mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-25 07:29:38 -05:00
verify: print VCEK extension values
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
parent
9bc8217fcd
commit
8e7f4cd046
@ -83,6 +83,7 @@ go_library(
|
||||
"//internal/versions",
|
||||
"//operators/constellation-node-operator/api/v1alpha1",
|
||||
"//verify/verifyproto",
|
||||
"@com_github_google_go_sev_guest//kds",
|
||||
"@com_github_google_uuid//:uuid",
|
||||
"@com_github_mattn_go_isatty//:go-isatty",
|
||||
"@com_github_siderolabs_talos_pkg_machinery//config/encoder",
|
||||
|
@ -30,6 +30,7 @@ import (
|
||||
"github.com/edgelesssys/constellation/v2/internal/file"
|
||||
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
|
||||
"github.com/edgelesssys/constellation/v2/verify/verifyproto"
|
||||
"github.com/google/go-sev-guest/kds"
|
||||
"github.com/spf13/afero"
|
||||
"github.com/spf13/cobra"
|
||||
"google.golang.org/grpc"
|
||||
@ -317,6 +318,28 @@ func (f *attestationDocFormatterImpl) parseCerts(b *strings.Builder, certTypeNam
|
||||
b.WriteString(fmt.Sprintf("\t\tSignature Algorithm: %s\n", cert.SignatureAlgorithm))
|
||||
b.WriteString(fmt.Sprintf("\t\tPublic Key Algorithm: %s\n", cert.PublicKeyAlgorithm))
|
||||
|
||||
if certTypeName == "VCEK certificate" {
|
||||
// Extensions documented in Table 8 and Table 9 of
|
||||
// https://www.amd.com/system/files/TechDocs/57230.pdf
|
||||
vcekExts, err := kds.VcekCertificateExtensions(cert)
|
||||
if err != nil {
|
||||
return fmt.Errorf("parsing VCEK certificate extensions: %w", err)
|
||||
}
|
||||
|
||||
b.WriteString(fmt.Sprintf("\t\tStruct version: %d\n", vcekExts.StructVersion))
|
||||
b.WriteString(fmt.Sprintf("\t\tProduct name: %s\n", vcekExts.ProductName))
|
||||
tcb := kds.DecomposeTCBVersion(vcekExts.TCBVersion)
|
||||
b.WriteString(fmt.Sprintf("\t\tSecure Processor bootloader SVN: %d\n", tcb.BlSpl))
|
||||
b.WriteString(fmt.Sprintf("\t\tSecure Processor operating system SVN: %d\n", tcb.TeeSpl))
|
||||
b.WriteString(fmt.Sprintf("\t\tSVN 4 (reserved): %d\n", tcb.Spl4))
|
||||
b.WriteString(fmt.Sprintf("\t\tSVN 5 (reserved): %d\n", tcb.Spl5))
|
||||
b.WriteString(fmt.Sprintf("\t\tSVN 6 (reserved): %d\n", tcb.Spl6))
|
||||
b.WriteString(fmt.Sprintf("\t\tSVN 7 (reserved): %d\n", tcb.Spl7))
|
||||
b.WriteString(fmt.Sprintf("\t\tSEV-SNP firmware SVN: %d\n", tcb.SnpSpl))
|
||||
b.WriteString(fmt.Sprintf("\t\tMicrocode SVN: %d\n", tcb.UcodeSpl))
|
||||
b.WriteString(fmt.Sprintf("\t\tHardware ID: %#x\n", vcekExts.HWID))
|
||||
}
|
||||
|
||||
i++
|
||||
}
|
||||
|
||||
|
2
go.mod
2
go.mod
@ -232,7 +232,7 @@ require (
|
||||
github.com/google/go-attestation v0.5.0 // indirect
|
||||
github.com/google/go-cmp v0.5.9 // indirect
|
||||
github.com/google/go-containerregistry v0.15.2 // indirect
|
||||
github.com/google/go-sev-guest v0.6.1 // indirect
|
||||
github.com/google/go-sev-guest v0.6.1
|
||||
github.com/google/go-tspi v0.3.0 // indirect
|
||||
github.com/google/gofuzz v1.2.0 // indirect
|
||||
github.com/google/logger v1.1.1 // indirect
|
||||
|
Loading…
Reference in New Issue
Block a user