Commit Graph

1 Commits

Author SHA1 Message Date
Moritz Sanft
3ed001fa8a
attestation: use go-sev-guest library (#2269)
* wip: switch to  attestation

* add extra comments

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* MAA checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use provided functions to parse report / cert chain

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* replace `CommitedTCB` check with `LaunchTCB` check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove debug check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove `LaunchTCB` == `CommitedTCB` check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* custom IdKeyDigests check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* basic test of report parsing from instance info

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* retrieve VCEK from AMD KDS

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove VCEK from `azureInstanceInfo`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `go-sev-guest` TCB version type

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix validation parsing test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix error message

* fix comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove certificate chain from `instanceInfo`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add test for idkeydigest check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip: update tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] debug prints

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip: fix tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip: fix tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix tests, do some clean-up

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add test case for fetching error

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* correct `hack` dependency

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix id key check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] comment out wip unit tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing newline

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* switch to released version of `go-sev-guest`

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add constructor test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add VMPL check

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add test assertions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* switch to pseudoversion

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use fork with windows fix

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use data from THIM

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update embeds

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* verify against ARK in config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* invalid ASK

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: 3u13r <lc@edgeless.systems>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: 3u13r <lc@edgeless.systems>

* nits

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* refactoring

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* use upstream library with pseudoversion

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* Update internal/attestation/azure/snp/validator.go

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* simplify control flow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix return error

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix VCEK test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* revert unintentional changes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use new upstream release

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix removed AuthorKeyEn field

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix verification report printing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-21 14:08:00 +02:00