Merge fa64f45072 into 86c45d1d5f

* Update renovate syntax
* Update to Go 1.22.3

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

.github/actions/artifact_download/action.yml

@@ -16,11 +16,11 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Install unzip
+    - name: Install 7zip
       uses: ./.github/actions/setup_bazel_nix
       with:
         nixTools: |
-          unzip
+          _7zz
 
     - name: Create temporary directory
       id: tempdir
@@ -37,4 +37,4 @@ runs:
       shell: bash
       run: |
         mkdir -p ${{ inputs.path }}
-        unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
+        7zz x -p'${{ inputs.encryptionSecret }}' -t7z -o"${{ inputs.path }}" ${{ steps.tempdir.outputs.directory }}/archive.7z

.github/actions/artifact_upload/action.yml

@@ -22,11 +22,11 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - name: Install zip
+    - name: Install 7zip
       uses: ./.github/actions/setup_bazel_nix
       with:
         nixTools: |
-          zip
+          _7zz
 
     - name: Create temporary directory
       id: tempdir
@@ -37,10 +37,8 @@ runs:
       shell: bash
       run: |
         shopt -s extglob
-
         paths="${{ inputs.path }}"
         paths=${paths%$'\n'} # Remove trailing newline
-
         # Check if any file matches the given pattern(s).
         something_exists=false
         for pattern in ${paths}
@@ -49,7 +47,6 @@ runs:
             something_exists=true
           fi
         done
-
         # Create an archive if files exist.
         # Don't create an archive file if no files are found
         # and warn.
@@ -58,11 +55,10 @@ runs:
           echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."
           exit 0
         fi
-
         for target in ${paths}
         do
           pushd "$(dirname "${target}")" || exit 1
-          zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"
+          7zz a -p'${{ inputs.encryptionSecret }}' -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")"
           popd || exit 1
         done
 
@@ -70,7 +66,7 @@ runs:
       uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
         name: ${{ inputs.name }}
-        path: ${{ steps.tempdir.outputs.directory }}/archive.zip
+        path: ${{ steps.tempdir.outputs.directory }}/archive.7z
         retention-days: ${{ inputs.retention-days }}
         if-no-files-found: ignore
         overwrite: ${{ inputs.overwrite }}

.github/actions/constellation_create/action.yml

@@ -262,7 +262,7 @@ runs:
         mkdir to-zip
         cp -r constellation-terraform to-zip
         cp -r constellation-iam-terraform to-zip
-        rm to-zip/constellation-terraform/plan.zip
+        rm -f to-zip/constellation-terraform/plan.zip
         rm -rf to-zip/constellation-terraform/.terraform to-zip/constellation-iam-terraform/.terraform
 
     - name: Upload terraform state

.github/actions/e2e_cleanup_timeframe/action.yml

@@ -16,7 +16,7 @@ runs:
   using: "composite"
   steps:
     - name: Authenticate AWS
-      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
+      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
       with:
         role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
         aws-region: eu-central-1
@@ -31,16 +31,14 @@ runs:
       with:
         service_account: "destroy-e2e@constellation-e2e.iam.gserviceaccount.com"
 
-    - name: Install unzip
+    - name: Install 7zip
       uses: ./.github/actions/setup_bazel_nix
       with:
         nixTools: |
-          unzip
+          _7zz
     - name: Run cleanup
       run: ./.github/actions/e2e_cleanup_timeframe/e2e-cleanup.sh
       shell: bash
       env:
         GH_TOKEN: ${{ inputs.ghToken }}
         ENCRYPTION_SECRET: ${{ inputs.encryptionSecret }}
-
-

.github/actions/e2e_cleanup_timeframe/e2e-cleanup.sh

@@ -3,7 +3,7 @@
 # get_e2e_test_ids_on_date gets all workflow IDs of workflows that contain "e2e" on a specific date.
 function get_e2e_test_ids_on_date {
   ids="$(gh run list --created "$1" --status failure --json createdAt,workflowName,databaseId --jq '.[] | select(.workflowName | contains("e2e") and (contains("MiniConstellation") | not)) | .databaseId' -L1000 -R edgelesssys/constellation || exit 1)"
-  echo "$ids"
+  echo "${ids}"
 }
 
 # download_tfstate_artifact downloads all artifacts matching the pattern terraform-state-* from a given workflow ID.
@@ -13,7 +13,7 @@ function download_tfstate_artifact {
 
 # delete_resources runs terraform destroy on the constellation-terraform subfolder of a given folder.
 function delete_resources {
-  if [ -d "$1/constellation-terraform" ]; then
+  if [[ -d "$1/constellation-terraform" ]]; then
     cd "$1/constellation-terraform" || exit 1
     terraform init > /dev/null || exit 1 # first, install plugins
     terraform destroy -auto-approve || exit 1
@@ -23,7 +23,7 @@ function delete_resources {
 
 # delete_iam_config runs terraform destroy on the constellation-iam-terraform subfolder of a given folder.
 function delete_iam_config {
-  if [ -d "$1/constellation-iam-terraform" ]; then
+  if [[ -d "$1/constellation-iam-terraform" ]]; then
     cd "$1/constellation-iam-terraform" || exit 1
     terraform init > /dev/null || exit 1 # first, install plugins
     terraform destroy -auto-approve || exit 1
@@ -32,12 +32,12 @@ function delete_iam_config {
 }
 
 # check if the password for artifact decryption was given
-if [[ -z $ENCRYPTION_SECRET ]]; then
+if [[ -z ${ENCRYPTION_SECRET} ]]; then
   echo "ENCRYPTION_SECRET is not set. Please set an environment variable with that secret."
   exit 1
 fi
 
-artifact_pwd=$ENCRYPTION_SECRET
+artifact_pwd=${ENCRYPTION_SECRET}
 
 shopt -s nullglob
 
@@ -46,9 +46,9 @@ end_date=$(date --date "-7 day" "+%Y-%m-%d")
 dates_to_clean=()
 
 # get all dates of the last week
-while [[ $end_date != "$start_date" ]]; do
-  dates_to_clean+=("$end_date")
-  end_date=$(date --date "$end_date +1 day" "+%Y-%m-%d")
+while [[ ${end_date} != "${start_date}" ]]; do
+  dates_to_clean+=("${end_date}")
+  end_date=$(date --date "${end_date} +1 day" "+%Y-%m-%d")
 done
 
 echo "[*] retrieving run IDs for cleanup"
@@ -65,33 +65,33 @@ mapfile -td " " database_ids < <(echo "${database_ids[@]}")
 
 echo "[*] downloading terraform state artifacts"
 for id in "${database_ids[@]}"; do
-  if [[ $id == *[^[:space:]]* ]]; then
-    echo "    downloading from workflow $id"
-    download_tfstate_artifact "$id"
+  if [[ ${id} == *[^[:space:]]* ]]; then
+    echo "    downloading from workflow ${id}"
+    download_tfstate_artifact "${id}"
   fi
 done
 
 echo "[*] extracting artifacts"
 for directory in ./terraform-state-*; do
-  echo "    extracting $directory"
+  echo "    extracting ${directory}"
 
   # extract and decrypt the artifact
-  unzip -d "${directory}" -P "$artifact_pwd" "$directory/archive.zip" > /dev/null || exit 1
+  7zz x -t7z -p"${artifact_pwd}" -o"${directory}" "${directory}/archive.7z" > /dev/null || exit 1
 done
 
