attestation: hardcode measurements for v2.19.2

deps: update versions to v2.19.2
chore: update version.txt to v2.19.2
2025-04-11 10:29:29 -04:00 · 2024-11-05 10:16:14 +00:00 · 2024-11-05 09:27:55 +00:00 · 2024-11-05 09:27:44 +00:00 · 2024-11-05 10:25:52 +01:00 · 2024-11-04 09:09:44 +01:00
14 changed files with 190 additions and 148 deletions
--- a/.github/workflows/e2e-upgrade.yml
+++ b/.github/workflows/e2e-upgrade.yml
@ -132,57 +132,6 @@ jobs:
          echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT"
  build-target-cli:
    name: Build upgrade target version CLI
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
      checks: write
      contents: read
      packages: write
    steps:
      - name: Checkout
        if: inputs.gitRef == 'head'
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
      - name: Checkout ref
        if: inputs.gitRef != 'head'
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          fetch-depth: 0
          ref: ${{ inputs.gitRef }}
      - name: Setup Bazel & Nix
        uses: ./.github/actions/setup_bazel_nix
      - name: Log in to the Container registry
        uses: ./.github/actions/container_registry_login
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Simulate patch upgrade
        if: inputs.simulatedTargetVersion != ''
        run: |
          echo ${{ inputs.simulatedTargetVersion }} > version.txt
      - name: Build CLI
        uses: ./.github/actions/build_cli
        with:
          enterpriseCLI: true
          outputPath: "build/constellation"
          push: true
      - name: Upload CLI binary
        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build/constellation
  create-cluster:
    name: Create upgrade origin version cluster
    runs-on: ubuntu-24.04
@ -279,7 +228,6 @@ jobs:
      packages: write
    needs:
      - generate-input-parameters
      - build-target-cli
      - create-cluster
    steps:
      - name: Checkout
@ -299,6 +247,32 @@ jobs:
      - name: Setup Bazel & Nix
        uses: ./.github/actions/setup_bazel_nix
      - name: Log in to the Container registry
        uses: ./.github/actions/container_registry_login
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # applying the version manipulation here so that the upgrade test tool is also on the simulated target version
      - name: Simulate patch upgrade
        if: inputs.simulatedTargetVersion != ''
        run: |
          echo ${{ inputs.simulatedTargetVersion }} > version.txt
      - name: Build CLI
        uses: ./.github/actions/build_cli
        with:
          enterpriseCLI: true
          outputPath: "build/constellation"
          push: true
      - name: Upload CLI binary # is needed for the cleanup step
        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build/constellation
      - name: Login to AWS
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
@ -335,11 +309,6 @@ jobs:
        with:
          azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
      - name: Download CLI
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build
      - name: Download Working Directory (Pre-test)
        uses: ./.github/actions/artifact_download
@ -404,15 +373,9 @@ jobs:
          echo "K8s target: $KUBERNETES"
          echo "Microservice target: $MICROSERVICES"
          if [[ -n ${MICROSERVICES} ]]; then
            MICROSERVICES_FLAG="--target-microservices=$MICROSERVICES"
          fi
          if [[ -n ${KUBERNETES} ]]; then
            KUBERNETES_FLAG="--target-kubernetes=$KUBERNETES"
          fi
          sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts'
-          bazel run --test_timeout=14400 //e2e/internal/upgrade:upgrade_test -- --want-worker "$WORKERNODES" --want-control "$CONTROLNODES" --target-image "$IMAGE" "$KUBERNETES_FLAG" "$MICROSERVICES_FLAG"
+          CLI=$(realpath ./build/constellation)
          bazel run --test_timeout=14400 //e2e/internal/upgrade:upgrade_test -- --want-worker "$WORKERNODES" --want-control "$CONTROLNODES" --target-image "$IMAGE" --target-kubernetes "$KUBERNETES" --target-microservices "$MICROSERVICES" --cli "$CLI"
      - name: Remove Terraform plugin cache
        if: always()
--- a/cli/internal/cmd/apply.go
+++ b/cli/internal/cmd/apply.go
@ -211,10 +211,6 @@ func (f *applyFlags) parse(flags *pflag.FlagSet) error {
 // runApply sets up the apply command and runs it.
 func runApply(cmd *cobra.Command, _ []string) error {
 	log, err := newCLILogger(cmd)
 	if err != nil {
 		return fmt.Errorf("creating logger: %w", err)
 	}
 	spinner, err := newSpinnerOrStderr(cmd)
 	if err != nil {
 		return err
@ -227,7 +223,7 @@ func runApply(cmd *cobra.Command, _ []string) error {
 	}
 	fileHandler := file.NewHandler(afero.NewOsFs())
-	logger, err := newDebugFileLogger(cmd, fileHandler)
+	debugLogger, err := newDebugFileLogger(cmd, fileHandler)
 	if err != nil {
 		return err
 	}
@ -250,15 +246,15 @@ func runApply(cmd *cobra.Command, _ []string) error {
 		)
 	}
-	applier := constellation.NewApplier(log, spinner, constellation.ApplyContextCLI, newDialer)
+	applier := constellation.NewApplier(debugLogger, spinner, constellation.ApplyContextCLI, newDialer)
 	apply := &applyCmd{
 		fileHandler:     fileHandler,
 		flags:           flags,
-		log:             logger,
+		log:             debugLogger,
-		wLog:            &warnLogger{cmd: cmd, log: log},
+		wLog:            &warnLogger{cmd: cmd, log: debugLogger},
 		spinner:         spinner,
-		merger:          &kubeconfigMerger{log: log},
+		merger:          &kubeconfigMerger{log: debugLogger},
 		newInfraApplier: newInfraApplier,
 		imageFetcher:    imagefetcher.New(),
 		applier:         applier,
@ -826,6 +822,7 @@ func (wl warnLogger) Info(msg string, args ...any) {
 // Warn prints a formatted warning from the validator.
 func (wl warnLogger) Warn(msg string, args ...any) {
 	wl.cmd.PrintErrf("Warning: %s %s\n", msg, fmt.Sprint(args...))
 	wl.log.Debug(msg, args...)
