Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

verify: print VCEK extension values

Browse Source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2023-07-25 17:36:06 +02:00
parent 9bc8217fcd
commit 8e7f4cd046
3 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cli/internal/cmd/BUILD.bazel
View File

@ -83,6 +83,7 @@ go_library(
"//internal/versions",
"//operators/constellation-node-operator/api/v1alpha1",
"//verify/verifyproto",
"@com_github_google_go_sev_guest//kds",
"@com_github_google_uuid//:uuid",
"@com_github_mattn_go_isatty//:go-isatty",
"@com_github_siderolabs_talos_pkg_machinery//config/encoder",

23
cli/internal/cmd/verify.go
View File

@ -30,6 +30,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
"github.com/edgelesssys/constellation/v2/verify/verifyproto"
"github.com/google/go-sev-guest/kds"
"github.com/spf13/afero"
"github.com/spf13/cobra"
"google.golang.org/grpc"
@ -317,6 +318,28 @@ func (f *attestationDocFormatterImpl) parseCerts(b *strings.Builder, certTypeNam
b.WriteString(fmt.Sprintf("\t\tSignature Algorithm: %s\n", cert.SignatureAlgorithm))
b.WriteString(fmt.Sprintf("\t\tPublic Key Algorithm: %s\n", cert.PublicKeyAlgorithm))
if certTypeName == "VCEK certificate" {
// Extensions documented in Table 8 and Table 9 of
// https://www.amd.com/system/files/TechDocs/57230.pdf
vcekExts, err := kds.VcekCertificateExtensions(cert)
if err != nil {
return fmt.Errorf("parsing VCEK certificate extensions: %w", err)
}
b.WriteString(fmt.Sprintf("\t\tStruct version: %d\n", vcekExts.StructVersion))
b.WriteString(fmt.Sprintf("\t\tProduct name: %s\n", vcekExts.ProductName))
tcb := kds.DecomposeTCBVersion(vcekExts.TCBVersion)
b.WriteString(fmt.Sprintf("\t\tSecure Processor bootloader SVN: %d\n", tcb.BlSpl))
b.WriteString(fmt.Sprintf("\t\tSecure Processor operating system SVN: %d\n", tcb.TeeSpl))
b.WriteString(fmt.Sprintf("\t\tSVN 4 (reserved): %d\n", tcb.Spl4))
b.WriteString(fmt.Sprintf("\t\tSVN 5 (reserved): %d\n", tcb.Spl5))
b.WriteString(fmt.Sprintf("\t\tSVN 6 (reserved): %d\n", tcb.Spl6))
b.WriteString(fmt.Sprintf("\t\tSVN 7 (reserved): %d\n", tcb.Spl7))
b.WriteString(fmt.Sprintf("\t\tSEV-SNP firmware SVN: %d\n", tcb.SnpSpl))
b.WriteString(fmt.Sprintf("\t\tMicrocode SVN: %d\n", tcb.UcodeSpl))
b.WriteString(fmt.Sprintf("\t\tHardware ID: %#x\n", vcekExts.HWID))
}
i++
}

2
go.mod
View File

@ -232,7 +232,7 @@ require (
github.com/google/go-attestation v0.5.0 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-containerregistry v0.15.2 // indirect
github.com/google/go-sev-guest v0.6.1 // indirect
github.com/google/go-sev-guest v0.6.1
github.com/google/go-tspi v0.3.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/logger v1.1.1 // indirect