 # create terraform caching directory
-mkdir "$HOME/tf_plugin_cache"
-export TF_PLUGIN_CACHE_DIR="$HOME/tf_plugin_cache"
-echo "[*] created terraform cache directory $TF_PLUGIN_CACHE_DIR"
+mkdir "${HOME}/tf_plugin_cache"
+export TF_PLUGIN_CACHE_DIR="${HOME}/tf_plugin_cache"
+echo "[*] created terraform cache directory ${TF_PLUGIN_CACHE_DIR}"
 
 echo "[*] deleting resources"
 for directory in ./terraform-state-*; do
-  echo "    deleting resources in $directory"
-  delete_resources "$directory"
-  echo "    deleting IAM configuration in $directory"
-  delete_iam_config "$directory"
-  echo "    deleting directory $directory"
-  rm -rf "$directory"
+  echo "    deleting resources in ${directory}"
+  delete_resources "${directory}"
+  echo "    deleting IAM configuration in ${directory}"
+  delete_iam_config "${directory}"
+  echo "    deleting directory ${directory}"
+  rm -rf "${directory}"
 done
 
 exit 0

.github/actions/e2e_test/action.yml

@@ -330,7 +330,7 @@ runs:
       if: (inputs.test == 'nop') || (inputs.test == 'upgrade')
       shell: bash
       run: |
-        echo "::warning::This test has a nop payload. It doesn't run any tests."
+        echo "This test has a nop payload. It doesn't run any tests."
         echo "Sleeping for 30 seconds to allow logs to propagate to the log collection service."
         sleep 30
 

.github/actions/e2e_verify/action.yml

@@ -66,12 +66,16 @@ runs:
           forwarderPID=$!
           sleep 5
 
-          if [[ ${{ inputs.attestationVariant }} == "azure-sev-snp" ]] || [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]]; then
-            echo "Extracting TCB versions for API update"
-            constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
-          else
-            constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
-          fi
+          case "${{ inputs.attestationVariant }}"
+          in
+            "azure-sev-snp"|"aws-sev-snp"|"gcp-sev-snp")
+              echo "Extracting TCB versions for API update"
+              constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json"
+              ;;
+            *)
+              constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090
+              ;;
+          esac
 
           kill $forwarderPID
         done
@@ -90,11 +94,6 @@ runs:
         COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
         COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
       run: |
-        if [[ ${{ inputs.attestationVariant }} == "aws-sev-snp" ]] && constellation version | grep -q "v2.13."; then
-          echo "Skipping TCB upload for AWS on CLI v2.13"
-          exit 0
-        fi
-
         reports=(snp-report-*.json)
         if [ -z ${#reports[@]} ]; then
             exit 1

.github/actions/login_azure/action.yml

@@ -10,6 +10,6 @@ runs:
     # As described at:
     # https://github.com/Azure/login#configure-deployment-credentials
     - name: Login to Azure
-      uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
+      uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0
       with:
         creds: ${{ inputs.azure_credentials }}

.github/actions/notify_e2e_failure/action.yml

@@ -36,12 +36,6 @@ runs:
       shell: bash
       run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
 
-    - name: Encode URI component
-      uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
-      id: encode-uri-component
-      with:
-        string: ${{ inputs.test }}
-
     - name: Create body template
       id: body-template
       shell: bash
@@ -69,13 +63,15 @@ runs:
           fi
         }
 
+        e2eTestPayload=$(echo "${{ inputs.test }}" | jq -R -r @uri)
+
         q=$(echo "(filters:!(
           $(queryGen cloud.provider "${{ inputs.provider }}")
           $(queryGen metadata.github.ref-stream "${{ inputs.refStream }}")
           $(queryGen metadata.github.kubernetes-version "${{ inputs.kubernetesVersion }}")
           $(queryGen metadata.github.attestation-variant "${{ inputs.attestationVariant }}")
           $(queryGen metadata.github.cluster-creation "${{ inputs.clusterCreation }}")
-          $(queryGen metadata.github.e2e-test-payload "${{ steps.encode-uri-component.outputs.string }}")
+          $(queryGen metadata.github.e2e-test-payload "${e2eTestPayload}")
           (query:(match_phrase:(metadata.github.run-id:${{ github.run_id }})))
           ))" | tr -d "\t\n ")
 

.github/actions/update_tfstate/action.yml

@@ -1,8 +1,8 @@
 name: Update TFState
-description: "Update the terraform state artifact."
+description: "Update the terraform state artifact. We use this to either delete an artifact if the e2e test was cleaned up successfully or to update the artifact with the latest terraform state."
 
 inputs:
-  name: 
+  name:
     description: "The name of the artifact that contains the tfstate."
     required: true
   runID:
@@ -11,52 +11,50 @@ inputs:
   encryptionSecret:
     description: "The encryption secret for the artifacts."
     required: true
-  skipDeletion:
-    description: "Don't try to delete the artifact before updating. You should only use this if you know that no artifact exists."
-    default: "false"
-    required: false
 
 runs:
   using: "composite"
   steps:
-    - name: Check if tfstate should be deleted
-      if: always() && ${{ inputs.skipDeletion }} == "false"
+    - name: Check if uploaded tfstate can be deleted
+      if: always()
       shell: bash
       run: |
-        if [ ! -d constellation-terraform ] && [ ! -d constellation-iam-terraform ]; then
-        echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"     
+        if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
+          echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
         else
-        echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
+          echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
         fi
 
     - name: Delete tfstate artifact if necessary
-      if: always() && env.DELETE_TF_STATE == 'true' && ${{ inputs.skipDeletion }} == "false"
+      if: always() && env.DELETE_TF_STATE == 'true'
       uses: ./.github/actions/artifact_delete
       with:
         name: ${{ inputs.name }}
         workflowID: ${{ inputs.runID }}
 
-    - name: Prepare terraform state folders
-      if: always()
+    - name: Prepare left over terraform state folders
+      if: always() && env.DELETE_TF_STATE == 'false'
       shell: bash
       run: |
         rm -rf to-zip/*
+        mkdir -p to-zip
+
         to_upload=""
-        if [ -d constellation-terraform ]; then
-        cp -r constellation-terraform to-zip
-        rm to-zip/constellation-terraform/plan.zip
-        rm -rf to-zip/constellation-terraform/.terraform
-        to_upload+="to-zip/constellation-terraform"
+        if [[ -d constellation-terraform ]]; then
+          cp -r constellation-terraform to-zip
+          rm -f to-zip/constellation-terraform/plan.zip
+          rm -rf to-zip/constellation-terraform/.terraform
+          to_upload+="to-zip/constellation-terraform"
         fi
-        if [ -d constellation-iam-terraform ]; then
-        cp -r constellation-iam-terraform to-zip
-        rm -rf to-zip/constellation-iam-terraform/.terraform
-        to_upload+=" to-zip/constellation-iam-terraform"
+        if [[ -d constellation-iam-terraform ]]; then
+          cp -r constellation-iam-terraform to-zip
+          rm -rf to-zip/constellation-iam-terraform/.terraform
+          to_upload+=" to-zip/constellation-iam-terraform"
         fi
         echo "TO_UPLOAD=$to_upload" >> "$GITHUB_ENV"
 
     - name: Update tfstate
-      if: always()
+      if: always() && env.TO_UPLOAD != ''
       uses: ./.github/actions/artifact_upload
       with:
         name: ${{ inputs.name }}
@@ -64,5 +62,3 @@ runs:
           ${{ env.TO_UPLOAD }}
         encryptionSecret: ${{ inputs.encryptionSecret }}
         overwrite: true
-
-

.github/actions/upload_terraform_module/action.yml

@@ -23,4 +23,4 @@ runs:
     - name: Cleanup Terraform module dir
       shell: bash
       run: |
-        rm -r terraform-module terraform-module.zip
+        rm -f terraform-module terraform-module.zip

.github/actions/versionsapi/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.22.2@sha256:c4fb952e712efd8f787bcd8e53fd66d1d83b7dc26adabc218e9eac1dbf776bdf as builder
+FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 as builder
 