 }
 type warnLog interface {
--- a/docs/docs/reference/migration.md
+++ b/docs/docs/reference/migration.md
@ -3,51 +3,81 @@
 This document describes breaking changes and migrations between Constellation releases.
 Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format.
 ## Migrations to v2.19.1
 ### Azure
 * During the upgrade, security rules are migrated and the old ones need to be cleaned up manually by the user. The below script shows how to delete them through the Azure CLI:
 ```bash
 #!/usr/bin/env bash
 name="<insert>"  # the name provided in the config
 uid="<insert>"    # the cluster id can be retrieved via `yq '.infrastructure.uid' constellation-state.yaml`
 resource_group="<insert>" # the RG can be retrieved via `yq '.provider.azure.resourceGroup' constellation-conf.yaml`
 rules=(
  "kubernetes"
  "bootstrapper"
  "verify"
  "recovery"
  "join"
  "debugd"
  "konnectivity"
 )
 for rule in "${rules[@]}"; do
  echo "Deleting rule: ${rule}"
  az network nsg rule delete \
    --resource-group "${resource_group}" \
    --nsg-name "${name}-${uid}" \
    --name "${rule}"
 done
 echo "All specified rules have been deleted."
 ```
 ## Migrations to v2.19.0
 ### Azure
-* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target  
+* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target
 load balancer in which the `cloud-controller-manager` creates load balancing rules was changed. Instead of using the load balancer
 created and maintained by the CLI's Terraform code, the `cloud-controller-manager` now creates its own load balancer in Azure.
 If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them
- afterward. 
+ afterward.
 ## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0)
- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed.
+* The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed.
- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`.
+* To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`.
- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI.
+* Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI.
- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions:
+* To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions:
  1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret.
  2. Set `useManagedIdentityExtension` to `true`  and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`.
  3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods.
 ## Migrating from CLI versions before 2.10
- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired.
+* AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired.
- The global `nodeGroups` field was added.
+* The global `nodeGroups` field was added.
- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups.
+* The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups.
- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field.
+* The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field.
 ## Migrating from CLI versions before 2.9
- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication
+* The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication
 ## Migrating from CLI versions before 2.8
- The `measurements` field for each cloud service provider was replaced with a global `attestation` field.
+* The `measurements` field for each cloud service provider was replaced with a global `attestation` field.
- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field.
+* The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field.
- The optional global field `attestationVariant` was replaced by the now required `attestation` field.
+* The optional global field `attestationVariant` was replaced by the now required `attestation` field.
 ## Migrating from CLI versions before 2.3
- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3.
+* The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3.
  As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access).
- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration:
+* The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration:
    <details>
    <summary>Show all</summary>
@ -77,10 +107,11 @@ Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to a
    | GCP   | `projects/constellation-images/global/images/constellation-v2-2-0`                                                                                                                    | `v2.2.0`  |
    | GCP   | `projects/constellation-images/global/images/constellation-v2-1-0`                                                                                                                    | `v2.1.0`  |
    | GCP   | `projects/constellation-images/global/images/constellation-v2-0-0`                                                                                                                    | `v2.0.0`  |
    </details>
- The `enforcedMeasurements` field has been removed and merged with the `measurements` field.
+* The `enforcedMeasurements` field has been removed and merged with the `measurements` field.
-  - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements`
+  * To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements`
-  - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below:
+  * To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below:
    ```diff
    measurements:
--- a/e2e/internal/upgrade/BUILD.bazel
+++ b/e2e/internal/upgrade/BUILD.bazel
@ -47,6 +47,7 @@ go_test(
        "//e2e/internal/kubectl",
        "//internal/constants",
        "//internal/versions",
        "@com_github_stretchr_testify//assert",
        "@com_github_stretchr_testify//require",
        "@io_k8s_api//core/v1:core",
        "@io_k8s_apimachinery//pkg/apis/meta/v1:meta",
--- a/e2e/internal/upgrade/upgrade.go
+++ b/e2e/internal/upgrade/upgrade.go
@ -297,10 +297,10 @@ func getCLIPath(cliPathFlag string) (string, error) {
 	pathCLI := os.Getenv("PATH_CLI")
 	var relCLIPath string
 	switch {
 	case pathCLI != "":
 		relCLIPath = pathCLI
 	case cliPathFlag != "":
 		relCLIPath = cliPathFlag
 	case pathCLI != "":
 		relCLIPath = pathCLI
 	default:
 		return "", errors.New("neither 'PATH_CLI' nor 'cli' flag set")
 	}
--- a/e2e/internal/upgrade/upgrade_test.go
+++ b/e2e/internal/upgrade/upgrade_test.go
@ -23,6 +23,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/e2e/internal/kubectl"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/versions"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	coreV1 "k8s.io/api/core/v1"
 	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -81,7 +82,8 @@ func TestUpgrade(t *testing.T) {
 	log.Println(string(data))
 	log.Println("Checking upgrade.")
-	runUpgradeCheck(require, cli, *targetKubernetes)
+	assert := assert.New(t) // use assert because this part is more brittle and should not fail the entire test
 	runUpgradeCheck(assert, cli, *targetKubernetes)
 	log.Println("Triggering upgrade.")
 	runUpgradeApply(require, cli)
@ -170,25 +172,25 @@ func testNodesEventuallyAvailable(t *testing.T, k *kubernetes.Clientset, wantCon
 // runUpgradeCheck executes 'upgrade check' and does basic checks on the output.
