opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
67f939fc6613c07e68fe102a89eaae16192ae687
cocos/cli
T
History
Danko Miladinovic 67f939fc66
CI / checkproto (push) Has been cancelled
Details
CI / ci (push) Has been cancelled
Details
Rust CI Pipeline / rust-check (push) Has been cancelled
Details
COCOS-326 - Add vTPM support to CoCoS (#376) 
* manager, cli and agent vtpm support

* rebase and changed atls for vtpm

* deleted unused code

* changed chekproto.yaml script so it find the manager proto file correctly

* fixe manager proto version

* fix agent tests

* fix server agent test

* fix attestation test

* fix attestation test gofumpt

* created dummy RWC for TPM

* fix comment

* add default PCR values

* rebase main

* fix rust ci and missing header

* changed embedded  attestation to VMPL 2

* fix unused impot

* fix pkg test

* address attestation type

* fix agent attestation test

* add prc15 check

* fix comments

* fix cli tests

* add doc

* add mock for LeveledQuoteProvider when SEV-SNP device is not found

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix manager reading attestation policy

* refactor PCR value checks and update attestation policy values

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix tests for sev and grpc

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Co-authored-by: Sammy Oina <sammyoina@gmail.com>
2025-03-07 16:36:47 +01:00
..
algorithm_test.go
NOISSUE - Improve file streaming (#295)
2024-11-07 10:47:53 +01:00
algorithms.go
NOISSUE - Improve file streaming (#295)
2024-11-07 10:47:53 +01:00
attestation_policy_test.go
NOISSUE - Rename backend info to attestation policy (#314)
2024-11-21 20:56:03 +01:00
attestation_policy.go
NOISSUE - Rename backend info to attestation policy (#314)
2024-11-21 20:56:03 +01:00
attestation_test.go
COCOS-326 - Add vTPM support to CoCoS (#376)
2025-03-07 16:36:47 +01:00
attestation.go
COCOS-326 - Add vTPM support to CoCoS (#376)
2025-03-07 16:36:47 +01:00
cache_test.go
COCOS-192 - Add support for attested TLS (#279)
2024-11-04 19:10:34 +01:00
cache.go
COCOS-326 - Add vTPM support to CoCoS (#376)
2025-03-07 16:36:47 +01:00
checksum_test.go
COCOS-344 - New agent structure (#350)
2025-01-17 12:50:53 +01:00
checksum.go
NOISSUE - Manifest checksum (#306)
2024-11-08 14:56:45 +01:00
datasets_test.go
NOISSUE - Improve file streaming (#295)
2024-11-07 10:47:53 +01:00
datasets.go
NOISSUE - Improve file streaming (#295)
2024-11-07 10:47:53 +01:00
errors_test.go
NOISSUE - Add health check (#288)
2024-10-30 15:28:07 +01:00
errors.go
NOISSUE - Add health check (#288)
2024-10-30 15:28:07 +01:00
keys_test.go
add cli tests (#274)
2024-10-08 16:28:17 +02:00
keys.go
COCOS-253 - Improve CLI error handling (#277)
2024-10-08 17:11:37 +02:00
manager.go
NOISSUE - Set env automatically (#355)
2025-01-20 13:46:18 +01:00
README.md
COCOS-169 - Add support for algo arguments (#202)
2024-08-23 16:51:35 +02:00
result_test.go
NOISSUE - Improve file streaming (#295)
2024-11-07 10:47:53 +01:00
result.go
set minimum args (#304)
2024-11-07 16:41:23 +01:00
sdk.go
NOISSUE - Simplify manager to vm provision only (#353)
2025-01-20 11:56:18 +01:00

README.md

Agent CLI

This repository contains the command-line interface (CLI) tool for interacting with the Agent and manager service. The CLI allows you to perform various tasks such as running computations, uploading algorithm and datasets, and retrieving results.