 # Download project root dependencies
 WORKDIR /workspace

.github/workflows/build-ccm-gcp.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22.2"
+          go-version: "1.22.3"
           cache: false
 
       - name: Install Crane

.github/workflows/build-os-image-scheduled.yml

@@ -69,7 +69,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22.2"
+          go-version: "1.22.3"
           cache: false
 
       - name: Determine version

.github/workflows/codeql.yml

@@ -40,7 +40,7 @@ jobs:
         if: matrix.language == 'go'
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22.2"
+          go-version: "1.22.3"
           cache: false
 
       - name: Initialize CodeQL

.github/workflows/e2e-test-daily.yml

@@ -46,10 +46,15 @@ jobs:
       max-parallel: 5
       matrix:
         kubernetesVersion: ["1.28"] # should be default
-        # TODO(msanft): Enable GCP SEV-SNP once stable GCP SEV-SNP images exist.
-        attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
+        attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
         refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
         test: ["sonobuoy quick"]
+        exclude:
+          # TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist.
+          - kubernetesVersion: "1.28"
+            attestationVariant: "gcp-sev-snp"
+            refStream: "ref/release/stream/stable/?"
+            test: "sonobuoy quick"
     runs-on: ubuntu-22.04
     permissions:
       id-token: write
@@ -129,7 +134,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         uses: ./.github/actions/update_tfstate
         with:
-          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} 
+          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
           runID: ${{ github.run_id }}
           encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
 

.github/workflows/e2e-test-provider-example.yml

@@ -156,7 +156,7 @@ jobs:
 
       - name: Login to AWS (IAM + Cluster role)
         if: steps.determine.outputs.cloudProvider == 'aws'
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
         with:
           role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
           aws-region: eu-central-1

.github/workflows/e2e-test-weekly.yml

@@ -385,7 +385,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         uses: ./.github/actions/update_tfstate
         with:
-          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} 
+          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
           runID: ${{ github.run_id }}
           encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
 

.github/workflows/e2e-test.yml

@@ -286,6 +286,6 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         uses: ./.github/actions/update_tfstate
         with:
-          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }} 
+          name: terraform-state-${{ steps.e2e_test.outputs.namePrefix }}
           runID: ${{ github.run_id }}
           encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

.github/workflows/e2e-upgrade.yml

@@ -513,7 +513,7 @@ jobs:
         run: |
           mkdir -p to-zip
           cp -r constellation-terraform to-zip
-          rm to-zip/constellation-terraform/plan.zip
+          rm -f to-zip/constellation-terraform/plan.zip
           rm -rf to-zip/constellation-terraform/.terraform
           cp -r constellation-iam-terraform to-zip
           rm -rf to-zip/constellation-iam-terraform/.terraform
@@ -542,7 +542,7 @@ jobs:
           GH_TOKEN: ${{ github.token }}
         uses: ./.github/actions/update_tfstate
         with:
-          name: terraform-state-${{ needs.create-cluster.outputs.e2e-name-prefix }} 
+          name: terraform-state-${{ needs.create-cluster.outputs.e2e-name-prefix }}
           runID: ${{ github.run_id }}
           encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
 

.github/workflows/e2e-windows.yml

@@ -80,10 +80,12 @@ jobs:
           azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
 
       - name: Create IAM configuration
+        id: iam-create
         shell: pwsh
         run: |
           $uid = Get-Random -Minimum 1000 -Maximum 9999
           $rgName = "e2e-win-${{ github.run_id }}-${{ github.run_attempt }}-$uid"
+          "rgName=$($rgName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
           .\constellation.exe config generate azure -t "workflow=${{ github.run_id }}"
           .\constellation.exe iam create azure --region=westus --resourceGroup=$rgName-rg --servicePrincipal=$rgName-sp --update-config --debug -y
 
@@ -150,6 +152,7 @@ jobs:
           }
 
       - name: Terminate cluster
+        id: terminate-cluster
         if: always()
         shell: pwsh
         run: |
@@ -162,11 +165,20 @@ jobs:
           azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
 
       - name: Delete IAM configuration
+        id: delete-iam
         if: always()
         shell: pwsh
         run: |
           .\constellation.exe iam destroy --debug -y
 
+      - name: Clean up after failure
+        # run on a cleanup failure or if cancelled
+        if: (failure() && (steps.terminate-cluster.conclusion == 'failure' || steps.delete-iam.conclusion == 'failure')) || cancelled()
+        shell: pwsh
+        run: |
+          az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg --yes
+          az group delete --name ${{ steps.iam-create.outputs.rgName }}-rg-identity --yes
+
   notify-failure:
     name: Notify about failure
     runs-on: ubuntu-22.04
@@ -196,25 +208,3 @@ jobs:
           provider: Azure
           attestationVariant: "azure-sev-snp"
 
-  upload-tfstate:
-    name: Upload terraform state if it exists
-    runs-on: ubuntu-22.04
-    needs: e2e-test
-    if: always()
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-
-      - name: Upload tfstate
-        if: always()
-        env:
-          GH_TOKEN: ${{ github.token }}
-        uses: ./.github/actions/update_tfstate
-        with:
-          name: terraform-state-${{ github.run_id }} 
-          runID: ${{ github.run_id }}
-          encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
-          skipDeletion: "true"
-

.github/workflows/release.yml

@@ -233,7 +233,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22.2"
+          go-version: "1.22.3"
           cache: true
 
       - name: Build generateMeasurements tool

.github/workflows/test-operator-codegen.yml

@@ -28,7 +28,7 @@ jobs:
       - name: Setup Go environment
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: "1.22.2"
+          go-version: "1.22.3"
           cache: true
 
       - name: Run code generation

3rdparty/gcp-guest-agent/Dockerfile

@@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y \
     git
 
 # Install Go
-ARG GO_VER=1.22.2
+ARG GO_VER=1.22.3
 RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
     tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
     rm go${GO_VER}.linux-amd64.tar.gz

WORKSPACE.bazel

@@ -170,7 +170,7 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchai
 go_download_sdk(
     name = "go_sdk",
     patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
-    version = "1.22.2",
+    version = "1.22.3",
 )
 
 go_rules_dependencies()

dev-docs/workflows/bump-go-version.md

@@ -1,4 +1,5 @@
 # Bump Go version
+
 `govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.
 