 // We can not check images upgrades because we might use unpublished images. CLI uses public CDN to check for available images.
-func runUpgradeCheck(require *require.Assertions, cli, targetKubernetes string) {
+func runUpgradeCheck(assert *assert.Assertions, cli, targetKubernetes string) {
 	cmd := exec.CommandContext(context.Background(), cli, "upgrade", "check", "--debug")
 	stdout, stderr, err := runCommandWithSeparateOutputs(cmd)
-	require.NoError(err, "Stdout: %s\nStderr: %s", string(stdout), string(stderr))
+	assert.NoError(err, "Stdout: %s\nStderr: %s", string(stdout), string(stderr))
-	require.Contains(string(stdout), "The following updates are available with this CLI:")
+	assert.Contains(string(stdout), "The following updates are available with this CLI:")
-	require.Contains(string(stdout), "Kubernetes:")
+	assert.Contains(string(stdout), "Kubernetes:")
 	log.Printf("targetKubernetes: %s\n", targetKubernetes)
 	if targetKubernetes == "" {
 		log.Printf("true\n")
-		require.True(containsAny(string(stdout), versions.SupportedK8sVersions()))
+		assert.True(containsAny(string(stdout), versions.SupportedK8sVersions()))
 	} else {
 		log.Printf("false. targetKubernetes: %s\n", targetKubernetes)
-		require.Contains(string(stdout), targetKubernetes, fmt.Sprintf("Expected Kubernetes version %s in output.", targetKubernetes))
+		assert.Contains(string(stdout), targetKubernetes, fmt.Sprintf("Expected Kubernetes version %s in output.", targetKubernetes))
 	}
-	require.Contains(string(stdout), "Services:")
+	assert.Contains(string(stdout), "Services:")
-	require.Contains(string(stdout), fmt.Sprintf("--> %s", constants.BinaryVersion().String()))
+	assert.Contains(string(stdout), fmt.Sprintf("--> %s", constants.BinaryVersion().String()))
 	log.Println(string(stdout))
 }
--- a/internal/attestation/measurements/measurements_enterprise.go
+++ b/internal/attestation/measurements/measurements_enterprise.go
@ -19,14 +19,14 @@ package measurements
 // revive:disable:var-naming
 var (
-	aws_AWSNitroTPM          = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xeb, 0x47, 0x92, 0x16, 0x88, 0xe2, 0x06, 0x87, 0xdf, 0x43, 0x9c, 0x1e, 0x39, 0x2a, 0xf2, 0xeb, 0xef, 0x31, 0x67, 0xc2, 0x8e, 0x16, 0x04, 0xd5, 0x53, 0xe4, 0xf8, 0x35, 0xed, 0xc2, 0x8e, 0xb0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x39, 0x84, 0xd8, 0xfd, 0xff, 0xc7, 0x7f, 0x0d, 0x32, 0x38, 0xea, 0xca, 0xda, 0xac, 0x15, 0x83, 0x9e, 0x65, 0x5e, 0x0b, 0x5f, 0x84, 0xa1, 0x5d, 0x10, 0x00, 0xb3, 0x6e, 0x3a, 0x3f, 0xf5, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xab, 0x29, 0x4c, 0x27, 0x98, 0xd5, 0xe8, 0xd8, 0xb1, 0x83, 0xf7, 0x5d, 0x0a, 0x5e, 0x90, 0x77, 0x39, 0x04, 0x21, 0xcf, 0x51, 0xb3, 0x57, 0x92, 0x23, 0xb6, 0xa9, 0xa3, 0xd4, 0xda, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	aws_AWSNitroTPM          = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x00, 0xaa, 0xb3, 0xc0, 0x15, 0x8d, 0xcc, 0x23, 0x09, 0x76, 0xfc, 0x1f, 0xd5, 0xe7, 0x5d, 0x3a, 0xee, 0xd8, 0xe7, 0xcb, 0xa6, 0x09, 0xd9, 0x87, 0x8b, 0x0e, 0xcb, 0x97, 0x44, 0x9e, 0x1a, 0x93}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd0, 0x47, 0xc3, 0xfd, 0xb6, 0xb1, 0x78, 0x62, 0xbf, 0x55, 0xe4, 0x67, 0x35, 0x7c, 0x84, 0xfc, 0xc7, 0xa7, 0xd5, 0x72, 0x7a, 0x04, 0xe4, 0x4f, 0x4f, 0xa2, 0x9f, 0xf5, 0xc7, 0x58, 0xc6, 0x88}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x06, 0xeb, 0x99, 0x9f, 0xb8, 0x4c, 0xdb, 0xd2, 0xb4, 0x66, 0x33, 0xf2, 0xbf, 0x00, 0xd3, 0xd3, 0x81, 0x33, 0x91, 0x27, 0xca, 0x90, 0x7e, 0xbb, 0x9e, 0x27, 0x8f, 0x2d, 0x81, 0x94, 0xff, 0x4d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	aws_AWSSEVSNP            = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0x21, 0xbc, 0x0c, 0xe4, 0x6e, 0x91, 0x61, 0x0d, 0xbb, 0x4e, 0xfb, 0xce, 0x15, 0x3f, 0xab, 0xeb, 0xbe, 0x06, 0xfe, 0x2f, 0x0f, 0x36, 0xd8, 0x7c, 0xc7, 0xd9, 0x3c, 0xb5, 0xcd, 0xb7, 0x93}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x81, 0x25, 0x4a, 0xa6, 0x89, 0xb2, 0xab, 0x6c, 0x20, 0xb1, 0x68, 0x87, 0x12, 0xc7, 0xb7, 0xec, 0xd6, 