* fetch latest version when older than 2 weeks
* extend hack upload tool to pass an upload date
* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882)"
This reverts commit c7b22d314a.
* fix tests
* use NewAzureSEVSNPVersionList for type guarantees
* Revert "use NewAzureSEVSNPVersionList for type guarantees"
This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.
* assure list is sorted
* improve root.go style
* daniel feedback
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
The old measurements.json (v1) was contain one set of measurements and had a path scoped for every CSP.
The new version is less structured, allowing for future extensions.
The version v1 of the image/info.json file is not capable to encode multiple regions and
attestation variants for a given csp.
This is why a v2 is needed with a more extensible structure.
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
This new section describes how recovery currently depends on
the mastersecret and how that will change.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Tracking two sets of versions would require us to have two versioning patterns
inside the Helm charts. It also complicates
the decision making for the user.