 ## Steps
@@ -6,5 +7,13 @@
 Replace "1.xx.x" with the new version in [WORKSPACE.bazel](/WORKSPACE.bazel):
 
 ```starlark
-go_register_toolchains(version = "1.xx.x")
+load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies")
+
+go_download_sdk(
+    name = "go_sdk",
+    patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
+    version = "1.xx.x", <--- Replace this one
+              ~~~~~~~~
+)
+
 ```

go.work

@@ -1,6 +1,6 @@
-go 1.22.2
+go 1.22.3
 
-toolchain go1.22.2
+toolchain go1.22.3
 
 use (
 	.

image/mirror/SHA256SUMS

@@ -92,9 +92,9 @@ cd41c94b8c668602f7fb5eae595e5d5c34bd1b91690b5cc06f4c8c199794dfa8  gnupg2-smime-2
 e0481a0fd263907193fe9f3f080a17e89de1ef1d8a490078a6225062b4eec761  gpgme-1.17.1-5.fc38.x86_64.rpm
 ad16ec814c4423d007d218a3f45d2e39d3dab00fc8c0d75eef176041594e3970  gpm-libs-1.20.7-42.fc38.x86_64.rpm
 60ed241ec381a23d03fac733a72132dbdc4ba04c412add78bfc67f1b9f1b4daa  grep-3.8-3.fc38.x86_64.rpm
-8ccdd14f712a6459ff2094fb84a6b2f065040cf5ab0bcb844caaa07bb0ad2cda  grub2-common-2.06-116.fc38.noarch.rpm
-938199770615a3698fb69a32f5274ca36904f4496772f8f538b2b1f332381351  grub2-tools-2.06-116.fc38.x86_64.rpm
-76f510f88200abe7009807c4630688050fc4eebf206d173e00508cee992e2d5e  grub2-tools-minimal-2.06-116.fc38.x86_64.rpm
+b550e98ee06b72177009627b7dedf470fe662c5b7180180fed14d705788f33a7  grub2-common-2.06-118.fc38.noarch.rpm
+ad56781d108b910a9f86106cbb653f01201196995150e9e5d84d3de6b90f4851  grub2-tools-2.06-118.fc38.x86_64.rpm
+2e98885b2a2271f1020804ec2a2912f045fc19c87b65177280d94250ad8e21f5  grub2-tools-minimal-2.06-118.fc38.x86_64.rpm
 5e95f1f40c3242809a7a047543a57046d16e5df811aa816c4aa2b0cc8b883b8e  grubby-8.40-70.fc38.x86_64.rpm
 cd17ffd09699224216affbbc765dfda04e1b5ccebb8e95af45a56c54ff257e2b  gvisor-tap-vsock-0.7.3-1.fc38.x86_64.rpm
 8ec6f2f11b854734c53b5d43638d08740b3b36f981c495d0ca17bf044b370248  gvisor-tap-vsock-gvforwarder-0.7.3-1.fc38.x86_64.rpm
@@ -131,7 +131,7 @@ d78d7bc485f099bb08c9de55dd12ea6a984b948face1f947de6ec805663a96c5  libattr-2.5.1-
 dca5cafabf192d1f5abe37fa06425877bf74bb6e8c5ce5cad577274b18169b94  libblkid-2.38.1-4.fc38.i686.rpm
 21b5a1a024c2d1877d2b7271fd3f82424eb0bd6b95395ad3a3dae5776eec8714  libblkid-2.38.1-4.fc38.x86_64.rpm
 8079443881e764cece2f8f6789b39ebbe43226cde61675bdfae5a5a18a439b5f  libbpf-1.1.0-2.fc38.x86_64.rpm
-58cc0371663c027c0c369337f303133ccad774b2f474d8ab53bdce7b904dbb0f  libbsd-0.12.2-1.fc38.x86_64.rpm
+d206e2d18ff35ffc2d39a49db20abd3bd24274f54efb2af257f3bff36afe3dcb  libbsd-0.12.2-3.fc38.x86_64.rpm
 04fdf1cee0fc12ff10757a07beb1dd014a0f23def582255ff0dbd8472868f08f  libcap-2.48-8.fc38.i686.rpm
 df1ecff1c2d83b5256a03aaf9bda20cfd86def263645ddd677aaa3facc525561  libcap-2.48-8.fc38.x86_64.rpm
 5257031cba9a8791a277994e026b0f4c7a1cf2878505f5e1ed463fa670b67f05  libcap-ng-0.8.3-8.fc38.i686.rpm
@@ -276,11 +276,11 @@ fb3fabd657b8f8603c6e19858beb0d506cf957bbca2f3feb827b64c94563b31f  popt-1.19-2.fc
 8b3f681cd05e071d4c7b21eff4684a3ca7674599ee984cccd6a69a685eb8a41c  protobuf-c-1.4.1-4.fc38.x86_64.rpm
 6983318d6b2dfd4eea29448e9853b74b1d009ab37be7add3ff304ff0483714cb  psmisc-23.6-2.fc38.x86_64.rpm
 5d57133d4f5ace3ca45aaa59ae4b8f6e907a51df6503f3747ed0e5316de3b4dc  publicsuffix-list-dafsa-20240107-1.fc38.noarch.rpm
-e59d71a66652002e1bc6331db17a061bd3ceacf1a449be8af9f7cefc50af4ad7  python-pip-wheel-22.3.1-3.fc38.noarch.rpm
+b6416707be79fb1e9f99d0cb9b06a27fb045f88ec2f698e93117cc95cac7fff2  python-pip-wheel-22.3.1-4.fc38.noarch.rpm
 7417816bd96d7b49e5a98c85eba313afaa8b8802458d7cd9f5ba72ecc31933e3  python-setuptools-wheel-65.5.1-2.fc38.noarch.rpm
-5aadde78a824378f6c98385cd2efabbbad183e3eb02333e44f0d4e771a45fafe  python-unversioned-command-3.11.8-2.fc38.noarch.rpm
-addcb7a118134fede26541516a4e53c983b625266ae223f00e07a990ada62938  python3-3.11.8-2.fc38.x86_64.rpm
-1cbb84f28da01dcb48b6b7dbb7248f7e9875dcb2d182385ef82b2d7d05a84abc  python3-libs-3.11.8-2.fc38.x86_64.rpm
+4abf1cf4a1eacaa8755650704f0c8d4dba0814e648aae82df935a00d53bf46b2  python-unversioned-command-3.11.9-2.fc38.noarch.rpm
+a537a4e0e298651cf582b9af3ed3d843946837e94fef66de3041729533283d12  python3-3.11.9-2.fc38.x86_64.rpm
+64c68c1eb659020a6587b1b25e825afafe21effd05a9abdfa1b363f81ed400d8  python3-libs-3.11.9-2.fc38.x86_64.rpm
 92ff091ca65dbfb27dcbebe3087e55b64bebf204df0ed41c26de59497dbd023b  qemu-user-static-7.2.10-1.fc38.x86_64.rpm
 c6556a55be749a8c81edf22e47cb9c3385aaf69df7950f20312fa7f0818b9488  qemu-user-static-aarch64-7.2.10-1.fc38.x86_64.rpm
 1fe55e907d9efa0e02f398485859a795dea0fbb01d3a51658dc897874c75f1bc  qemu-user-static-alpha-7.2.10-1.fc38.x86_64.rpm
@@ -337,15 +337,15 @@ a0bf879d762443195b4745096d7ee0afef4b71c9008042a3f06d9cd35162d197  systemd-libs-2
 232da16c546617adde46ecaa1d5367acd05f75d04570fb367123b8dd01abdea4  util-linux-2.38.1-4.fc38.i686.rpm
 f0f8e33332df97afd911093f28c487bc84cbe4dcc7bb468eac5551d235acee62  util-linux-2.38.1-4.fc38.x86_64.rpm
 b57dbbbee14301e89df618b398ef39b7fc841eaba6be1b6346cf37ed7695c26a  util-linux-core-2.38.1-4.fc38.x86_64.rpm
-ecf20fb825cac6c1e186fd9034999492e52d5df8114242372866bcebe79e3ad4  vim-common-9.1.309-1.fc38.x86_64.rpm
-54c84db8b9b86ed2d5a3599f38bb9aef7b8e383d3cd5662afc72cf7812580104  vim-data-9.1.309-1.fc38.noarch.rpm
-67b4e8a44d30b0c1fd0bedf2ccabf6097b1d1ad5a36b82a0ac66181de63c2dc5  vim-enhanced-9.1.309-1.fc38.x86_64.rpm
-39fd499ecab55d81bc6051eee9fbc3521640fb45545ff9609397e192a7a3dd15  vim-filesystem-9.1.309-1.fc38.noarch.rpm
+cb167e73a911cd10edcaf58a911f23e75581c27aadb7d2b48f9988057002a27e  vim-common-9.1.354-1.fc38.x86_64.rpm
+275f7257e70f8c060b088686d6bd22c327f9ffed0eb79d79a6335b41f85a183a  vim-data-9.1.354-1.fc38.noarch.rpm
+0da95855d82ce7249fe402f9251a54edd574ea7329fb1d8ec0f7d0207e21dc23  vim-enhanced-9.1.354-1.fc38.x86_64.rpm
