Commit Graph

197 Commits

Author SHA1 Message Date
edgelessci
49a806a874
image: update measurements and image version (#2859)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-26 08:15:43 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827)
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-24 15:10:15 +01:00
edgelessci
6ae59bb986
image: update measurements and image version (#2848)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-24 08:22:48 +01:00
Malte Poll
c8ffba0366 measurements: update expected PCR[1] on GCP 2024-01-23 21:55:12 +01:00
Malte Poll
a2e2f0387c measurements: correctly override validation options 2024-01-23 21:55:12 +01:00
Malte Poll
3a5753045e goleak: ignore rules_go SIGTERM handler
rules_go added a SIGTERM handler that has a goroutine that survives the scope of the goleak check.
Currently, the best known workaround is to ignore this goroutine.

https://github.com/uber-go/goleak/issues/119
https://github.com/bazelbuild/rules_go/pull/3749
https://github.com/bazelbuild/rules_go/pull/3827#issuecomment-1894002120
2024-01-22 13:11:58 +01:00
edgelessci
3b02edcc48
image: update measurements and image version (#2833)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-19 09:12:24 +01:00
edgelessci
2acbd10ef7
image: update measurements and image version (#2831)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2024-01-17 18:55:10 +01:00
edgelessci
6259815869
image: update measurements and image version (#2828)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-17 08:11:53 +01:00
Malte Poll
9d6321faa3 uplosi: use separate galleries for Azure TDX and TDX 2024-01-16 17:34:44 +01:00
Malte Poll
336ba6bc34 attestation: add Azure TDX variant
Only a stub for now.
2024-01-16 17:34:44 +01:00
Malte Poll
181b8f64d2 image: add static (per-CSP) measurements during "measurement envelope"
This logic was previously performed in a GitHub Actions workflow
using yq.
Since every step should now be performed in Bazel, this now needs to happen here.
2024-01-15 13:53:15 +01:00
edgelessci
2fea43a320
image: update measurements and image version (#2817)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-12 08:20:15 +01:00
edgelessci
c61507f220
image: update measurements and image version (#2812)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-10 08:13:30 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800)
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
2024-01-09 19:37:56 +01:00
edgelessci
cbf744a095
image: update measurements and image version (#2795)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2024-01-05 09:27:11 +01:00
edgelessci
3d8e548dcd
image: update measurements and image version (#2789)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-01-03 13:08:45 +01:00
edgelessci
6f6f28b8cc
image: update measurements and image version (#2722)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-15 08:18:25 +01:00
edgelessci
2c50abcc91
image: update measurements and image version (#2720)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-12-14 19:35:40 +01:00
edgelessci
8d8853ef31
image: update measurements and image version (#2711)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-13 09:23:38 +01:00
edgelessci
b92635a0f0
image: update measurements and image version (#2687)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-08 11:22:48 +01:00
edgelessci
ac056ae010
image: update measurements and image version (#2681)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-07 09:10:28 +01:00
Adrian Stobbe
c07c333d3d
terraform-provider: data skeleton for cluster resource (#2678) 2023-12-05 16:16:50 +01:00
edgelessci
c1bc7840bf
image: update measurements and image version (#2671)
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-01 16:14:27 +01:00
edgelessci
8532d1ff02
image: update measurements and image version (#2668)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-12-01 09:36:26 +01:00
katexochen
e06848c68a image: update measurements and image version 2023-11-29 08:45:52 +01:00
Adrian Stobbe
a2de1d23ec
terraform-provider: add attestation data source (#2640)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 17:30:11 +01:00
derpsteb
bff65d563b image: update measurements and image version 2023-11-27 10:57:21 +01:00
Otto Bittner
84d8bd8110 verify: query vlek ASK from KDS if not set
The user can choose to supply an intermediate
certificate through the config, like they can
for the root key. If none is supplied,
the KDS is queried for a valid ASK.
2023-11-24 15:49:48 +01:00
Otto Bittner
07eed0e319 attestation: use SNP-based attestation for AWS SNP 2023-11-24 15:49:48 +01:00
Otto Bittner
cdc91b50bc verify: move CSP-specific code to internal/verify
With the introduction of SNP-based attestation on AWS
some of the information in the report (MAAToken) is not
applicable to all attestation reports anymore.
Thus, make verify cmd CSP-agnostic and move
CSP-specific logic to internal/verify.
Also make internal/attestation/snp CSP aware.
2023-11-24 15:49:48 +01:00
Otto Bittner
5ce55e3449 attestation: add snp package
The package holds code shared between SNP-based
attestation implementations on AWS and Azure .
2023-11-24 15:49:48 +01:00
katexochen
949186e5d7 image: update measurements and image version 2023-11-24 12:06:03 +01:00
edgelessci
e51513985a
image: update measurements and image version (#2612)
Co-authored-by: daniel-weisse <daniel-weisse@users.noreply.github.com>
2023-11-17 12:49:54 +01:00
3u13r
183ce7a45a image: update measurements and image version 2023-11-16 13:50:40 +01:00
katexochen
648eebab24 image: update measurements and image version 2023-11-15 11:10:40 +01:00
edgelessci
246b9ce069
image: update measurements and image version (#2594)
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-13 21:10:15 +01:00
edgelessci
e918a7af90
image: update measurements and image version (#2571)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-11-13 06:54:09 +01:00
Otto Bittner
8341db3c33 attestation: clear certificate cache in azure snp
The unittest was flacky as testcases with valid certs
in the getter property lead to those certs being cached
inside the trust module. Other testcases however,
may want to explicitly use invalid certs. The cache
interferes with this.

Co-authored-by: Moritz Sanft <ms@edgeless.systems>
2023-11-08 13:31:26 +01:00
katexochen
45df17d527 image: update measurements and image version 2023-11-08 11:40:07 +01:00
katexochen
d67f1a035f image: update measurements and image version 2023-11-03 09:04:06 +01:00
katexochen
33ff6eb5ae image: update measurements and image version 2023-11-02 13:28:49 +01:00
katexochen
238a3c222b image: update measurements and image version 2023-10-30 11:23:12 +01:00
katexochen
5eb6cc6d08 image: update measurements and image version 2023-10-25 10:54:56 +02:00
edgelessci
5cd70ac58a
image: update measurements and image version (#2482)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-20 08:10:51 +02:00
edgelessci
43ee0791c6
image: update measurements and image version (#2477)
Co-authored-by: 3u13r <3u13r@users.noreply.github.com>
2023-10-19 14:50:52 +02:00
edgelessci
e231a24916
image: update measurements and image version (#2428)
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-10-11 10:33:54 +02:00
Moritz Sanft
8749cafcbd explicitly initialize struct 2023-10-10 10:33:54 +02:00
Moritz Sanft
6f53dc90cf fix go-sev-guest default product 2023-10-10 10:33:54 +02:00
Moritz Sanft
d0fe6c9272
update list of default idkeydigests (#2415) 2023-10-06 11:32:19 +02:00