posteo.net>
Date: Thu, 13 Jul 2023 11:37:47 +0200
Subject: [PATCH] ci: separate PCR0 value for aws-sev-snp variant (#2100)

Co-authored-by: Malte Poll <mp@edgeless.systems>
---
 .github/workflows/build-os-image.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index 8b5a5822c..8c54ee65a 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -608,8 +608,6 @@ jobs:
                 .measurements.4.warnOnly = false |
                 .measurements.6.warnOnly = true |
                 .measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
-                .measurements.7.warnOnly = true |
-                .measurements.7.expected = "fb71e5e55cefba9e2b396d17604de0fe6e1841a76758856a120833e3ad1c40a3" |
                 .measurements.8.warnOnly = false |
                 .measurements.9.warnOnly = false |
                 .measurements.11.warnOnly = false |
@@ -630,8 +628,6 @@ jobs:
                 .measurements.3.warnOnly = true |
                 .measurements.3.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
                 .measurements.4.warnOnly = false |
-                .measurements.7.warnOnly = true |
-                .measurements.7.expected = "346547a8ce5957af27e552427d6b9e6d9cb502f0156e9155380451eea1b3f0ed" |
                 .measurements.8.warnOnly = false |
                 .measurements.9.warnOnly = false |
                 .measurements.11.warnOnly = false |
@@ -654,8 +650,6 @@ jobs:
                 .measurements.4.warnOnly = false |
                 .measurements.6.warnOnly = true |
                 .measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
-                .measurements.7.warnOnly = true |
-                .measurements.7.expected = "a1d193dbfc3da1a5e93fe7b1384427fb78feeffcb06675a0cf840ec99406f237" |
                 .measurements.8.warnOnly = false |
                 .measurements.9.warnOnly = false |
                 .measurements.11.warnOnly = false |
@@ -696,6 +690,15 @@ jobs:
             ;;
           esac
 
+          # TODO (malt3): Calculate PCR from firmware blob.
+          # AWS SNP machines have a different expected value for PCR 0.
+          if [[ ${{ matrix.attestation_variant }} = "aws-sev-snp" ]]
+          then
+            yq e '.csp = "AWS" |
+                  .measurements.0.expected = "7b068c0c3ac29afe264134536b9be26f1d4ccd575b88d3c3ceabf36ac99c0278"' \
+                  -I 0 -o json -i "${{ github.workspace }}/pcrs-${{ matrix.csp }}-${{ matrix.attestation_variant }}.json"
+          fi
+
       - name: Envelope measurements
         shell: bash
         run: |