+273bd9f355aee40d4220ba89e3bcf4bfe5f2a72f3ba84d1c1026f5a36a13398b  vim-filesystem-9.1.354-1.fc38.noarch.rpm
 a4c8b2a90705fed491f6f7f258904637c18773d323d39e97bf9036260b79a0f6  wget-1.21.4-1.fc38.x86_64.rpm
 2c8b143f3cb83efa5a31c85bea1da3164ca2dde5e2d75d25115f3e21ef98b4e0  which-2.21-39.fc38.x86_64.rpm
 84f87df3afabe3de8748f172220107e5a5cbb0f0ef954386ecff6b914604aada  whois-nls-5.5.18-1.fc38.noarch.rpm
 59a7a5a775c196961cdc51fb89440a055295c767a632bfa684760e73650aa9a0  xkeyboard-config-2.38-1.fc38.noarch.rpm
-56b7e00ebf801a10a47a2a09d4409595ab9cabdbbeb772502348066cfd490736  xxd-9.1.309-1.fc38.x86_64.rpm
+fd60e5a90c7f28e2c9b72aabb17c7fa548330ebfa2e99d72d861e557562ceec0  xxd-9.1.354-1.fc38.x86_64.rpm
 e911703ffceee37ec1066344820ab0cf9ba8e43d7957395981ba68c4d411a0a4  xz-5.4.1-1.fc38.x86_64.rpm
 2b3a57c5ccfd4c99ec78d8420394387782a4ac57946d63800a406a4050c3d214  xz-libs-5.4.1-1.fc38.i686.rpm
 bfce8ac2a2a78a23fb931531fb3d8f530a78f4d5b17f6199bf99b93ca21858c0  xz-libs-5.4.1-1.fc38.x86_64.rpm

internal/attestation/measurements/measurements_enterprise.go

@@ -13,17 +13,20 @@ package measurements
 // a build tag.
 // The enterprise build tag is required to validate the measurements using production
 // sigstore certificates.
+//
+// To add measurements for a new variant, add a new entry as `<csp>_<variant> = M{}` and run the generate tool.
+// Entries defined as `<csp>_<variant> M` are ignored.
 
 // revive:disable:var-naming
 var (
-	aws_AWSNitroTPM          = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbf, 0x2f, 0x54, 0x46, 0x1f, 0x12, 0xd9, 0x85, 0x0d, 0xaf, 0xe3, 0xf5, 0x7d, 0xb8, 0x4d, 0x63, 0x67, 0x22, 0x8a, 0x12, 0x6e, 0x26, 0x1d, 0x42, 0x82, 0xdf, 0x1e, 0x2c, 0xc6, 0xfc, 0x43, 0x1a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x1e, 0xde, 0x8b, 0x0d, 0x8a, 0xbe, 0x48, 0x3e, 0x92, 0x52, 0x3e, 0x0f, 0x2b, 0x1a, 0x3d, 0x33, 0x9d, 0x5c, 0x3c, 0xe1, 0x70, 0xa8, 0x95, 0xf5, 0xc9, 0x8d, 0x6e, 0xe2, 0x03, 0x5f, 0x86}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc9, 0xac, 0x85, 0x73, 0x0e, 0x69, 0x7f, 0x6b, 0x36, 0x53, 0xb1, 0x80, 0xa4, 0x3b, 0x22, 0xcb, 0x6a, 0xfc, 0xad, 0xbb, 0xc7, 0xb5, 0xb3, 0x83, 0x6a, 0x51, 0x29, 0x6f, 0x54, 0x83, 0x35, 0xf8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	aws_AWSSEVSNP            = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6d, 0xbf, 0x47, 0x89, 0x38, 0x51, 0xea, 0x1f, 0xd7, 0x83, 0xb9, 0xb3, 0xda, 0x91, 0x6f, 0x41, 0xce, 0x85, 0x27, 0x1c, 0x0d, 0xaf, 0x6e, 0xf0, 0x9c, 0xf8, 0x22, 0xca, 0x05, 0xb8, 0xc1, 0x9c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x74, 0x89, 0x5a, 0x6b, 0x00, 0x3d, 0xd4, 0xe0, 0xd4, 0x78, 0x31, 0xcc, 0x46, 0x41, 0xfb, 0xf0, 0x6c, 0xeb, 0x2f, 0xce, 0x3f, 0x05, 0x05, 0x22, 0xe7, 0xee, 0x9c, 0xf2, 0xa3, 0xcd, 0xe0, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x19, 0x3e, 0xca, 0x8e, 0x74, 0x55, 0xfe, 0x52, 0x98, 0xc7, 0x07, 0x7f, 0x4f, 0x3f, 0x43, 0x25, 0xe3, 0xb8, 0x2a, 0xbb, 0x2c, 0x2b, 0x80, 0xe3, 0xdd, 0x0c, 0x0f, 0x49, 0xfa, 0x61, 0x99, 0x96}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	azure_AzureSEVSNP        = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0x5d, 0xd8, 0xa5, 0xc5, 0x09, 0x51, 0x1a, 0xf4, 0x4d, 0xd4, 0x16, 0x5d, 0xcb, 0xd9, 0xe2, 0x97, 0x19, 0x99, 0x65, 0x6b, 0xb1, 0xfc, 0xef, 0xac, 0xef, 0x58, 0xac, 0x71, 0x9d, 0x7d, 0xf9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0a, 0x98, 0xc7, 0xa3, 0xaa, 0x81, 0x68, 0x4c, 0xf7, 0x1f, 0x35, 0x1f, 0x49, 0x62, 0x45, 0x48, 0x0e, 0xac, 0x77, 0x36, 0x26, 0x61, 0x2f, 0x13, 0xb0, 0xbc, 0x64, 0x6d, 0x0a, 0xd9, 0xd5, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf5, 0xa8, 0x0d, 0xca, 0x84, 0x40, 0xab, 0x7d, 0xe2, 0x7b, 0xc4, 0x95, 0xb0, 0x81, 0x19, 0x12, 0xbc, 0x5b, 0x7c, 0xe6, 0xd3, 0x9a, 0xda, 0xd7, 0xa9, 0x1b, 0x61, 0x67, 0xf0, 0xc6, 0x99, 0xe8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	azure_AzureTDX           = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf3, 0xf2, 0x64, 0xcc, 0xae, 0x7a, 0x1b, 0xdb, 0xc2, 0xeb, 0x95, 0x1c, 0xe2, 0x1a, 0x14, 0x3d, 0x47, 0xda, 0x60, 0x28, 0xea, 0x2c, 0x1e, 0xa9, 0x37, 0x29, 0x3a, 0xc3, 0xca, 0x82, 0x24, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x64, 0x57, 0x07, 0x7a, 0x96, 0x72, 0x35, 0x84, 0x09, 0x55, 0xed, 0x02, 0x96, 0x62, 0x37, 0xb6, 0xb3, 0xab, 0xbb, 0xe6, 0x84, 0xa7, 0x45, 0x8e, 0x8a, 0xd4, 0x8b, 0x5d, 0xe9, 0x80, 0x2d, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7b, 0x84, 0x7e, 0xa7, 0x38, 0x9e, 0xb7, 0x69, 0x19, 0x4f, 0x21, 0x46, 0xdf, 0x71, 0x14, 0x23, 0x25, 0xc6, 0x0d, 0x66, 0x20, 0xef, 0xf1, 0x79, 0xf2, 0xcb, 0xa6, 0xf4, 0xb1, 0xee, 0x61, 0x33}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	aws_AWSNitroTPM          = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0x59, 0x34, 0x21, 0x02, 0x90, 0x44, 0x09, 0x1e, 0xa3, 0xf4, 0xee, 0x2d, 0x37, 0x81, 0x0d, 0x7c, 0x61, 0xb0, 0xe0, 0x2f, 0x02, 0xc3, 0xb1, 0x62, 0x03, 0xcf, 0xcb, 0x6e, 0xe2, 0xc4, 0x16}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0x41, 0x35, 0x4c, 0xe6, 0xd4, 0xc2, 0x22, 0xac, 0x29, 0x22, 0x81, 0x0b, 0x7d, 0x47, 0x05, 0xff, 0xa2, 0x53, 0x7e, 0x2d, 0x70, 0xe4, 0x1c, 0x1d, 0x24, 0x9d, 0x76, 0x14, 0xd3, 0x44, 0x6e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0xb6, 0x56, 0xaf, 0xf7, 0xa1, 0x42, 0x72, 0xcb, 0x2d, 0x73, 0xa7, 0xe8, 0x91, 0xb7, 0x65, 0xe5, 0x1d, 0x6c, 0xd5, 0x96, 0xa8, 0xf1, 0x3d, 0x0a, 0xd2, 0x98, 0x0a, 0x82, 0x28, 0xd9, 0x18}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	aws_AWSSEVSNP            = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x20, 0xad, 0x2d, 0x6d, 0xa9, 0xf8, 0xe2, 0x0d, 0x29, 0x5a, 0x04, 0xa0, 0x3a, 0x12, 0xd2, 0x56, 0x23, 0x96, 