Build

From the project root:

make cli

Usage

Get attestation

Retrieves attestation information from the SEV guest and saves it to a file. To retrieve attestation from agent, use the following command:

./build/cocos-cli attestation get '<report_data>'

Validate attestation

Validates the retrieved attestation information against a specified policy and checks its authenticity. To validate and verify attestation from agent, use the following command:

./build/cocos-cli attestation validate '<attestation>' --report_data '<report_data>'
Flags
  • --config: Path to a JSON file containing the validation configuration. This can be used to override individual flags.
  • --report_data: Hex-encoded string representing the attestation report data. (Required for the validate command)
  • --host_data: Hex-encoded string representing the expected HOST_DATA field.
  • --family_id: Hex-encoded string representing the expected FAMILY_ID field.
  • --image_id: Hex-encoded string representing the expected IMAGE_ID field.
  • --report_id: Hex-encoded string representing the expected REPORT_ID field.
  • --report_id_ma: Hex-encoded string representing the expected REPORT_ID_MA field.
  • --measurement: Hex-encoded string representing the expected MEASUREMENT field.
  • --chip_id: Hex-encoded string representing the expected CHIP_ID field.
  • --minimum_tcb: Minimum acceptable value for CURRENT_TCB, COMMITTED_TCB, and REPORTED_TCB.
  • --minimum_launch_tcb: Minimum acceptable value for LAUNCH_TCB.
  • --minimum_guest_svn: Minimum acceptable SnpPolicy.
  • --minimum_build: Minimum 8-bit build number for AMD-SP firmware.
  • --check_crl: Download and check the CRL for revoked certificates (default: false).
  • --disallow_network: If true, disallows network downloads for verification (default: false).
  • --timeout: Duration to continue retrying failed HTTP requests (default: 2 minutes).
  • --max_retry_delay: Maximum duration to wait between HTTP request retries (default: 30 seconds).
  • --require_author_key: Require that AUTHOR_KEY_EN is set to 1 (default: false).
  • --require_id_block: Require that the VM was launched with an ID_BLOCK signed by a trusted key (default: false).
  • --permit_provisional_software: Allow provisional firmware (default: false).
  • --platform_info: Maximum acceptable PLATFORM_INFO field bit-wise (optional).
  • --minimum_version: Minimum AMD-SP firmware API version (major.minor) (optional).
  • --trusted_author_keys: Paths to x.509 certificates of trusted author keys (optional).
  • --trusted_author_key_hashes: Hex-encoded SHA-384 hashes of trusted author keys (optional).
  • --trusted_id_keys: Paths to x.509 certificates of trusted identity keys (optional).
  • --trusted_id_key_hashes: Hex-encoded SHA-384 hashes of trusted identity keys (optional).
  • --product: AMD product name for the chip that generated the attestation report (optional).
  • --stepping: Machine stepping for the chip that generated the attestation report (optional).
  • --CA_bundles_paths: Paths to CA bundles for the AMD product (optional).
  • --CA_bundles: PEM format CA bundles for the AMD product (optional).

Upload Algorithm

To upload an algorithm, use the following command:

./build/cocos-cli algo /path/to/algorithm <private_key_file_path>
Flags
  • -a, --algorithm string Algorithm type to run (default "bin")
  • --args stringArray        Arguments to pass to the algorithm

  • --python-runtime string   Python runtime to use (default "python3")
  • -r, --requirements string Python requirements file

Upload Dataset

To upload a dataset, use the following command:

./build/cocos-cli data /path/to/dataset.csv <private_key_file_path>

Users can also upload directories which will be compressed on transit. Once received by agent they will be stored as compressed files or decompressed if the user passed the decompression argument.

Flags
  • -d, --decompress Decompress the dataset on agent

Retrieve result

To retrieve the computation result, use the following command:

./build/cocos-cli result <private_key_file_path>

Checksum

When defining the manifest dataset and algorithm checksums are required. This can be done as below:

./build/cocos-cli checksum <path_to_dataset_or_algorithm>
Reference in New Issue View Git Blame Copy Permalink