opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-22 20:00:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NOISSUE - Add vTPM AK hash to SEV-SNP report (#543)

Browse Source 
* add vTPM AK to SEV-SNP report

* fix ci errors
This commit is contained in:
Danko Miladinovic
2025-11-03 13:01:53 +01:00
committed by GitHub
parent 77a11c6535
commit 3b1605da77
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/attestation/vtpm/vtpm.go
+18 -2
View File
@@ -213,7 +213,15 @@ func VTPMVerify(quote []byte, teeNonce []byte, vtpmNonce []byte, writer io.Write
return errors.Wrap(fmt.Errorf("failed to unmarshal quote"), err)
}
if err := quoteprovider.VerifyAttestationReportTLS(attestation.GetSevSnpAttestation(), teeNonce, policy); err != nil {
akPub := attestation.GetAkPub()
nonce := make([]byte, 0, len(teeNonce)+len(akPub))
nonce = append(nonce, teeNonce...)
nonce = append(nonce, akPub...)
attestData := sha3.Sum512(nonce)
if err := quoteprovider.VerifyAttestationReportTLS(attestation.GetSevSnpAttestation(), attestData[:], policy); err != nil {
return fmt.Errorf("failed to verify TEE attestation report: %v", err)
}
@@ -307,7 +315,15 @@ func FetchQuote(nonce []byte) (*attest.Attestation, error) {
}
func addTEEAttestation(attestation *attest.Attestation, nonce []byte, vmpl uint) error {
rawTeeAttestation, err := quoteprovider.FetchAttestation(nonce, vmpl)
akPub := attestation.GetAkPub()
teeNonce := make([]byte, 0, len(nonce)+len(akPub))
teeNonce = append(teeNonce, nonce...)
teeNonce = append(teeNonce, akPub...)
attestData := sha3.Sum512(teeNonce)
rawTeeAttestation, err := quoteprovider.FetchAttestation(attestData[:], vmpl)
if err != nil {
return fmt.Errorf("failed to fetch TEE attestation report: %v", err)
}