Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 00:06:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update verification dev docs to reference new tool

Browse Source
This commit is contained in:
Otto Bittner 2022-09-13 14:41:24 +02:00
parent d5d5448935
commit c7f39388e4
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.github/docs/development.md vendored
View File

@ -56,15 +56,20 @@ You can do this by utilizing our terraform setup.
Instructions on how to set it up can be found in it's [README](/terraform/libvirt/README.md).
# Verification
In order to verify your cluster we describe a [verification workflow](https://docs.edgeless.systems/constellation/workflows/verify) in our official docs.
In order to verify your cluster we describe a [verification workflow](https://constellation-docs.edgeless.systems/constellation/workflows/verify-cluster) in our official docs.
Apart from that you can also reproduce some of the measurements described in the [docs](https://docs.edgeless.systems/constellation/architecture/attestation#runtime-measurements) locally.
To do so you have to create a cluster locally as described in the [previous section](/.github/docs/development.md#locally).
However, you don't have to go through the full manual, you can stop after running `terraform apply`.
If `terraform apply` succeeded you will find two files in your current working directory: `control-plane-0_pcrs.json` and `control-plane-0_pcrs.yaml`.
You can compare the values of PCR 8 and 9 to the ones you are seeing in your `constellation-conf.yaml`.
To do so we built a tool that creates a VM, collects the PCR values and reports them to you.
To run the tool execute the following command in `/hack/image-measurement`:
```
go run . -path <image_path> -type <image_type>
```
`<image_path>` needs to point to a valid image file.
The image can be either in raw or QEMU's `qcow2` format.
This format is specified in the `<image_type>` argument.
The PCR values depend on the image you specify in `constellation_coreos_image` in your `terraform.tfvars`.
So if you want to verify a cluster deployed with a release images you will have to download the images first.
You can compare the values of PCR 4, 8 and 9 to the ones you are seeing in your `constellation-conf.yaml`.
The PCR values depend on the image you specify in the `path` argument.
Therefore, if you want to verify a cluster deployed with a release image you will have to download the images first.
After collecting the measurements you can put them into your `constellation-conf.yaml` under the `measurements` key in order to enforce them.

2
.lycheeignore
View File

@ -4,3 +4,5 @@ https://github.com/edgelesssys/wiki/blob/master/documentation/constellation/cust
https://github.com/edgelesssys/wiki/blob/master/documentation/rebasing_forks.md
https://public-edgeless-constellation.s3.us-east-2.amazonaws.com
https://portal.azure.com
https://github.com/edgelesssys/constellation/settings/secrets/actions
https://github.com/edgelesssys/constellation/compare/v1.2.0...main