Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-30 02:28:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

attestation: add SNP-based attestation for aws-sev-snp (#1916)

Browse source 
* config: move AMD root key to global constant
* attestation: add SNP based attestation for aws
* Always enable SNP, regardless of attestation type.
* Make AWSNitroTPM default again

There exists a bug in AWS SNP implementation where sometimes
a host might not be able to produce valid SNP reports.
Since we have to wait for AWS to fix this we are merging SNP
attestation as opt-in feature.
This commit is contained in:
Otto Bittner 2023-06-21 14:19:55 +02:00 committed by GitHub
parent 94b21e11ad
commit c7d12055d1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 646 additions and 239 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/docs/reference/cli.md
View file

@ -75,7 +75,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
### Options
```
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
-a, --attestation string attestation variant to use {aws-nitro-tpm|aws-sev-snp|azure-sev-snp|azure-trustedlaunch|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
-f, --file string path to output file, or '-' for stdout (default "constellation-conf.yaml")
-h, --help help for generate
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.26")