constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00

Author	SHA1	Message	Date
Moritz Sanft	3ed001fa8a	attestation: use `go-sev-guest` library (#2269 ) * wip: switch to attestation * add extra comments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * MAA checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use provided functions to parse report / cert chain Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * replace `CommitedTCB` check with `LaunchTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove debug check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `LaunchTCB` == `CommitedTCB` check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * custom IdKeyDigests check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * basic test of report parsing from instance info Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * retrieve VCEK from AMD KDS Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove VCEK from `azureInstanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `go-sev-guest` TCB version type Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validation parsing test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix error message * fix comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove certificate chain from `instanceInfo` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test for idkeydigest check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: update tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] debug prints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip: fix tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix tests, do some clean-up Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test case for fetching error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * correct `hack` dependency Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix id key check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] comment out wip unit tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing newline Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to released version of `go-sev-guest` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add constructor test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add VMPL check Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add test assertions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * switch to pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use fork with windows fix Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use data from THIM Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update embeds Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * verify against ARK in config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * invalid ASK Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * Update internal/attestation/azure/snp/validator.go Co-authored-by: 3u13r <lc@edgeless.systems> * nits Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * refactoring Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use upstream library with pseudoversion Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * Update internal/attestation/azure/snp/validator.go Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * simplify control flow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix return error Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix VCEK test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * revert unintentional changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use new upstream release Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix removed AuthorKeyEn field Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix verification report printing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: 3u13r <lc@edgeless.systems> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-21 14:08:00 +02:00
Malte Poll	75ed8c9f3e	attestation: allow "go test" to work with CGO disabled	2023-08-18 16:36:13 +02:00
renovate[bot]	050db3a5d8	deps: update github.com/thomasten/go-tpm digest to f43f8e2 (#2048 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>	2023-07-07 13:17:58 +02:00
Daniel Weiße	5a0234b3f2	attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257 ) * Convert enforceIDKeyDigest setting to enum * Use MAA fallback in Azure SNP attestation * Only create MAA provider if MAA fallback is enabled --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems>	2023-03-21 12:46:49 +01:00
Paul Meyer	0036b24266	go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 08:41:01 -04:00
Malte Poll	bdba9d8ba6	bazel: add build files for go (#1186 ) * build: correct toolchain order * build: gazelle-update-repos * build: use pregenerated proto for dependencies * update bazeldnf * deps: tpm simulator * Update Google trillian module * cli: add stamping as alternative build info source * bazel: add go_test wrappers, mark special tests and select testing deps * deps: add libvirt deps * deps: go-libvirt patches * deps: cloudflare circl patches * bazel: add go_test wrappers, mark special tests and select testing deps * bazel: keep gazelle overrides * bazel: cleanup bazelrc * bazel: switch CMakeLists.txt to use bazel * bazel: fix injection of version information via stamping * bazel: commit all build files * dev-docs: document bazel usage * deps: upgrade zig-cc for go 1.20 * bazel: update Perl for macOS arm64 & Linux arm64 support * bazel: use static perl toolchain for OpenSSL * bazel: use static protobuf (protoc) toolchain * deps: add git and go to nix deps Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-09 15:23:42 +01:00
Fabian Kammel	369480a50b	Feat/revive (#212 ) * enable revive as linter * fix var-naming revive issues * fix blank-imports revive issues * fix receiver-naming revive issues * fix exported revive issues * fix indent-error-flow revive issues * fix unexported-return revive issues * fix indent-error-flow revive issues Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-10-05 15:02:46 +02:00
Daniel Weiße	acdcb535c0	AB#2444 Verify Azure trusted launch attestation keys (#203 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-10-04 16:44:44 +02:00
Otto Bittner	405db3286e	AB#2386: TrustedLaunch support for azure attestation * There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>	2022-09-05 12:03:48 +02:00

9 Commits