0x92, 0x56, 0x4c, 0x6f, 0x84, 0xc8, 0x23, 0x62, 0x32, 0x0e, 0x0e, 0x10, 0x6e, 0xe0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x43, 0x61, 0xcc, 0x73, 0x35, 0xbf, 0xf7, 0x9c, 0xad, 0x9b, 0xb2, 0x79, 0xd8, 0x79, 0xb3, 0x11, 0xba, 0x25, 0x86, 0x05, 0xcd, 0x42, 0x61, 0x2c, 0x83, 0x52, 0xfe, 0x94, 0x1a, 0x20, 0x88, 0x32}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0x32, 0xad, 0xc8, 0x09, 0x1c, 0xb4, 0x48, 0xc3, 0x02, 0x5b, 0xfc, 0x25, 0x1b, 0xa3, 0x4f, 0x08, 0x87, 0x96, 0xa6, 0x35, 0x5f, 0xfe, 0x0f, 0x25, 0x12, 0xdc, 0xb4, 0x51, 0x82, 0x63, 0x4d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	azure_AzureSEVSNP        = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfc, 0xe3, 0xcc, 0xa7, 0xbc, 0x7b, 0xb6, 0xad, 0x5c, 0x9f, 0xcb, 0x9a, 0x2c, 0x29, 0xda, 0xe6, 0x92, 0x47, 0x6f, 0x1e, 0x22, 0xfc, 0xb0, 0xe0, 0x1c, 0x97, 0x53, 0x8c, 0x94, 0x20, 0x29, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x02, 0x30, 0x52, 0x12, 0x53, 0x7f, 0x41, 0x45, 0x9d, 0x90, 0xea, 0xf5, 0xd1, 0x45, 0xf2, 0xd5, 0x7b, 0x40, 0x4b, 0x2d, 0xbd, 0xdd, 0x36, 0x35, 0xa4, 0x0f, 0xc0, 0xc9, 0x24, 0x3e, 0x3d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xff, 0x83, 0xa5, 0x18, 0x84, 0xaa, 0x4f, 0x94, 0x3a, 0x34, 0x2a, 0xf8, 0x65, 0x3d, 0x4c, 0xab, 0xe6, 0x50, 0xf5, 0xce, 0xba, 0x38, 0x81, 0xcc, 0xd4, 0x57, 0xb4, 0xcd, 0x52, 0x27, 0xa5, 0x6d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	azure_AzureTDX           = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0xf5, 0x25, 0x37, 0xb1, 0x53, 0xac, 0x42, 0xc1, 0xea, 0xba, 0x12, 0x02, 0xc4, 0xe8, 0xfc, 0xb1, 0x02, 0x4d, 0x25, 0x64, 0x84, 0xb0, 0x26, 0x2f, 0x9f, 0x20, 0x66, 0x3b, 0x6a, 0xa3, 0xdf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x75, 0x85, 0xdc, 0xff, 0x32, 0x29, 0x12, 0xc0, 0x78, 0x25, 0xb3, 0x9b, 0x91, 0x17, 0xb4, 0x1b, 0x76, 0xad, 0xe5, 0x97, 0x07, 0x08, 0xd5, 0xbe, 0x26, 0x26, 0x67, 0x37, 0x6d, 0x9f, 0x9a, 0x00}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0xe2, 0x2b, 0x92, 0xf8, 0xba, 0xb8, 0xe2, 0x4f, 0x4d, 0xf1, 0xc3, 0x10, 0x42, 0x2d, 0xe1, 0x4b, 0x77, 0x43, 0x46, 0x2e, 0x02, 0x5e, 0xa1, 0xb7, 0x0e, 0x69, 0x85, 0x53, 0x49, 0x80, 0xd4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 	azure_AzureTrustedLaunch M
-	gcp_GCPSEVES             = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x25, 0xda, 0xe3, 0x74, 0x8b, 0x43, 0xa3, 0x4f, 0xea, 0x5f, 0x18, 0xeb, 0x02, 0x38, 0xfc, 0xa3, 0xef, 0x20, 0x81, 0x5a, 0x58, 0x21, 0x4a, 0x16, 0xcc, 0x33, 0x4f, 0x0b, 0xe4, 0xb8, 0x96, 0x00}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0xfd, 0x0a, 0x1f, 0x8c, 0x5e, 0x60, 0x3f, 0x54, 0x81, 0xcc, 0x28, 0x75, 0x39, 0x12, 0x2d, 0xc9, 0x98, 0xad, 0xd0, 0x4e, 0x85, 0x71, 0xa7, 0xc0, 0xfc, 0x28, 0xb7, 0xc2, 0x2f, 0xc3, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x2f, 0xc6, 0x77, 0x4d, 0xc2, 0x9e, 0xf1, 0xac, 0xd5, 0x5e, 0x82, 0x66, 0x4d, 0x92, 0xe5, 0x0d, 0x48, 0xfe, 0xcf, 0xe8, 0xe7, 0x5a, 0x51, 0x8b, 0xd8, 0x2a, 0x78, 0xb8, 0x17, 0xec, 0x23}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	gcp_GCPSEVSNP            M
-	openstack_QEMUVTPM       = M{4: {Expected: []byte{0x7f, 0xf9, 0x31, 0x4a, 0x4d, 0xa5, 0xe2, 0xe3, 0xe1, 0x1c, 0x3e, 0x40, 0x71, 0x44, 0xe7, 0x96, 0x3d, 0x62, 0x0b, 0x7f, 0xf0, 0xe8, 0xcb, 0x17, 0x7f, 0x53, 0x93, 0xd4, 0x91, 0xfb, 0xc7, 0x09}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x20, 0x0e, 0x08, 0x40, 0xb6, 0x49, 0xdd, 0xaf, 0xa5, 0x95, 0x39, 0x73, 0x2b, 0x8a, 0x2d, 0x9e, 0xbf, 0x87, 0xdf, 0xb3, 0x2b, 0x0f, 0x82, 0x63, 0xd0, 0x9a, 0x9e, 0x56, 0x7d, 0x37, 0xf4, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2d, 0x5d, 0xcf, 0x9e, 0x2f, 0x70, 0x9c, 0xa6, 0xcf, 0xb3, 0x83, 0x07, 0x9c, 0xd6, 0x6e, 0x2c, 0x29, 0x2c, 0x40, 0xc7, 0x93, 0x51, 0x59, 0x38, 0xdf, 0xc4, 0xc5, 0xb6, 0xf5, 0x49, 0x5b, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	gcp_GCPSEVES             = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4f, 0x5d, 0x48, 0xaf, 0xc1, 0x07, 0xc3, 0x27, 0x3d, 0xd2, 0xec, 0x79, 0x59, 0x43, 0x4a, 0x04, 0x1d, 0x52, 0xd9, 0x4f, 0x8e, 0xbc, 0x04, 0x67, 0x9a, 0x7a, 0xf3, 0x69, 0xd6, 0x29, 0xb8, 0xe7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0x46, 0xa7, 0xd7, 0x8d, 0xfd, 0x26, 0xcf, 0xb1, 0x44, 0xb3, 0x91, 0x27, 0xb4, 0x78, 0xc4, 0x75, 0xd0, 0xa0, 0x2f, 0xda, 0x30, 0x51, 0xb9, 0xa5, 0xae, 0x22, 0x80, 0x12, 0xd3, 0x05, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x58, 0x0b, 0x42, 0xf5, 0xc7, 0x76, 0xc5, 0x40, 0x0f, 0x11, 0xc9, 0x5c, 0xa0, 0xb1, 0xed, 0xa8, 0x36, 0x32, 0xd8, 0x73, 0x69, 0x33, 0xf7, 0x12, 0xfc, 0x04, 0xc4, 0x63, 0x61, 0x66, 0x53}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	gcp_GCPSEVSNP            = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf0, 0xa7, 0x42, 0xe7, 0x1a, 0x57, 0xdc, 0x54, 0xac, 0x51, 0xb8, 0x22, 0xd4, 0x15, 0xf8, 0xdc, 0x24, 0xa0, 0x0b, 0xe4, 0x73, 0xc0, 0x73, 0x57, 0x98, 0x95, 0x75, 0x87, 0x8d, 0x2f, 0xbd, 0x56}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0x20, 0x17, 0x19, 0x06, 0x1f, 0x92, 0x73, 0x60, 0x1a, 0x74, 0x39, 0x72, 0xd7, 0x48, 0xca, 0x88, 0xd0, 0x59, 0x32, 0xba, 0x6c, 0x36, 0x23, 0xce, 0xf1, 0xd9, 0xe8, 0xbc, 0xf2, 0xe6, 0x2c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x59, 0x6b, 0x0e, 0xd5, 0x58, 0xf7, 0x2d, 0x2e, 0x5c, 0xb3, 0x1a, 0x9f, 0x41, 0xe8, 0x17, 0x07, 0x30, 0xcd, 0x76, 0x0d, 0x63, 0xb8, 0x13, 0x2e, 0xe6, 0xcb, 0x40, 0xf0, 0xd6, 0x73, 0xef, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	openstack_QEMUVTPM       = M{4: {Expected: []byte{0xaa, 0x36, 0x58, 0xb8, 0xe2, 0x8e, 0x07, 0x86, 0x65, 0x5a, 0xdf, 0x04, 0x3a, 0x04, 0x02, 0x81, 0x3d, 0x07, 0xb8, 0x91, 0x83, 0x5a, 0xd2, 0x38, 0x75, 0x8a, 0x30, 0x36, 0xee, 0x52, 0xce, 0x5e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2c, 0x92, 0x4d, 0x3b, 0x70, 0x10, 0xff, 0x4c, 0x8f, 0xf2, 0x8a, 0x55, 0x59, 0x8b, 0x26, 0x97, 0xf8, 0x21, 0x24, 0xce, 0x55, 0x0a, 0x35, 0xef, 0xc7, 0x8d, 0x9c, 0x7b, 0x89, 0xbb, 0xbc, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe1, 0x56, 0x6d, 0xbc, 0x19, 0x27, 0x29, 0xd1, 0x80, 0xa9, 0xaa, 0x18, 0x6c, 0xa0, 0x5c, 0x3a, 0xb1, 0xd6, 0xb2, 0x52, 0xe3, 0x78, 0x47, 0x74, 0xe6, 0x91, 0x98, 0x8b, 0x1f, 0xd3, 0x54, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 	qemu_QEMUTDX             M
