verifier does not recognize API version supported both by the verifier and agent after agent update

keylime-7.9.0-8.el10.x86_64
keylime-agent-rust-0.2.7-2.el10.x86_64

We have tested the following scenario:

1. we use an agent with API 2.0
2. we use keylime verifier & registrar supporting API 2.0 and 2.1
3. we register and attest the agent with API 2.0
4. we update the agent to a never version, supporting API 2.1 and 2.2
5. verifier detects API version bump but instead of selecting mutually supported v2.1 it reads that the agent uses API v2.2 and says that this version is not supported.
6. In logs I can't see what is the situation with the registrar

verifier.log
```
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.212 - keylime.verifier - INFO - Starting Cloud Verifier (tornado) on port 8881, use <Ctrl-C> to stop
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.212 - keylime.verifier - INFO - Current API version 2.1
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.212 - keylime.verifier - INFO - Supported older API versions: 1.0, 2.0
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.212 - keylime.verifier - INFO - Deprecated API versions (soon to be removed): 1.0
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.212 - keylime.verifier - INFO - Setting up TLS...
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.config - INFO - Reading configuration from ['/etc/keylime/ca.conf']
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.ca-util - WARNING - Using 'default' password option from CA configuration file
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.verifier - INFO - Existing CA certificate found in /var/lib/keylime/cv_ca, not generating a new one
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.verifier - INFO - Using default server_cert option for verifier
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.verifier - INFO - Using default server_key option for verifier
Feb 07 21:21:19 localhost keylime_verifier[131233]: 2025-02-07 21:21:19.213 - keylime.verifier - INFO - No value provided in server_key_password option for verifier, assuming the key is unencrypted
Feb 07 21:21:19 localhost keylime_verifier[131295]: 2025-02-07 21:21:19.226 - keylime.verifier - INFO - Starting server of process 0
Feb 07 21:21:19 localhost keylime_verifier[131296]: 2025-02-07 21:21:19.229 - keylime.verifier - INFO - Starting server of process 1
Feb 07 21:24:29 localhost keylime_verifier[131296]: 2025-02-07 21:24:29.464 - keylime.verifier - INFO - Using default client_cert option for verifier
Feb 07 21:24:29 localhost keylime_verifier[131296]: 2025-02-07 21:24:29.464 - keylime.verifier - INFO - Using default client_key option for verifier
Feb 07 21:24:29 localhost keylime_verifier[131296]: 2025-02-07 21:24:29.464 - keylime.verifier - INFO - No value provided in client_key_password option for verifier, assuming the key is unencrypted
Feb 07 21:24:29 localhost keylime_verifier[131296]: 2025-02-07 21:24:29.467 - keylime.verifier - INFO - POST returning 200 response for adding agent id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:29 localhost keylime_verifier[131296]: 2025-02-07 21:24:29.537 - keylime.tpm - INFO - Checking IMA measurement list on agent: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:31 localhost keylime_verifier[131296]: 2025-02-07 21:24:31.634 - keylime.tpm - INFO - Checking IMA measurement list on agent: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:33 localhost keylime_verifier[131296]: 2025-02-07 21:24:33.351 - keylime.verifier - INFO - GET returning 200 response for agent_id list
Feb 07 21:24:33 localhost keylime_verifier[131296]: 2025-02-07 21:24:33.696 - keylime.tpm - INFO - Checking IMA measurement list on agent: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:35 localhost keylime_verifier[131296]: 2025-02-07 21:24:35.720 - keylime.verifier - INFO - Connection to 127.0.0.1 refused after 1/5 tries, trying again in 2.000000 seconds
Feb 07 21:24:37 localhost keylime_verifier[131296]: 2025-02-07 21:24:37.729 - keylime.verifier - INFO - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 API version bump detected, trying to update stored API version
Feb 07 21:24:37 localhost keylime_verifier[131296]: 2025-02-07 21:24:37.733 - keylime.verifier - WARNING - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 new API version 2.2 is not supported
Feb 07 21:24:37 localhost keylime_verifier[131296]: 2025-02-07 21:24:37.733 - keylime.verifier - WARNING - Could not update stored agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 API version
Feb 07 21:24:37 localhost keylime_verifier[131296]: 2025-02-07 21:24:37.748 - keylime.verifier - WARNING - Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 failed, stopping polling
```

