Commit Graph

9 Commits

Author SHA1 Message Date
Daniel Weiße
5a0234b3f2
attestation: add option for MAA fallback to verify azure's snp-sev id key digest (#1257)
* Convert enforceIDKeyDigest setting to enum

* Use MAA fallback in Azure SNP attestation

* Only create MAA provider if MAA fallback is enabled

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2023-03-21 12:46:49 +01:00
Paul Meyer
0036b24266 go: remove unused parameters
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 08:41:01 -04:00
Thomas Tendyck
2535073df8 attestation: add MachineState to ValidateCVM 2023-03-06 13:09:57 +01:00
3u13r
632090c21b
azure: allow a set of idkeydigest values (#991) 2023-01-18 16:49:55 +01:00
Fabian Kammel
369480a50b
Feat/revive (#212)
* enable revive as linter
* fix var-naming revive issues
* fix blank-imports revive issues
* fix receiver-naming revive issues
* fix exported revive issues
* fix indent-error-flow revive issues
* fix unexported-return revive issues
* fix indent-error-flow revive issues
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-05 15:02:46 +02:00
katexochen
ba6e41ed5c Upgrade go module to v2 2022-09-22 09:10:19 +02:00
Otto Bittner
611ec25f22 AB#2380: Add unittest for validateAk
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-07 13:59:09 +02:00
Otto Bittner
23bf4aa665
AB#2379: Validate version in SNP report (#80)
* AB#2379: Validate version in SNP report

* Check that TCB version in VCEK matches COMMITTED_TCB
* Check that LAUNCH, CURRENT and REPORTED TCB are at least
at the same security level as we are currently.
* Rename variables in snpReport struct
* Use default values in validator_test.go

Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-07 10:39:38 +02:00
Otto Bittner
405db3286e AB#2386: TrustedLaunch support for azure attestation
* There are now two attestation packages on azure.
The issuer on the server side is created base on successfully
querying the idkeydigest from the TPM. Fallback on err: Trusted Launch.
* The bootstrapper's issuer choice is validated by the CLI's validator,
which is created based on the local config.
* Add "azureCVM" field to new "internal-config" cm.
This field is populated by the bootstrapper.
* Group attestation OIDs by CSP (#42)
* Bootstrapper now uses IssuerWrapper type to pass
the issuer (and some context info) to the initserver.
* Introduce VMType package akin to cloudprovider. Used by
IssuerWrapper.
* Extend unittests.
* Remove CSP specific attestation integration tests

Co-authored-by: <dw@edgeless.systems>
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-05 12:03:48 +02:00