-	qemu_QEMUVTPM            = M{4: {Expected: []byte{0x33, 0xbb, 0x15, 0x90, 0x9b, 0x77, 0xd9, 0xed, 0x9e, 0x30, 0x54, 0x38, 0x3c, 0x5d, 0xb5, 0x34, 0xd1, 0x44, 0x21, 0x8d, 0x1a, 0x92, 0x4b, 0x4a, 0xa3, 0x89, 0x05, 0xba, 0xab, 0x85, 0xc5, 0xb1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x31, 0x30, 0x26, 0x04, 0x4e, 0x76, 0x24, 0x68, 0x05, 0x29, 0x84, 0xed, 0x86, 0xeb, 0xa6, 0x4d, 0x25, 0x58, 0x11, 0xfe, 0x2b, 0xae, 0xab, 0xcc, 0x8e, 0x99, 0x31, 0x48, 0x40, 0x58, 0x37, 0xeb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xcd, 0x39, 0xe4, 0x9d, 0x33, 0xcf, 0xae, 0x08, 0x2b, 0x00, 0x91, 0xc0, 0xaa, 0x1c, 0xe5, 0x88, 0x9b, 0xcf, 0x59, 0x54, 0x33, 0xd2, 0xab, 0x61, 0xec, 0x9a, 0x95, 0xb0, 0x5d, 0x2b, 0xc1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	qemu_QEMUVTPM            = M{4: {Expected: []byte{0xfc, 0x2c, 0xd1, 0x14, 0x27, 0xe6, 0x0c, 0xb0, 0x69, 0x96, 0xa9, 0x1d, 0x60, 0x07, 0x38, 0x97, 0x49, 0xcf, 0xd0, 0xb8, 0xea, 0x80, 0xdf, 0x38, 0x3b, 0x46, 0xb2, 0x12, 0xba, 0x85, 0x88, 0xe2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3c, 0xc6, 0xd0, 0xb9, 0xe5, 0x7a, 0x15, 0x22, 0x97, 0xaa, 0xf3, 0xc8, 0xbe, 0x02, 0x1d, 0x70, 0xed, 0xcc, 0xd1, 0x18, 0x8f, 0xd8, 0x02, 0x44, 0x9b, 0x82, 0x84, 0x17, 0xe7, 0x66, 0xd2, 0x3a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xed, 0x01, 0x1d, 0x52, 0xf6, 0x5e, 0xa8, 0x89, 0xe4, 0xf5, 0x05, 0xb9, 0x1e, 0xd9, 0x2d, 0x85, 0x57, 0x85, 0x87, 0x72, 0xba, 0x5c, 0xf8, 0x19, 0x4a, 0x5b, 0x2c, 0x3c, 0x09, 0xca, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 )

internal/config/image_enterprise.go

@@ -10,5 +10,5 @@ package config
 
 const (
 	// defaultImage is the default image to use.
-	defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240425154950-3ea0e3a4874b"
+	defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240502082051-3d2a023ccf5d"
 )

internal/versions/versions.go

@@ -262,7 +262,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
 		CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container
 		// External service image. Depends on k8s version.
 		// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
-		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container
+		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.7@sha256:dd36aa710e59cd2355ae8face010a87b6d3ca1706c510f2143440789fceef32f", // renovate:container
 	},
 	V1_28: {
 		ClusterVersion: "v1.28.5", // renovate:kubernetes-release
@@ -329,7 +329,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
 		CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container
 		// External service image. Depends on k8s version.
 		// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
-		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container
+		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.7@sha256:dd36aa710e59cd2355ae8face010a87b6d3ca1706c510f2143440789fceef32f", // renovate:container
 	},
 	V1_29: {
 		ClusterVersion: "v1.29.0", // renovate:kubernetes-release
@@ -396,7 +396,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
 		CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container
 		// External service image. Depends on k8s version.
 		// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
-		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.0@sha256:808185c1090107f06ea69b0a5e507e387ad2ee3a3b12b7cd08ea0dac730cf58b", // renovate:container
+		ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.2@sha256:e909737822ff8b822d04b427fa730603fb22ff8ae6005788b1354f8f95cc74db", // renovate:container
 	},
 }
 

renovate.json5

@@ -42,44 +42,44 @@
       "prPriority": -30,
     },
     {
-      "matchPackagePatterns": ["^k8s.io", "^sigs.k8s.io"],
+      "matchDepPatterns": ["^k8s.io", "^sigs.k8s.io"],
       "groupName": "K8s dependencies",
     },
     {
-      "matchPackagePatterns": ["^go.etcd.io/etcd"],
+      "matchDepPatterns": ["^go.etcd.io/etcd"],
       "groupName": "etcd dependencies",
     },
     {
-      "matchPackagePatterns": ["^github.com/hashicorp/go-kms-wrapping"],
+      "matchDepPatterns": ["^github.com/hashicorp/go-kms-wrapping"],
       "groupName": "github.com/hashicorp/go-kms-wrapping",
     },
     {
-      "matchPackagePatterns": ["^github.com/aws/aws-sdk-go-v2"],
+      "matchDepPatterns": ["^github.com/aws/aws-sdk-go-v2"],
       "groupName": "AWS SDK",
       "prPriority": -10,
     },
     {
-      "matchPackagePatterns": [
+      "matchDepPatterns": [
         "^github.com/Azure/",
         "^github.com/AzureAD/microsoft-authentication-library-for-go",
       ],
       "groupName": "Azure SDK",
     },
     {
-      "matchPackagePatterns": ["^cloud.google.com/go"],
+      "matchDepPatterns": ["^cloud.google.com/go"],
       "groupName": "Google SDK",
     },
     {
-      "matchPackagePatterns": ["^google.golang.org/genproto"],
+      "matchDepPatterns": ["^google.golang.org/genproto"],
       "prPriority": -10,
     },
     {
-      "matchPackagePatterns": ["^libvirt.org/go"],
+      "matchDepPatterns": ["^libvirt.org/go"],
       "groupName": "libvirt.org/go",
     },
     {
