Commit Graph

5 Commits

Author SHA1 Message Date
Otto Bittner
7c5556864b AB#2333: Add AMD SNP-based attestation
Currently only available on Azure CVMs.

* Get the public attestation key from the TPM.
* Get the snp report from the TPM.
* Get the VCEK and ASK certificate from the metadata api.
* Verify VCEK using hardcoded root key (ARK)
* Verify SNP report using VCEK
* Verify HCLAkPub using SNP report by comparing
AK with runtimeData
* Extend unittest

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-08-29 16:29:33 +02:00
Daniel Weiße
ab536ae3c8 AB#2278 Remove hardcoded values from config (#346)
* Update file handler to avoid incorrect usage of file.Option

* Remove hardcoded values

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-08 11:04:17 +02:00
Daniel Weiße
db79784045 AB#2200 Merge Owner and Cluster ID (#282)
* Merge Owner and Cluster ID into single value

* Remove aTLS from KMS, as it is no longer used for cluster external communication

* Update verify command to use cluster-id instead of unique-id flag

* Remove owner ID from init output

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-26 10:58:39 +02:00
Daniel Weiße
c6ff34f4d2 Use Certificate Requests to issue Kubelet Certificates and set CA (#261)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-07-15 09:33:11 +02:00
katexochen
2083d37b11 Create internal package for joinservice 2022-07-14 17:25:18 +02:00