mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-23 04:10:25 +00:00
Danko Miladinovic
67f939fc66
* manager, cli and agent vtpm support * rebase and changed atls for vtpm * deleted unused code * changed chekproto.yaml script so it find the manager proto file correctly * fixe manager proto version * fix agent tests * fix server agent test * fix attestation test * fix attestation test gofumpt * created dummy RWC for TPM * fix comment * add default PCR values * rebase main * fix rust ci and missing header * changed embedded attestation to VMPL 2 * fix unused impot * fix pkg test * address attestation type * fix agent attestation test * add prc15 check * fix comments * fix cli tests * add doc * add mock for LeveledQuoteProvider when SEV-SNP device is not found Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix manager reading attestation policy * refactor PCR value checks and update attestation policy values Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix tests for sev and grpc --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com> Co-authored-by: Sammy Oina <sammyoina@gmail.com>
79 lines
2.2 KiB
Go
79 lines
2.2 KiB
Go
// Copyright (c) Ultraviolet
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
package cli
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path"
|
|
|
|
"github.com/google/go-sev-guest/abi"
|
|
"github.com/google/go-sev-guest/kds"
|
|
"github.com/google/go-sev-guest/proto/check"
|
|
"github.com/google/go-sev-guest/verify/trust"
|
|
"github.com/spf13/cobra"
|
|
config "github.com/ultravioletrs/cocos/pkg/attestation"
|
|
)
|
|
|
|
const (
|
|
caBundleName = "ask_ark.pem"
|
|
filePermisionKeys = 0o766
|
|
)
|
|
|
|
func (cli *CLI) NewCABundleCmd(fileSavePath string) *cobra.Command {
|
|
return &cobra.Command{
|
|
Use: "ca-bundle",
|
|
Short: "Fetch AMD SEV-SNPs CA Bundle (ASK and ARK)",
|
|
Example: "ca-bundle <path_to_platform_info_json>",
|
|
Args: cobra.ExactArgs(1),
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
attestationConfiguration := config.Config{SnpCheck: &check.Config{Policy: &check.Policy{}, RootOfTrust: &check.RootOfTrust{}}, PcrConfig: &config.PcrConfig{}}
|
|
err := config.ReadAttestationPolicy(args[0], &attestationConfiguration)
|
|
if err != nil {
|
|
printError(cmd, "Error while reading manifest: %v ❌ ", err)
|
|
return
|
|
}
|
|
|
|
product := attestationConfiguration.SnpCheck.RootOfTrust.ProductLine
|
|
|
|
getter := trust.DefaultHTTPSGetter()
|
|
caURL := kds.ProductCertChainURL(abi.VcekReportSigner, product)
|
|
|
|
bundle, err := getter.Get(caURL)
|
|
if err != nil {
|
|
message := fmt.Sprintf("Error fetching ARK and ASK from AMD KDS for product: %s", product)
|
|
message += ", error: %v ❌ "
|
|
printError(cmd, message, err)
|
|
return
|
|
}
|
|
|
|
err = os.MkdirAll(path.Join(fileSavePath, product), filePermisionKeys)
|
|
if err != nil {
|
|
message := fmt.Sprintf("Error while creating directory for product name %s", product)
|
|
message += ", error: %v ❌ "
|
|
printError(cmd, message, err)
|
|
return
|
|
}
|
|
|
|
bundlePath := path.Join(fileSavePath, product, caBundleName)
|
|
if err = saveToFile(bundlePath, bundle); err != nil {
|
|
printError(cmd, "Error while saving ARK-ASK to file: %v ❌ ", err)
|
|
return
|
|
}
|
|
},
|
|
}
|
|
}
|
|
|
|
func saveToFile(fileSavePath string, content []byte) error {
|
|
file, err := os.OpenFile(fileSavePath, os.O_CREATE|os.O_RDWR|os.O_TRUNC, filePermisionKeys)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if _, err := file.Write(content); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|