0x22, 0xe1, 0x47, 0x14, 0x8d, 0x15, 0xbf, 0x9c, 0x35, 0x3f, 0x09, 0xaa, 0x4d, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0x98, 0x48, 0xe8, 0x7d, 0x8b, 0x7d, 0x97, 0x27, 0x18, 0x61, 0x42, 0x2d, 0x62, 0x55, 0x5e, 0xb6, 0xc7, 0xef, 0xc3, 0xf1, 0x94, 0xf6, 0x69, 0x5d, 0x26, 0xb5, 0xbf, 0xb6, 0xde, 0x48, 0x2b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	aws_AWSSEVSNP            = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe6, 0x9b, 0xb7, 0xb8, 0xcf, 0x1d, 0x8d, 0x71, 0x4d, 0x48, 0xc7, 0x20, 0xd7, 0x3e, 0xb9, 0x31, 0x09, 0x00, 0x2e, 0x9f, 0xc6, 0xbf, 0xa8, 0x1b, 0x28, 0x5d, 0xd1, 0x91, 0x83, 0x55, 0xd4, 0x2a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x44, 0x97, 0xc0, 0xdb, 0x3b, 0xfe, 0xed, 0xb9, 0xbc, 0x78, 0x57, 0x99, 0xdd, 0xe8, 0x68, 0x1c, 0x3d, 0xb2, 0xb6, 0x45, 0x3d, 0xd9, 0x4f, 0xb1, 0xfe, 0x03, 0x11, 0xb3, 0x90, 0x7f, 0x6b, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x31, 0x5c, 0xfc, 0x3c, 0x4e, 0xad, 0x77, 0xe4, 0x9b, 0x2b, 0xbf, 0x69, 0x35, 0x40, 0x4f, 0x52, 0x3e, 0x6f, 0x5c, 0x35, 0xb8, 0x09, 0x36, 0x9f, 0x7b, 0xbd, 0xe3, 0xc8, 0xf1, 0xb6, 0x2b, 0x4f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	azure_AzureSEVSNP        = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0xf8, 0xc9, 0xd5, 0xe3, 0x6d, 0x18, 0x12, 0xa7, 0xf0, 0x0f, 0xb4, 0x4b, 0x08, 0x57, 0x47, 0x75, 0xdd, 0x5d, 0xec, 0x0f, 0xb5, 0x02, 0x12, 0x60, 0x57, 0x1b, 0xa2, 0x4c, 0x88, 0x03, 0x6c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0xb1, 0xa0, 0xd3, 0xf7, 0x56, 0x9e, 0x73, 0xd6, 0x60, 0xcc, 0x72, 0xc1, 0x37, 0x1e, 0xaf, 0x1d, 0x9b, 0x9a, 0xcb, 0xe4, 0xce, 0x38, 0x96, 0x67, 0xe1, 0xbb, 0xf3, 0x0c, 0x2c, 0x2c, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0x80, 0x5f, 0x06, 0x94, 0xc7, 0x37, 0xc4, 0x91, 0x56, 0xbf, 0xb5, 0x8e, 0xeb, 0xa1, 0xd9, 0x45, 0xda, 0xcc, 0x03, 0x6c, 0xe2, 0x73, 0x15, 0xca, 0xed, 0x78, 0x15, 0x9b, 0xf8, 0x25, 0xe5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	azure_AzureSEVSNP        = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfb, 0x11, 0x87, 0x06, 0x5e, 0x88, 0xa5, 0xa5, 0xaa, 0x99, 0x18, 0xed, 0x94, 0xbb, 0xad, 0x77, 0x02, 0xcb, 0x98, 0x22, 0x73, 0xf0, 0x0a, 0x33, 0x11, 0x10, 0x33, 0xe0, 0xb9, 0x4e, 0xeb, 0x42}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x55, 0xf3, 0xc4, 0xce, 0xd1, 0xf0, 0xd5, 0x7d, 0x39, 0x0a, 0xb3, 0x65, 0x43, 0x74, 0x0c, 0x74, 0xb7, 0x80, 0x66, 0x25, 0x1a, 0xf4, 0xba, 0x8f, 0x3b, 0xf5, 0x0a, 0x4e, 0x78, 0xec, 0x90}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x54, 0x47, 0x64, 0xc9, 0x6e, 0x3c, 0x9f, 0x11, 0x54, 0x6e, 0x3c, 0xd2, 0xb8, 0xfb, 0xb9, 0x81, 0xee, 0x40, 0xd3, 0xb3, 0x8d, 0x5f, 0xd3, 0x0b, 0x40, 0xb4, 0x81, 0xab, 0x74, 0x10, 0x47, 0x93}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	azure_AzureTDX           = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe8, 0x6b, 0xde, 0xe6, 0xac, 0xa1, 0x0f, 0x46, 0x6e, 0xa6, 0xdd, 0xc5, 0x17, 0x28, 0xf4, 0xf5, 0x61, 0x12, 0x17, 0x85, 0x3d, 0x12, 0xf2, 0x8d, 0x60, 0x16, 0x49, 0xcd, 0x9f, 0x67, 0x66, 0x74}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb1, 0x39, 0xd6, 0xde, 0x59, 0xfe, 0x15, 0xac, 0x87, 0xb2, 0x69, 0x60, 0xd5, 0xe9, 0x14, 0x90, 0xb0, 0xad, 0x0e, 0x1a, 0x6f, 0xb7, 0x41, 0x11, 0x6d, 0xcb, 0x86, 0x6c, 0x56, 0xbf, 0x12, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xec, 0x6f, 0x03, 0xf1, 0xb3, 0x44, 0x9b, 0xa6, 0x71, 0x78, 0xea, 0x5e, 0x48, 0x47, 0x20, 0x41, 0x65, 0xca, 0xde, 0xd8, 0x02, 0x04, 0xbf, 0xba, 0x29, 0x55, 0x92, 0x8d, 0xc7, 0xc6, 0x98, 0x18}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	azure_AzureTDX           = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1c, 0xfe, 0xad, 0x61, 0x5e, 0xc9, 0xd6, 0x4d, 0xbf, 0xb0, 0x06, 0x91, 0xe6, 0x30, 0x89, 0xae, 0xc1, 0x30, 0xcd, 0xbb, 0x00, 0x33, 0xab, 0x0d, 0xe7, 0xc5, 0xc3, 0xac, 0x85, 0xf1, 0x27, 0x52}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0xbf, 0x02, 0x36, 0x50, 0x33, 0x76, 0xf8, 0xd7, 0xdf, 0x2e, 0x22, 0x7f, 0xb2, 0xf5, 0xf9, 0xff, 0x7c, 0xfd, 0xd6, 0xa1, 0x6d, 0x01, 0xfb, 0xa9, 0x4c, 0x9c, 0xcb, 0x13, 0x79, 0x29, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfe, 0x78, 0x4a, 0x4c, 0xa9, 0x45, 0x6c, 0x23, 0x30, 0x11, 0x12, 0xcf, 0x1d, 0x99, 0x45, 0x45, 0x62, 0x67, 0xfc, 0x39, 0xaa, 0x17, 0x0b, 0x64, 0xe9, 0x17, 0xe4, 0x1e, 0x24, 0x76, 0x0f, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 	azure_AzureTrustedLaunch M
-	gcp_GCPSEVES             = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x65, 0x78, 0x11, 0x7e, 0xc4, 0xd3, 0xa3, 0x03, 0x69, 0xeb, 0xeb, 0x27, 0xcf, 0xa3, 0x4e, 0x56, 0x3a, 0xca, 0x06, 0x73, 0x9f, 0xc4, 0x98, 0x8f, 0x1c, 0xa2, 0x69, 0x77, 0xff, 0xd4, 0x47, 0xa8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4d, 0xef, 0xd5, 0x8d, 0x9d, 0x79, 0xc6, 0xbc, 0x71, 0x12, 0xbc, 0x45, 0x6d, 0xa2, 0x83, 0x89, 0x14, 0x65, 0xff, 0x72, 0xee, 0xca, 0x4f, 0xd5, 0x93, 0x43, 0xdd, 0xeb, 0xa7, 0x75, 0xcf, 0x9b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0xd4, 0x67, 0x76, 0xf1, 0x07, 0x8f, 0x10, 0xe4, 0xaa, 0xaf, 0x63, 0xf7, 0xdb, 0x36, 0x4e, 0x13, 0x10, 0x30, 0xbc, 0xf3, 0x3f, 0x8b, 0xb1, 0x87, 0x77, 0x19, 0x78, 0x58, 0xb2, 0xdc, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	gcp_GCPSEVES             = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0x08, 0x1a, 0xec, 0x88, 0xa7, 0xfa, 0xbe, 0x52, 0xd0, 0x60, 0xcd, 0xf7, 0x85, 0x3c, 0xac, 0xd6, 0x08, 0xdf, 0x4f, 0x36, 0x39, 0xc3, 0x00, 0xf4, 0x15, 0xc3, 0xdf, 0x5c, 0xa0, 0xb5, 0x8c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc3, 0xca, 0xa1, 0x3a, 0x1d, 0x71, 0x79, 0x96, 0x5a, 0xdc, 0xba, 0x4d, 0x6d, 0xd6, 0xdc, 0x57, 0x92, 0x50, 0x9c, 0xf0, 0x1a, 0x1c, 0xa2, 0xa6, 0x29, 0x5e, 0x49, 0x73, 0x2a, 0x26, 0x37, 0xfa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x94, 0x9c, 0x60, 0xd6, 0x0f, 0x1b, 0x44, 0xfa, 0x27, 0x6e, 0x09, 0xc0, 0xbd, 0xf3, 0x97, 0xc3, 0xb6, 0xce, 0x47, 0x99, 0x35, 0x2f, 0x0a, 0xad, 0x6a, 0x73, 0x13, 0x64, 0xb7, 0xcd, 0xf0, 0x3b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	gcp_GCPSEVSNP            = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb2, 0x55, 0xed, 0xea, 0xa6, 0x55, 0x80, 0x72, 0x93, 0x9f, 0xb2, 0xc7, 0x5a, 0xd5, 0x76, 0xc1, 0xf4, 0xb6, 0x70, 0xca, 0xa2, 0xa6, 0x01, 0x55, 0x4a, 0x86, 0x25, 0x47, 0x22, 0x5a, 0xcb, 0xfd}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x11, 0x02, 0x24, 0x79, 0xe1, 0x7f, 0xe6, 0x3f, 0xcb, 0xb9, 0x35, 0xae, 0x02, 0x84, 0xc0, 0xd3, 0x9e, 0x5a, 0xf8, 0x3e, 0xc1, 0x5a, 0x38, 0xe3, 0x75, 0x90, 0x9c, 0x64, 0xba, 0x75, 0xce, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0x96, 0x05, 0x9a, 0x2a, 0x43, 0x84, 0x47, 0x48, 0xc1, 0x96, 0x6c, 0x2b, 0xaf, 0x02, 0x95, 0x88, 0x40, 0x28, 0x16, 0xb3, 0xdd, 0x0d, 0x3a, 0x31, 0xed, 0x7d, 0xe2, 0x5c, 0x80, 0x7e, 0x22}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	gcp_GCPSEVSNP            = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x08, 0x2d, 0x5f, 0x01, 0xdb, 0x24, 0x09, 0xac, 0xce, 0x9f, 0x0d, 0x88, 0xef, 0xb7, 0x44, 0xd4, 0x98, 0x0a, 0x70, 0x0c, 0xb7, 0xa5, 0x37, 0x51, 0x56, 0x2d, 0x05, 0xb9, 0xee, 0x4f, 0xa0, 0x92}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfc, 0xc3, 0xda, 0x23, 0xc6, 0x05, 0x48, 0x3f, 0x1a, 0x85, 0x67, 0x25, 0xa7, 0x67, 0xc7, 0x55, 0x52, 0x29, 0xa4, 0x30, 0x32, 0xf8, 0x96, 0x61, 0x98, 0xec, 0x0c, 0x12, 0x9c, 0x00, 0xab, 0x06}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa4, 0xa4, 0xab, 0xb2, 0x1b, 0x46, 0xb3, 0x8b, 0x02, 0x4e, 0xfd, 0x2e, 0xce, 0xaa, 0x30, 0x56, 0xf6, 0x18, 0x4d, 0x07, 0xcf, 0x3a, 0x81, 0x8c, 0x72, 0x76, 0x77, 0xbb, 0x09, 0x20, 0x2c, 0xca}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
