mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-16 18:07:08 -05:00
c7d12055d1
* config: move AMD root key to global constant * attestation: add SNP based attestation for aws * Always enable SNP, regardless of attestation type. * Make AWSNitroTPM default again There exists a bug in AWS SNP implementation where sometimes a host might not be able to produce valid SNP reports. Since we have to wait for AWS to fix this we are merging SNP attestation as opt-in feature.
39 lines
855 B
Go
39 lines
855 B
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package snp
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/simulator"
|
|
tpmclient "github.com/google/go-tpm-tools/client"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestGetAttestationKey(t *testing.T) {
|
|
require := require.New(t)
|
|
assert := assert.New(t)
|
|
|
|
tpm, err := simulator.OpenSimulatedTPM()
|
|
require.NoError(err)
|
|
defer tpm.Close()
|
|
|
|
// create the attestation key in RSA format
|
|
tpmAk, err := tpmclient.AttestationKeyRSA(tpm)
|
|
assert.NoError(err)
|
|
assert.NotNil(tpmAk)
|
|
|
|
// get the cached, already created key
|
|
getAk, err := getAttestationKey(tpm)
|
|
assert.NoError(err)
|
|
assert.NotNil(getAk)
|
|
|
|
// if everything worked fine, tpmAk and getAk are the same key
|
|
assert.Equal(tpmAk, getAk)
|
|
}
|