attestation: tdx issuer/validator (#1265)

* Add TDX validator * Add TDX issuer --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-07-20 05:51:46 -04:00 · 2023-03-08 14:13:57 +01:00 · 2023-03-08 14:13:57 +01:00 · dd2da25ebe
commit dd2da25ebe
parent d104af6e51
53 changed files with 808 additions and 229 deletions
--- a/cli/internal/cloudcmd/validators.go
+++ b/cli/internal/cloudcmd/validators.go
@ -59,7 +59,7 @@ func updatePCR(m measurements.M, pcrIndex uint32, encoded string) error {
 	oldExpected := m[pcrIndex].Expected
 	expectedPcr := sha256.Sum256(append(oldExpected[:], hashedInput[:]...))
 	m[pcrIndex] = measurements.Measurement{
-		Expected:      expectedPcr,
+		Expected:      expectedPcr[:],
 		ValidationOpt: m[pcrIndex].ValidationOpt,
 	}
 	return nil
--- a/cli/internal/cloudcmd/validators_test.go
+++ b/cli/internal/cloudcmd/validators_test.go
@ -132,7 +132,7 @@ func TestValidatorUpdateInitPCRs(t *testing.T) {
 				case i == int(measurements.PCRIndexClusterID):
 					pcr, ok := m[uint32(i)]
 					assert.True(ok)
-					assert.Equal(pcrZeroUpdatedOne, pcr.Expected)
+					assert.Equal(pcrZeroUpdatedOne[:], pcr.Expected)

 				case i == int(measurements.PCRIndexOwnerID) && tc.ownerID == "":
 					// should be deleted
@ -142,7 +142,7 @@ func TestValidatorUpdateInitPCRs(t *testing.T) {
 				case i == int(measurements.PCRIndexOwnerID):
 					pcr, ok := m[uint32(i)]
 					assert.True(ok)
-					assert.Equal(pcrZeroUpdatedOne, pcr.Expected)
+					assert.Equal(pcrZeroUpdatedOne[:], pcr.Expected)

 				default:
 					if i >= 17 && i <= 22 {
--- a/cli/internal/terraform/BUILD.bazel
+++ b/cli/internal/terraform/BUILD.bazel
@ -69,6 +69,7 @@ go_library(
        "terraform/openstack/modules/loadbalancer/variables.tf",
        "terraform/openstack/outputs.tf",
        "terraform/openstack/variables.tf",
+        "terraform/qemu/modules/instance_group/tdx_domain.xsl",
    ],
    importpath = "github.com/edgelesssys/constellation/v2/cli/internal/terraform",
    visibility = ["//cli:__subpackages__"],
--- a/cli/internal/terraform/terraform/qemu/modules/instance_group/tdx_domain.xsl
+++ b/cli/internal/terraform/terraform/qemu/modules/instance_group/tdx_domain.xsl
@ -82,22 +82,6 @@
    <xsl:template match="/domain/vcpu">
        <vcpu placement="static"><xsl:apply-templates select="@*|node()"/></vcpu>
    </xsl:template>
-    <xsl:template match="/domain/cpu">
-        <xsl:copy>
-            <xsl:apply-templates select="node()|@*"/>
-            <xsl:element name ="topology">
-                <xsl:attribute name="sockets">
-                 <xsl:value-of select="'1'"/>
-                </xsl:attribute>
-                <xsl:attribute name="cores">
-                 <xsl:value-of select="'1'"/>
-                </xsl:attribute>
-                <xsl:attribute name="threads">
-                 <xsl:value-of select="'1'"/>
-                </xsl:attribute>
-            </xsl:element>
-        </xsl:copy>
-    </xsl:template>
    <xsl:template match="/domain/devices/console">
        <console type="pty">
            <target type="virtio" port="1" />