-	openstack_QEMUVTPM       = M{4: {Expected: []byte{0x6c, 0xe1, 0x89, 0x59, 0x44, 0x39, 0x6e, 0x92, 0x39, 0x7f, 0xeb, 0xa7, 0x4b, 0x58, 0xd2, 0x66, 0xe5, 0xb3, 0x5b, 0xf3, 0x5e, 0xc2, 0xf5, 0x97, 0x9d, 0x9d, 0xb6, 0x86, 0x83, 0xd9, 0xcb, 0x89}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcc, 0xa9, 0x02, 0x04, 0x28, 0xc4, 0x7f, 0x38, 0x10, 0xd8, 0x84, 0x58, 0xda, 0x71, 0x60, 0xa8, 0x09, 0xa2, 0x37, 0xfc, 0x99, 0x79, 0xe1, 0x46, 0x7f, 0x96, 0xf5, 0x0c, 0xbf, 0x61, 0xe1, 0x87}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x67, 0xcd, 0xf9, 0xdc, 0x08, 0x1e, 0x33, 0x9e, 0x6c, 0x65, 0x2b, 0xa0, 0xcf, 0xeb, 0x10, 0xf2, 0x92, 0x46, 0xed, 0x28, 0x42, 0x4a, 0xe1, 0x26, 0x66, 0x60, 0xfd, 0xff, 0x88, 0x8b, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	openstack_QEMUVTPM       = M{4: {Expected: []byte{0xf6, 0x8a, 0x03, 0xa0, 0x0f, 0xbb, 0xb6, 0xca, 0xf4, 0x1a, 0x6c, 0x77, 0xf0, 0x6b, 0x9b, 0xb9, 0x42, 0x2a, 0x58, 0x2b, 0x8c, 0x1c, 0x6b, 0xd8, 0x54, 0xc6, 0x12, 0xe0, 0x16, 0x6f, 0x86, 0x15}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x00, 0x45, 0xe2, 0x13, 0xf1, 0x62, 0xff, 0x83, 0x9f, 0x4f, 0xde, 0xf3, 0x0e, 0x3a, 0xf7, 0x8b, 0x8f, 0xf4, 0xc8, 0x94, 0x9e, 0x84, 0x5f, 0xf0, 0x8b, 0xfc, 0x62, 0xe6, 0x13, 0xbe, 0x55, 0x83}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x87, 0x0c, 0x52, 0xb0, 0x33, 0x24, 0xa4, 0x3a, 0xc4, 0x83, 0xa1, 0x77, 0xd1, 0x94, 0x9a, 0x13, 0x1f, 0x63, 0x79, 0x9d, 0xa2, 0xee, 0xd6, 0x90, 0x4c, 0x8c, 0xb9, 0x7b, 0x76, 0xbb, 0x4f, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 	qemu_QEMUTDX             M
-	qemu_QEMUVTPM            = M{4: {Expected: []byte{0x40, 0x44, 0x26, 0x23, 0x30, 0xcd, 0x40, 0xc2, 0xf8, 0xb2, 0x2f, 0xb8, 0x4d, 0x91, 0xea, 0x6d, 0x64, 0x46, 0x04, 0xed, 0x8b, 0xa8, 0x39, 0x17, 0x1c, 0x58, 0xa3, 0xfb, 0x84, 0xd3, 0xfa, 0xf7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0x56, 0x38, 0x71, 0xf7, 0xc5, 0x48, 0xa9, 0xc4, 0x09, 0xd0, 0xd4, 0xc7, 0x85, 0x98, 0xf1, 0x72, 0xeb, 0xf8, 0x42, 0x09, 0xc1, 0x94, 0xc6, 0x7c, 0xa6, 0x44, 0x26, 0xa7, 0x62, 0x9a, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x14, 0x96, 0x6b, 0xfe, 0xee, 0x8e, 0x79, 0xf6, 0xd6, 0x09, 0x62, 0x6e, 0x88, 0x63, 0x23, 0x60, 0x25, 0x58, 0x2c, 0x0d, 0xb2, 0xa3, 0xd6, 0x6d, 0x68, 0x54, 0x3f, 0x74, 0xb3, 0x11, 0xe8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
+	qemu_QEMUVTPM            = M{4: {Expected: []byte{0x08, 0x7f, 0xd8, 0x49, 0x53, 0x23, 0x5a, 0x9f, 0x5d, 0xb5, 0xf3, 0xc5, 0x4b, 0xc8, 0x46, 0x91, 0xd7, 0x62, 0xa3, 0x64, 0x61, 0x1a, 0xa3, 0x78, 0x11, 0x0c, 0xdc, 0x49, 0xb2, 0x9f, 0xd4, 0x14}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc1, 0xa6, 0xaf, 0x2a, 0x98, 0x1e, 0x16, 0x38, 0x02, 0x49, 0x74, 0x83, 0x4c, 0xcb, 0x33, 0x19, 0x70, 0x64, 0xce, 0x65, 0x09, 0xfd, 0xd1, 0x1d, 0x6a, 0xe8, 0xa2, 0x2c, 0x6f, 0x4f, 0xe9, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x85, 0x81, 0x3d, 0x34, 0x04, 0x80, 0xc3, 0xbd, 0x11, 0xe4, 0xcf, 0xd6, 0xe7, 0x6b, 0xe8, 0xc7, 0xe7, 0xa2, 0xe0, 0xe0, 0xa8, 0x4e, 0x95, 0x64, 0x40, 0x6d, 0xe7, 0x27, 0x4d, 0x7c, 0x5e, 0x8f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}}
 )
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@ -688,67 +688,80 @@ func TestValidInstanceTypeForProvider(t *testing.T) {
 	testCases := map[string]struct {
 		variant        variant.Variant
 		instanceTypes  []string
 		providerConfig ProviderConfig
 		expectedResult bool
 	}{
 		"empty all": {
 			variant:        variant.Dummy{},
 			instanceTypes:  []string{},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"empty aws": {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"empty azure only CVMs": {
 			variant:        variant.AzureSEVSNP{},
 			instanceTypes:  []string{},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"empty azure with non-CVMs": {
 			variant:        variant.AzureTrustedLaunch{},
 			instanceTypes:  []string{},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"empty gcp": {
 			variant:        variant.GCPSEVES{},
 			instanceTypes:  []string{},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"azure only CVMs (SNP)": {
 			variant:        variant.AzureSEVSNP{},
 			instanceTypes:  instancetypes.AzureSNPInstanceTypes,
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"azure only CVMs (TDX)": {
 			variant:        variant.AzureTDX{},
 			instanceTypes:  instancetypes.AzureTDXInstanceTypes,
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"azure trusted launch VMs": {
 			variant:        variant.AzureTrustedLaunch{},