       "matchManagers": ["bazelisk", "bazel", "bazel-module"],
-      "matchPackageNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
+      "matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
       "groupName": "bazel (core)",
     },
     {
@@ -105,14 +105,14 @@
       ],
     },
     {
-      "matchPackageNames": ["kubernetes/kubernetes"],
+      "matchDepNames": ["kubernetes/kubernetes"],
       // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
       "versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
       "groupName": "Kubernetes versions",
       "prPriority": 15,
     },
     {
-      "matchPackageNames": [
+      "matchDepNames": [
         "registry.k8s.io/provider-aws/cloud-controller-manager",
       ],
       // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
@@ -121,7 +121,7 @@
       "prPriority": 15,
     },
     {
-      "matchPackageNames": [
+      "matchDepNames": [
         "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager",
         "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager",
       ],
@@ -131,7 +131,7 @@
       "prPriority": 15,
     },
     {
-      "matchPackageNames": [
+      "matchDepNames": [
         "docker.io/k8scloudprovider/openstack-cloud-controller-manager",
       ],
       // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
@@ -140,14 +140,14 @@
       "prPriority": 15,
     },
     {
-      "matchPackageNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
+      "matchDepNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
       // example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
       "versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
       "groupName": "K8s constrained GCP versions",
       "prPriority": 15,
     },
     {
-      "matchPackageNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
+      "matchDepNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
       // example match: v1.2.3 (1. -> compatibility, 2 -> minor, 3 -> patch)
       "versioning": "regex:^(?<compatibility>v\\d+\\.)(?<minor>\\d+)\\.(?<patch>\\d+)$",
       "groupName": "cloud-provider-gcp (K8s version constrained)",
@@ -166,7 +166,7 @@
       "prPriority": 20,
     },
     {
-      "matchPackageNames": [
+      "matchDepNames": [
         "registry.k8s.io/kas-network-proxy/proxy-agent",
         "registry.k8s.io/kas-network-proxy/proxy-server",
       ],
@@ -175,7 +175,7 @@
       "prPriority": 15,
     },
     {
-      "matchPackageNames": ["^k8s.io/client-go"],
+      "matchDepNames": ["^k8s.io/client-go"],
       "matchUpdateTypes": ["major"],
       "enabled": false,
     },
@@ -185,11 +185,11 @@
     },
     {
       "matchManagers": ["github-actions"],
-      "matchPackageNames": ["slsa-framework/slsa-github-generator"],
+      "matchDepNames": ["slsa-framework/slsa-github-generator"],
       "pinDigests": false,
     },
     {
-      "matchPackagePatterns": ["_(darwin|linux)_(arm64|amd64)$"],
+      "matchDepPatterns": ["_(darwin|linux)_(arm64|amd64)$"],
       "additionalBranchPrefix": "{{packageName}}-",
       "groupName": "{{packageName}}",
     },

terraform/infrastructure/aws/main.tf

@@ -213,5 +213,5 @@ module "jump_host" {
   ports                = [for port in local.load_balancer_ports : port.port]
   security_groups      = [aws_security_group.security_group.id]
   iam_instance_profile = var.iam_instance_profile_name_worker_nodes
-  additional_tags      = local.tags
+  additional_tags      = var.additional_tags
 }

terraform/infrastructure/aws/modules/jump_host/main.tf

@@ -27,7 +27,7 @@ resource "aws_instance" "jump_host" {
   vpc_security_group_ids = var.security_groups
 
   tags = merge(var.additional_tags, {
-    "Name" = "${var.base_name}-jump-host"
+    "Name" = "${var.base_name}-jump-host",
   })
 
   user_data = <<EOF

terraform/infrastructure/aws/variables.tf

@@ -82,5 +82,6 @@ variable "enable_snp" {
 
 variable "additional_tags" {
   type        = map(any)
+  default     = {}
   description = "Additional tags that should be applied to created resources."
 }

terraform/infrastructure/azure/main.tf

@@ -276,7 +276,7 @@ module "jump_host" {
   subnet_id      = azurerm_subnet.loadbalancer_subnet[0].id
   ports          = [for port in local.ports : port.port]
   lb_internal_ip = azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address
-  tags           = local.tags
+  tags           = var.additional_tags
 }
 
 data "azurerm_subscription" "current" {

terraform/infrastructure/azure/variables.tf

@@ -92,5 +92,6 @@ variable "marketplace_image" {
 
 variable "additional_tags" {
   type        = map(any)
+  default     = {}
   description = "Additional tags that should be applied to created resources."
 }

terraform/infrastructure/gcp/main.tf

@@ -240,7 +240,7 @@ module "jump_host" {
   base_name      = local.name
   zone           = var.zone
   subnetwork     = google_compute_subnetwork.vpc_subnetwork.id
-  labels         = local.labels
+  labels         = var.additional_labels
   lb_internal_ip = google_compute_address.loadbalancer_ip_internal[0].address
   ports          = [for port in local.control_plane_named_ports : port.port]
 }

terraform/infrastructure/gcp/variables.tf

@@ -72,5 +72,6 @@ variable "cc_technology" {
 
 variable "additional_labels" {
   type        = map(any)
+  default     = {}
   description = "Additional labels that should be given to created recources."
 }

terraform/infrastructure/openstack/variables.tf

@@ -61,6 +61,7 @@ variable "floating_ip_pool_id" {
 
 variable "additional_tags" {
   type        = list(any)
+  default     = []
   description = "Additional tags that should be applied to created resources."
 }