attestation: remove PCR 0 and 10 on GCP

2025-02-02 10:35:08 -05:00 · 2023-03-06 09:17:32 +01:00 · 2023-03-06 09:17:32 +01:00 · c94d1db76d
commit c94d1db76d
parent 0a344e4cf6
4 changed files with 1 additions and 12 deletions
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@ -663,8 +663,6 @@ jobs:
            gcp)
              yq e '.csp = "GCP" |
                .image = "${{ needs.build-settings.outputs.imageNameShort }}" |
                .measurements.0.warnOnly = false |
                .measurements.0.expected = "0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf" |
                .measurements.1.warnOnly = true |
                .measurements.1.expected = "745f2fb4235e4647aa0ad5ace781cd929eb68c28870e7dd5d1a1535854325e56" |
                .measurements.2.warnOnly = true |
@ -680,8 +678,6 @@ jobs:
                .measurements.7.expected = "b1e9b305325c51b93da58cbf7f92512d8eebfa01143e4d8844e40e062e9b6cd5" |
                .measurements.8.warnOnly = false |
                .measurements.9.warnOnly = false |
                .measurements.10.warnOnly = true |
                .measurements.10.expected = "7f96fbc55e1d2a0de46e5d44658c06ef102d1198703efa69f2ea6b5aa1c9a176" |
                .measurements.11.warnOnly = false |
                .measurements.12.warnOnly = false |
                .measurements.13.warnOnly = false |
--- a/docs/docs/architecture/attestation.md
+++ b/docs/docs/architecture/attestation.md
@ -167,7 +167,7 @@ The latter means that the value can be generated offline and compared to the one
 | PCR         | Components                                                       | Measured by                   | Reproducible and verifiable |
 | ----------- | ---------------------------------------------------------------- | ----------------------------- | --------------------------- |
-| 0           | CVM constant string                                              | GCP                           | No                          |
+| 0           | CVM version and technology                                       | GCP                           | No                          |
 | 1           | Firmware                                                         | GCP                           | No                          |
 | 2           | Firmware                                                         | GCP                           | No                          |
 | 3           | Firmware                                                         | GCP                           | No                          |
--- a/internal/attestation/measurements/measurements_oss.go
+++ b/internal/attestation/measurements/measurements_oss.go
@ -35,10 +35,6 @@ func DefaultsFor(provider cloudprovider.Provider) M {
 		}
 	case cloudprovider.GCP:
 		return M{
 			0: {
 				Expected: [32]byte{0x0F, 0x35, 0xC2, 0x14, 0x60, 0x8D, 0x93, 0xC7, 0xA6, 0xE6, 0x8A, 0xE7, 0x35, 0x9B, 0x4A, 0x8B, 0xE5, 0xA0, 0xE9, 0x9E, 0xEA, 0x91, 0x07, 0xEC, 0xE4, 0x27, 0xC4, 0xDE, 0xA4, 0xE4, 0x39, 0xCF},
 				WarnOnly: false,
 			},
 			4:                         PlaceHolderMeasurement(),
 			8:                         WithAllBytes(0x00, false),
 			9:                         PlaceHolderMeasurement(),
--- a/internal/config/testdata/configGCPV2.yaml
+++ b/internal/config/testdata/configGCPV2.yaml
@ -13,9 +13,6 @@ provider:
    stateDiskType: pd-ssd
    deployCSIDriver: true
    measurements:
      0:
        expected: 0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf
        warnOnly: false
      4:
        expected: "1234123412341234123412341234123412341234123412341234123412341234"
        warnOnly: false