Commit Graph

5 Commits

Author SHA1 Message Date
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Daniel Weiße
b3486fc32b
intenal: add logging to attestation issuer (#1264)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-28 16:34:18 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Fabian Kammel
bb76a4e4c8
AB#2512 Config secrets via env var & config refactoring (#544)
* refactor measurements to use consistent types and less byte pushing
* refactor: only rely on a single multierr dependency
* extend config creation with envar support
* document changes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-15 15:40:49 +01:00
Daniel Weiße
acdcb535c0
AB#2444 Verify Azure trusted launch attestation keys (#203)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-04 16:44:44 +02:00