opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NOISSSUE - Fix SEV-SNP attestation policy validation (#541)

Browse Source 
* Fix SEV-SNP attestation policy validation issue

- Replace abi.ReportCertsToProto() with direct proto.Unmarshal() to bypass
  strict guest policy bit 17 validation that was failing
- Change protojson.Marshal() to proto.Marshal() for binary protobuf output

Signed-off-by: wkk <wkk@example.com>

* Remove debug logging

- Remove fmt.Println debug statements from cmd/agent/main.go
- Remove fmt.Println debug statements from pkg/atls/certificate_provider.go
- Remove fmt.Println debug statements from pkg/attestation/azure/snp.go

Signed-off-by: wkk <wkk@example.com>

* remove debug logs

Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>

---------

Signed-off-by: wkk <wkk@example.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
This commit is contained in:
Washington Kigani Kamadi
2025-10-15 19:36:17 +03:00
committed by GitHub
parent 04b0cdfd5d
commit 2b38f4595c
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/attestation/azure/snp.go
-1
View File
@@ -63,7 +63,6 @@ func (a provider) Attestation(teeNonce []byte, vTpmNonce []byte) ([]byte, error)
quote.TeeAttestation = &attest.Attestation_SevSnpAttestation{
SevSnpAttestation: snpReport,
}
return proto.Marshal(quote)
}
pkg/attestation/quoteprovider/sev.go
+2 -2
View File
@@ -26,7 +26,7 @@ import (
"github.com/google/go-sev-guest/verify/trust"
"github.com/google/logger"
"github.com/ultravioletrs/cocos/pkg/attestation"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/proto"
)
const (
@@ -199,7 +199,7 @@ func FetchAttestation(reportDataSlice []byte, vmpl uint) ([]byte, error) {
quoteProto.CertificateChain.AskCert = askPem.Bytes
quoteProto.CertificateChain.ArkCert = arkPem.Bytes
result, err := protojson.Marshal(quoteProto)
result, err := proto.Marshal(quoteProto)
if err != nil {
return []byte{}, fmt.Errorf("failed to marshal quote proto: %v", err)
}
pkg/attestation/vtpm/vtpm.go
+3 -2
View File
@@ -310,9 +310,10 @@ func addTEEAttestation(attestation *attest.Attestation, nonce []byte, vmpl uint)
return fmt.Errorf("failed to fetch TEE attestation report: %v", err)
}
extReport, err := abi.ReportCertsToProto(rawTeeAttestation)
extReport := &sevsnp.Attestation{}
err = proto.Unmarshal(rawTeeAttestation, extReport)
if err != nil {
return errors.Wrap(fmt.Errorf("failed to convert TEE report to proto"), err)
return errors.Wrap(fmt.Errorf("failed to unmarshal TEE report proto"), err)
}
attestation.TeeAttestation = &attest.Attestation_SevSnpAttestation{
SevSnpAttestation: extReport,