constellation

Git-Mirrors/constellation

Fork 0

mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-11 17:04:22 -05:00

Commit Graph

Author	SHA1	Message	Date
Daniel Weiße	5a0234b3f2	attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257 ) * Convert enforceIDKeyDigest setting to enum * Use MAA fallback in Azure SNP attestation * Only create MAA provider if MAA fallback is enabled --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems>	2023-03-21 12:46:49 +01:00
Otto Bittner	405db3286e	AB#2386: TrustedLaunch support for azure attestation * There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>	2022-09-05 12:03:48 +02:00

Author

SHA1

Message

Date

Daniel Weiße

5a0234b3f2

attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257 )

* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>

2023-03-21 12:46:49 +01:00

Otto Bittner

405db3286e

AB#2386: TrustedLaunch support for azure attestation

* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>

2022-09-05 12:03:48 +02:00

2 Commits