Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-24 06:11:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

ci: separate PCR0 value for aws-sev-snp variant (#2100)

Browse Source 
Co-authored-by: Malte Poll <mp@edgeless.systems>
This commit is contained in:
Otto Bittner 2023-07-13 11:37:47 +02:00 committed by GitHub
parent e4a6d4b4fa
commit 6ed8fce6b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/build-os-image.yml vendored
View File

@ -608,8 +608,6 @@ jobs:
.measurements.4.warnOnly = false | .measurements.4.warnOnly = false |
.measurements.6.warnOnly = true | .measurements.6.warnOnly = true |
.measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" | .measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
.measurements.7.warnOnly = true |
.measurements.7.expected = "fb71e5e55cefba9e2b396d17604de0fe6e1841a76758856a120833e3ad1c40a3" |
.measurements.8.warnOnly = false | .measurements.8.warnOnly = false |
.measurements.9.warnOnly = false | .measurements.9.warnOnly = false |
.measurements.11.warnOnly = false | .measurements.11.warnOnly = false |
@ -630,8 +628,6 @@ jobs:
.measurements.3.warnOnly = true | .measurements.3.warnOnly = true |
.measurements.3.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" | .measurements.3.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
.measurements.4.warnOnly = false | .measurements.4.warnOnly = false |
.measurements.7.warnOnly = true |
.measurements.7.expected = "346547a8ce5957af27e552427d6b9e6d9cb502f0156e9155380451eea1b3f0ed" |
.measurements.8.warnOnly = false | .measurements.8.warnOnly = false |
.measurements.9.warnOnly = false | .measurements.9.warnOnly = false |
.measurements.11.warnOnly = false | .measurements.11.warnOnly = false |
@ -654,8 +650,6 @@ jobs:
.measurements.4.warnOnly = false | .measurements.4.warnOnly = false |
.measurements.6.warnOnly = true | .measurements.6.warnOnly = true |
.measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" | .measurements.6.expected = "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969" |
.measurements.7.warnOnly = true |
.measurements.7.expected = "a1d193dbfc3da1a5e93fe7b1384427fb78feeffcb06675a0cf840ec99406f237" |
.measurements.8.warnOnly = false | .measurements.8.warnOnly = false |
.measurements.9.warnOnly = false | .measurements.9.warnOnly = false |
.measurements.11.warnOnly = false | .measurements.11.warnOnly = false |
@ -696,6 +690,15 @@ jobs:
;; ;;
esac esac
# TODO (malt3): Calculate PCR from firmware blob.
# AWS SNP machines have a different expected value for PCR 0.
if [[ ${{ matrix.attestation_variant }} = "aws-sev-snp" ]]
then
yq e '.csp = "AWS" |
.measurements.0.expected = "7b068c0c3ac29afe264134536b9be26f1d4ccd575b88d3c3ceabf36ac99c0278"' \
-I 0 -o json -i "${{ github.workspace }}/pcrs-${{ matrix.csp }}-${{ matrix.attestation_variant }}.json"
fi
- name: Envelope measurements - name: Envelope measurements
shell: bash shell: bash
run: | run: |