Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
9f246d3cc6
constellation/hack/azure-snp-idkey-digest
History
katexochen c45c2332bc Use context for http request
2022-09-13 15:58:38 +02:00
..
Dockerfile Silence wget output 2022-09-02 15:20:25 +02:00
README.md add tooling to obtain Azure ID key digest 2022-08-30 18:10:14 +02:00
verify.go Use context for http request 2022-09-13 15:58:38 +02:00

README.md

Obtain current Azure SNP ID key digest

On Azure, Constellation verifies that the SNP attestation report contains Azure's ID key digest. Currently, the only way to verify this digest's origin is to perform guest attestation with the help of the Microsoft Azure Attestation (MAA) service. There's a sample on how to do this, but it's not straightforward. So we created tooling to make things easier.

Perform the following steps to get the ID key digest:

  1. Create an Ubuntu CVM on Azure with secure boot enabled and ssh into it.
  2. Run 
    docker run --rm --privileged -v/sys/kernel/security:/sys/kernel/security ghcr.io/edgelesssys/constellation/get-azure-snp-jwt
    This executes the guest attestation and prints the JWT received from the MAA. (It's the long base64 blob.)
  3. Copy the JWT and run on your local trusted machine: 
    go run verify.go <jwt>
    On success it prints the ID key digest.