NOISSUE - Bump SEV version for attestation policy (#503)

* Update version in Cargo.toml and format minimum version in main.rs

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Enhance Makefile to include OUTPUT_DIR for attestation_policy and update install/clean targets

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

Makefile

@@ -26,14 +26,14 @@ endef
 
 .PHONY: all $(SERVICES) $(ATTESTATION_POLICY) install clean
 
-all: $(SERVICES)
+all: $(SERVICES) $(ATTESTATION_POLICY)
 
 $(SERVICES): 
 	$(call compile_service,$@)
 	@if [ "$@" = "cli" ] || [ "$@" = "manager" ]; then $(MAKE) build-igvm; fi
 
 $(ATTESTATION_POLICY):
-	$(MAKE) -C ./scripts/attestation_policy
+	$(MAKE) -C ./scripts/attestation_policy OUTPUT_DIR=../../$(BUILD_DIR)
 
 protoc:
 	protoc -I. --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative agent/agent.proto
@@ -44,15 +44,17 @@ protoc:
 mocks:
 	mockery --config ./mockery.yml
 
-install: $(SERVICES)
+install: $(SERVICES) $(ATTESTATION_POLICY)
 	install -d $(INSTALL_DIR)
 	install $(BUILD_DIR)/cocos-cli $(INSTALL_DIR)/cocos-cli
 	install $(BUILD_DIR)/cocos-manager $(INSTALL_DIR)/cocos-manager
+	install $(BUILD_DIR)/attestation_policy $(INSTALL_DIR)/attestation_policy
 	install -d $(CONFIG_DIR)
 	install cocos-manager.env $(CONFIG_DIR)/cocos-manager.env
 
 clean:
 	rm -rf $(BUILD_DIR)
+	$(MAKE) -C ./scripts/attestation_policy OUTPUT_DIR=../../$(BUILD_DIR) clean
 
 run: install_service
 	sudo systemctl start $(SERVICE_NAME).service

scripts/attestation_policy/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "attestation_policy"
-version = "0.1.0"
+version = "0.7.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -9,5 +9,5 @@ edition = "2021"
 clap = { version = "4.0", features = ["derive"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-sev = "5.0.0"
+sev = "6.2.1"
 base64 = "0.22.1"

scripts/attestation_policy/Makefile

@@ -2,13 +2,23 @@ CARGO = cargo
 TARGET = target
 BUILD_DIR = $(TARGET)/release
 BIN_NAME = attestation_policy
+OUTPUT_DIR ?= $(BUILD_DIR)
 
 all: build
 
 build:
 	$(CARGO) build --release
+	@if [ "$(OUTPUT_DIR)" != "$(BUILD_DIR)" ]; then \
+		mkdir -p $(OUTPUT_DIR) && \
+		cp $(BUILD_DIR)/$(BIN_NAME) $(OUTPUT_DIR)/$(BIN_NAME) && \
+		echo "Copied $(BIN_NAME) to $(OUTPUT_DIR)/"; \
+	fi
 
 clean:
 	$(CARGO) clean
+	@if [ "$(OUTPUT_DIR)" != "$(BUILD_DIR)" ] && [ -f "$(OUTPUT_DIR)/$(BIN_NAME)" ]; then \
+		rm -f $(OUTPUT_DIR)/$(BIN_NAME) && \
+		echo "Removed $(BIN_NAME) from $(OUTPUT_DIR)/"; \
+	fi
 
 .PHONY: all build clean

scripts/attestation_policy/src/main.rs

@@ -142,7 +142,7 @@ fn main() {
     let cpu_id: Identifier = firmware.get_identifier().unwrap();
     let chip_id: String = BASE64_STANDARD.encode(cpu_id.0);
     let minimum_build = status.build_id;
-    let minimum_version = status.version.to_string();
+    let minimum_version = format!("{}.{}", status.version.0, status.version.1);
     let permit_provisional_firmware = true;
     let require_id_block = false;
     let product = sev_product(get_sev_snp_processor());