registrar
```
Feb 07 21:21:22 localhost keylime_registrar[131357]: 2025-02-07 21:21:22.289 - keylime.registrar - INFO - Starting Cloud Registrar Server on ports 8890 and 8891 (TLS) use <Ctrl-C> to stop
Feb 07 21:21:22 localhost keylime_registrar[131357]: 2025-02-07 21:21:22.289 - keylime.registrar - INFO - Current API version 2.1
Feb 07 21:21:22 localhost keylime_registrar[131357]: 2025-02-07 21:21:22.289 - keylime.registrar - INFO - Supported older API versions: 1.0, 2.0
Feb 07 21:21:22 localhost keylime_registrar[131357]: 2025-02-07 21:21:22.289 - keylime.registrar - INFO - Deprecated API versions (soon to be removed): 1.0
Feb 07 21:24:27 localhost keylime_registrar[131357]: 2025-02-07 21:24:27.384 - keylime.registrar - WARNING - Overriding ek_tpm for agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 from ekcert
Feb 07 21:24:27 localhost keylime_registrar[131357]: 2025-02-07 21:24:27.452 - keylime.tpm - INFO - Encrypting AIK with EK for UUID d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:27 localhost keylime_registrar[131357]: 2025-02-07 21:24:27.502 - keylime.registrar - INFO - POST returning key blob for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:27 localhost keylime_registrar[131357]: 2025-02-07 21:24:27.569 - keylime.registrar - INFO - PUT activated: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:28 localhost keylime_registrar[131357]: 2025-02-07 21:24:28.193 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:29 localhost keylime_registrar[131357]: 2025-02-07 21:24:29.142 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:32 localhost keylime_registrar[131357]: 2025-02-07 21:24:32.464 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_registrar[131357]: 2025-02-07 21:24:36.195 - keylime.registrar - WARNING - Overriding ek_tpm for agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 from ekcert
Feb 07 21:24:36 localhost keylime_registrar[131357]: 2025-02-07 21:24:36.195 - keylime.tpm - INFO - Encrypting AIK with EK for UUID d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_registrar[131357]: 2025-02-07 21:24:36.197 - keylime.registrar - INFO - Overwriting previous registration for this UUID.
Feb 07 21:24:36 localhost keylime_registrar[131357]: 2025-02-07 21:24:36.206 - keylime.registrar - INFO - POST returning key blob for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_registrar[131357]: 2025-02-07 21:24:36.228 - keylime.registrar - INFO - PUT activated: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:46 localhost keylime_registrar[131357]: 2025-02-07 21:24:46.830 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:48 localhost keylime_registrar[131357]: 2025-02-07 21:24:48.671 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:50 localhost keylime_registrar[131357]: 2025-02-07 21:24:50.509 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:52 localhost keylime_registrar[131357]: 2025-02-07 21:24:52.335 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:54 localhost keylime_registrar[131357]: 2025-02-07 21:24:54.171 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:55 localhost keylime_registrar[131357]: 2025-02-07 21:24:55.994 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:57 localhost keylime_registrar[131357]: 2025-02-07 21:24:57.840 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:59 localhost keylime_registrar[131357]: 2025-02-07 21:24:59.679 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:01 localhost keylime_registrar[131357]: 2025-02-07 21:25:01.514 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:03 localhost keylime_registrar[131357]: 2025-02-07 21:25:03.341 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:05 localhost keylime_registrar[131357]: 2025-02-07 21:25:05.164 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:07 localhost keylime_registrar[131357]: 2025-02-07 21:25:07.012 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:11 localhost keylime_registrar[131357]: 2025-02-07 21:25:11.297 - keylime.registrar - INFO - GET returning 200 response for agent_id: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:25:12 localhost keylime_registrar[131357]: 2025-02-07 21:25:12.814 - keylime.registrar - INFO - Shutting down Registrar Server...
```

agent
```
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > Starting server with API versions: 2.1, 2.2
Feb 07 21:24:36 localhost keylime_agent[136151]:  WARN  keylime::tpm               > INSECURE: Keylime is currently using a software TPM emulator rather than a real hardware TPM.
Feb 07 21:24:36 localhost keylime_agent[136151]:  WARN  keylime::tpm               > INSECURE: The security of Keylime is NOT linked to a hardware root of trust.
Feb 07 21:24:36 localhost keylime_agent[136151]:  WARN  keylime::tpm               > INSECURE: Only use Keylime in this mode for testing or debugging purposes.
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > Loaded old AK key from /var/lib/keylime/agent_data.json
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > Agent UUID: d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime::registrar_client  > Requesting registrar API version to http://127.0.0.1:8890/version
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime::registrar_client  > Requesting agent registration from http://127.0.0.1:8890/v2.1/agents/d432fbb3-d2f1-4a97-9ef7-75bd81c00000 for d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > SUCCESS: Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 registered
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime::registrar_client  > Requesting agent activation from http://127.0.0.1:8890/v2.1/agents/d432fbb3-d2f1-4a97-9ef7-75bd81c00000 for d432fbb3-d2f1-4a97-9ef7-75bd81c00000
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > SUCCESS: Agent d432fbb3-d2f1-4a97-9ef7-75bd81c00000 activated
Feb 07 21:24:36 localhost keylime_agent[136151]:  INFO  keylime_agent              > Listening on https://127.0.0.1:9002
Feb 07 21:24:37 localhost keylime_agent[136151]:  INFO  keylime_agent              > GET invoked from "127.0.0.1" with uri /v2.0/quotes/integrity?nonce=dTgagLTqdiaLgdLml9iR&mask=0x400&partial=0&ima_ml_entry=924
Feb 07 21:24:37 localhost keylime_agent[136151]:  WARN  keylime_agent::errors_handler > GET returning 400 response. API version not supported: v2.0
Feb 07 21:24:37 localhost keylime_agent[136151]:  INFO  keylime_agent                 > GET invoked from "127.0.0.1" with uri /version
Feb 07 21:24:37 localhost keylime_agent[136151]:  INFO  keylime_agent::api            > GET invoked from "127.0.0.1" with uri /version
Feb 07 21:25:08 localhost keylime_agent[136151]:  INFO  keylime_agent                 > Shutting down keylime agent
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

verifier does not recognize API version supported both by the verifier and agent after agent update #1739

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

verifier does not recognize API version supported both by the verifier and agent after agent update #1739

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions