merge tdx_rtmr to main #543
Conversation
Allow a TDX machine to create a TD quote and request a hardware rooted attestation from the attestation verifier. ./launcher ci will now only run in linux. Upgrade go-sev-guest. Signed-off-by: Jiankun Lu <[email protected]>
This reverts commit d150246.
Launcher Attestation Agent now can support multiple Root of Trust. Extend operation will extend measurements to all RoTs. Attest will generate quote/report using a technology specific RoT (like TDX RTMR), and fallback to use TPM if no such technology specific RoT can be found. Signed-off-by: Jiankun Lu <[email protected]>
|
/gcbrun |
|
|
||
| switch v := attResult.(type) { | ||
| case *pb.Attestation: | ||
| a.logger.Info("attestation through TPM quote") |
There was a problem hiding this comment.
I think this log line is extraneous. We already have a log line when we select the avRot.
There was a problem hiding this comment.
right, but I'd prefer to have some extra logging here, might be helpful for debugging later once there are more attestation type.
| v.CanonicalEventLog = cosCel.Bytes() | ||
| req.Attestation = v | ||
| case *verifier.TDCCELAttestation: | ||
| a.logger.Info("attestation through TDX quote") |
| CertChain: certs, | ||
| } | ||
|
|
||
| if request.Attestation.GetSevSnpAttestation() != nil { |
There was a problem hiding this comment.
Why are we handling this? If this is for the cmdline, let's go and make those changes to force the cmdline to use the API correctly rather than have this complex logic
There was a problem hiding this comment.
The logic is added here b30d373
I think it's for the cmd tool.
I think we currently don't have a seperate API for SNP yet.
We probably need to create seperate PR for this.
| verifyReq.TeeAttestation = sevsnp | ||
| } | ||
|
|
||
| if request.Attestation.GetTdxAttestation() != nil { |
There was a problem hiding this comment.
Same comment here for TDX: make the cmdline tool use go-tdx-guest directly
merging rtmr branch to main.
cs main image starts to based on cos-tdx-113-lts which will be used for both sev and tdx.