Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-03 14:54:53 -04:00
Code Issues Projects Releases Packages Wiki Activity

config: sign Azure versions on upload & verify on fetch (#1836)

Browse source 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
This commit is contained in:
Adrian Stobbe 2023-06-01 13:55:46 +02:00 committed by GitHub
parent e0285c122e
commit b51cc52945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 752 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

29
hack/azure-snp-report-verify/verify.go
View file

@ -13,12 +13,14 @@ import (
"encoding/base64"
"encoding/json"
"errors"
"flag"
"fmt"
"io"
"net/http"
"os"
"time"
"github.com/edgelesssys/constellation/v2/internal/api/configapi"
"gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
@ -43,6 +45,8 @@ func (i *IsolationTEE) PrintSVNs() {
}
func main() {
configAPIExportPath := flag.String("export-path", "azure-sev-snp-version.json", "Path to the exported config API file.")
flag.Parse()
if len(os.Args) != 2 {
fmt.Println("Usage:", os.Args[0], "<maa-jwt>")
return
@ -54,6 +58,31 @@ func main() {
fmt.Println("Successfully validated ID key digest:", report.IDKeyDigest)
fmt.Println("Currently reported SVNs:")
report.PrintSVNs()
if *configAPIExportPath != "" {
configAPIVersion := convertToConfigAPIFile(report)
if err := exportToJSONFile(configAPIVersion, *configAPIExportPath); err != nil {
panic(err)
}
fmt.Println("Successfully exported config API file to:", configAPIExportPath)
}
}
func convertToConfigAPIFile(i IsolationTEE) configapi.AzureSEVSNPVersion {
return configapi.AzureSEVSNPVersion{
Bootloader: uint8(i.BootloaderSvn),
TEE: uint8(i.TEESvn),
SNP: uint8(i.SNPFwSvn),
Microcode: uint8(i.MicrocodeSvn),
}
}
func exportToJSONFile(configAPIVersion configapi.AzureSEVSNPVersion, configAPIExportPath string) error {
data, err := json.Marshal(configAPIVersion)
if err != nil {
return err
}
return os.WriteFile(configAPIExportPath, data, 0o644)
}
func getTEEReport(rawToken string) (IsolationTEE, error) {