 			instanceTypes:  instancetypes.AzureTrustedLaunchInstanceTypes,
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"gcp": {
 			variant:        variant.GCPSEVES{},
 			instanceTypes:  instancetypes.GCPInstanceTypes,
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"gcp sev-snp": {
 			variant:        variant.GCPSEVSNP{},
 			instanceTypes:  instancetypes.GCPInstanceTypes,
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"put gcp when azure is set": {
 			variant:        variant.AzureSEVSNP{},
 			instanceTypes:  instancetypes.GCPInstanceTypes,
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"put azure when gcp is set": {
 			variant:        variant.GCPSEVES{},
 			instanceTypes:  instancetypes.AzureSNPInstanceTypes,
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		// Testing every possible instance type for AWS is not feasible, so we just test a few based on known supported / unsupported families
 		// Also serves as a test for checkIfInstanceInValidAWSFamilys
@ -756,31 +769,79 @@ func TestValidInstanceTypeForProvider(t *testing.T) {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{"c5.xlarge", "c5a.2xlarge", "c5a.16xlarge", "u-12tb1.112xlarge"},
 			expectedResult: false, // False because 2 two of the instances are not valid
 			providerConfig: ProviderConfig{},
 		},
 		"aws one valid instance one with too little vCPUs": {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{"c5.medium"},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"aws graviton sub-family unsupported": {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{"m6g.xlarge", "r6g.2xlarge", "x2gd.xlarge", "g5g.8xlarge"},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"aws combined two valid instances as one string": {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{"c5.xlarge, c5a.2xlarge"},
 			expectedResult: false,
 			providerConfig: ProviderConfig{},
 		},
 		"aws only CVMs": {
 			variant:        variant.AWSSEVSNP{},
 			instanceTypes:  []string{"c6a.xlarge", "m6a.xlarge", "r6a.xlarge"},
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"aws nitroTPM VMs": {
 			variant:        variant.AWSNitroTPM{},
 			instanceTypes:  []string{"c5.xlarge", "c5a.2xlarge", "c5a.16xlarge", "u-12tb1.112xlarge"},
 			expectedResult: true,
 			providerConfig: ProviderConfig{},
 		},
 		"stackit valid flavors": {
 			variant: variant.QEMUVTPM{},
 			instanceTypes: []string{
 				"m1a.2cd",
 				"m1a.4cd",
 				"m1a.8cd",
 				"m1a.16cd",
 				"m1a.30cd",
 			},
 			expectedResult: true,
 			providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "stackit"}},
 		},
 		"stackit not valid flavors": {
 			variant: variant.QEMUVTPM{},
 			instanceTypes: []string{
 				// removed the c which indicates a confidential flavor
 				"m1a.2d",
 				"m1a.4d",
 				"m1a.8d",
 				"m1a.16d",
 				"m1a.30d",
 			},
 			expectedResult: false,
 			providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "stackit"}},
 		},
 		"openstack cloud named test": {
 			variant: variant.QEMUVTPM{},
 			instanceTypes: []string{
 				"foo.bar",
 				"foo.bar1",
 			},
 			expectedResult: true,
 			providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "test"}},
 		},
 		"Qemutdx valid instance type": {
 			variant: variant.QEMUTDX{},
 			instanceTypes: []string{
 				"foo.bar",
 			},
 			expectedResult: true,
 			providerConfig: ProviderConfig{QEMU: &QEMUConfig{}},
 		},
 	}
 	for name, tc := range testCases {
@ -788,7 +849,7 @@ func TestValidInstanceTypeForProvider(t *testing.T) {
 			assert := assert.New(t)
 			for _, instanceType := range tc.instanceTypes {
 				assert.Equal(
-					tc.expectedResult, validInstanceTypeForProvider(instanceType, tc.variant),
+					tc.expectedResult, validInstanceTypeForProvider(instanceType, tc.variant, tc.providerConfig),
 					instanceType,
 				)
 			}
--- a/internal/config/image_enterprise.go
+++ b/internal/config/image_enterprise.go
@ -10,5 +10,5 @@ package config
 const (
 	// defaultImage is the default image to use.
