Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-23 13:51:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update verification dev docs to reference new tool

Browse Source
This commit is contained in:
Otto Bittner 2022-09-13 14:41:24 +02:00
parent d5d5448935
commit c7f39388e4
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.github/docs/development.md vendored
View File

@ -56,15 +56,20 @@ You can do this by utilizing our terraform setup.
Instructions on how to set it up can be found in it's [README](/terraform/libvirt/README.md). Instructions on how to set it up can be found in it's [README](/terraform/libvirt/README.md).
# Verification # Verification
In order to verify your cluster we describe a [verification workflow](https://docs.edgeless.systems/constellation/workflows/verify) in our official docs. In order to verify your cluster we describe a [verification workflow](https://constellation-docs.edgeless.systems/constellation/workflows/verify-cluster) in our official docs.
Apart from that you can also reproduce some of the measurements described in the [docs](https://docs.edgeless.systems/constellation/architecture/attestation#runtime-measurements) locally. Apart from that you can also reproduce some of the measurements described in the [docs](https://docs.edgeless.systems/constellation/architecture/attestation#runtime-measurements) locally.
To do so you have to create a cluster locally as described in the [previous section](/.github/docs/development.md#locally). To do so we built a tool that creates a VM, collects the PCR values and reports them to you.
However, you don't have to go through the full manual, you can stop after running `terraform apply`. To run the tool execute the following command in `/hack/image-measurement`:
If `terraform apply` succeeded you will find two files in your current working directory: `control-plane-0_pcrs.json` and `control-plane-0_pcrs.yaml`. ```
You can compare the values of PCR 8 and 9 to the ones you are seeing in your `constellation-conf.yaml`. go run . -path <image_path> -type <image_type>
```
`<image_path>` needs to point to a valid image file.
The image can be either in raw or QEMU's `qcow2` format.
This format is specified in the `<image_type>` argument.
The PCR values depend on the image you specify in `constellation_coreos_image` in your `terraform.tfvars`. You can compare the values of PCR 4, 8 and 9 to the ones you are seeing in your `constellation-conf.yaml`.
So if you want to verify a cluster deployed with a release images you will have to download the images first. The PCR values depend on the image you specify in the `path` argument.
Therefore, if you want to verify a cluster deployed with a release image you will have to download the images first.
After collecting the measurements you can put them into your `constellation-conf.yaml` under the `measurements` key in order to enforce them. After collecting the measurements you can put them into your `constellation-conf.yaml` under the `measurements` key in order to enforce them.

2
.lycheeignore
View File

@ -4,3 +4,5 @@ https://github.com/edgelesssys/wiki/blob/master/documentation/constellation/cust
https://github.com/edgelesssys/wiki/blob/master/documentation/rebasing_forks.md https://github.com/edgelesssys/wiki/blob/master/documentation/rebasing_forks.md
https://public-edgeless-constellation.s3.us-east-2.amazonaws.com https://public-edgeless-constellation.s3.us-east-2.amazonaws.com
https://portal.azure.com https://portal.azure.com
https://github.com/edgelesssys/constellation/settings/secrets/actions
https://github.com/edgelesssys/constellation/compare/v1.2.0...main