-	defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241017144548-0453f5b611ae"
+	defaultImage = "v2.19.2"
 )
--- a/internal/config/validation.go
+++ b/internal/config/validation.go
@ -520,7 +520,7 @@ func (c *Config) translateMoreThanOneProviderError(ut ut.Translator, fe validato
 	return t
 }
-func validInstanceTypeForProvider(insType string, attestation variant.Variant) bool {
+func validInstanceTypeForProvider(insType string, attestation variant.Variant, provider ProviderConfig) bool {
 	switch attestation {
 	case variant.AWSSEVSNP{}, variant.AWSNitroTPM{}:
 		return isSupportedAWSInstanceType(insType, attestation.Equal(variant.AWSNitroTPM{}))
@ -549,6 +549,17 @@ func validInstanceTypeForProvider(insType string, attestation variant.Variant) b
 			}
 		}
 	case variant.QEMUVTPM{}, variant.QEMUTDX{}:
 		// only allow confidential instances on stackit cloud using QEMU vTPM
 		if provider.OpenStack != nil {
 			if cloud := provider.OpenStack.Cloud; strings.ToLower(cloud) == "stackit" {
 				for _, instanceType := range instancetypes.STACKITInstanceTypes {
 					if insType == instanceType {
 						return true
 					}
 				}
 				return false
 			}
 		}
 		return true
 	}
 	return false
@ -789,7 +800,7 @@ func (c *Config) validateNodeGroupZoneField(fl validator.FieldLevel) bool {
 }
 func (c *Config) validateInstanceType(fl validator.FieldLevel) bool {
-	return validInstanceTypeForProvider(fl.Field().String(), c.GetAttestationConfig().GetVariant())
+	return validInstanceTypeForProvider(fl.Field().String(), c.GetAttestationConfig().GetVariant(), c.Provider)
 }
 func (c *Config) validateStateDiskTypeField(fl validator.FieldLevel) bool {
--- a/s3proxy/deploy/s3proxy/Chart.yaml
+++ b/s3proxy/deploy/s3proxy/Chart.yaml
@ -2,4 +2,4 @@ apiVersion: v2
 name: s3proxy
 description: Helm chart to deploy s3proxy.
 type: application
-version: 0.0.0
+version: 2.19.2
--- a/s3proxy/deploy/s3proxy/values.yaml
+++ b/s3proxy/deploy/s3proxy/values.yaml
@ -1,12 +1,9 @@
 # Secrets to use for S3 access.
 awsAccessKeyID: "replaceme"
 awsSecretAccessKey: "replaceme"
 # Pod image to deploy.
-image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240807132706-ffde0ef7b7d3"
+image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.19.2"
 # Control if multipart uploads are blocked.
 allowMultipart: false
 # Number of pod replicas to deploy.
 replicaCount: 1
--- a/terraform/infrastructure/azure/main.tf
+++ b/terraform/infrastructure/azure/main.tf
@ -227,36 +227,15 @@ resource "azurerm_network_security_group" "security_group" {
  location            = var.location
  resource_group_name = var.resource_group
  tags                = local.tags
  dynamic "security_rule" {
    # we keep this rule for one last release since the azurerm provider does not 
    # support moving security rules that are inlined (like this) to the external resource one.
    # Even worse, just defining the azurerm_network_security_group without the 
    # "security_rule" block will NOT remove all the rules but do nothing.
    # TODO(@3u13r): remove the "security_rule" block in the next release after this code has landed.
    # So either after 2.19 or after 2.18.X if cherry-picked release.
    for_each = [{ name = "konnectivity", priority = 1000, port = 8132 }]
    content {
      name                       = security_rule.value.name
      priority                   = security_rule.value.priority
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = security_rule.value.port
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    }
  }
 }
 resource "azurerm_network_security_rule" "nsg_rule" {
  for_each = {
    for o in local.ports : o.name => o
  }
-
+  # TODO(elchead): v2.20.0: remove name suffix and priority offset. Might need to add create_before_destroy to the NSG rule.
-  name                        = each.value.name
+  name                        = "${each.value.name}-new"
-  priority                    = each.value.priority
+  priority                    = each.value.priority + 10 # offset to not overlap with old rules
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
--- a/version.txt
+++ b/version.txt
@ -1 +1 @@
-v2.19.0-pre
+v2.19.2
Author	SHA1	Message	Date
edgelessci	140d7228f8	attestation: hardcode measurements for v2.19.2	2024-11-05 10:16:14 +00:00
edgelessci	d1075c84ba	deps: update versions to v2.19.2	2024-11-05 09:27:55 +00:00
edgelessci	5179f16379	chore: update version.txt to v2.19.2	2024-11-05 09:27:44 +00:00
Mauritz Uphoff	14d3d35dbc	config: only allow confidential instances on stackit (#3463 ) * cli: only allow confidential instances on stackit * review changes	2024-11-05 10:25:52 +01:00
3u13r	33f1a91f43	cli: also log applier debug messages to debug log file (#3457 ) * cli: also log applier debug messages to debug log file * cli: use debug logger instead of cliLogger	2024-11-04 09:09:44 +01:00
Adrian Stobbe	5196de1a66	terraform: fix security rule reconciliation on Azure (#3454 ) * fix security rule reconciliation on azure * fix simulated patch version upgrade	2024-11-04 09:09:26 +01:00
edgelessci	97ae5d8dd0	attestation: hardcode measurements for v2.19.0	2024-10-18 11:57:14 +00:00
edgelessci	681216b577	deps: update versions to v2.19.0	2024-10-18 11:21:12 +00:00
edgelessci	cbd5d93121	chore: update version.txt to v2.19.0	2024-10-18 11:21:00 +00:00