opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c1cbcec851061973a22e96b6673e62dcc779206a
cocos/pkg/attestation/corimgen/README.md
T
Sammy Kerata Oina c1cbcec851
CI / lint (push) Has been cancelled
Details
CI / test (agent) (push) Has been cancelled
Details
CI / test (cli) (push) Has been cancelled
Details
CI / test (cmd) (push) Has been cancelled
Details
CI / test (internal) (push) Has been cancelled
Details
CI / test (manager, true) (push) Has been cancelled
Details
CI / test (pkg) (push) Has been cancelled
Details
CI / upload-coverage (push) Has been cancelled
Details
COCOS-577 - Introduce Go-based CoRIM generation and deprecate Rust attestation policy scripts. (#578) 
* feat: Introduce Go-based CoRIM generation and deprecate Rust attestation policy scripts.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Update dependencies and refactor attestation policy handling

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Migrate attestation verification to use CoRIM and remove deprecated policy handling and EAT verification tests.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* Removed the `tdx` and `sev-snp` attestation policy scripts and their build configurations, along with related build and installation steps from the main Makefile.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* chore: Remove Rust CI workflow and Cargo Dependabot configuration, and enhance Go test setup for attestation policy paths.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* refactor: Use WriteString instead of Write([]byte) for writing policy file content in test.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Refactor `ca-bundle` command to fetch bundles by product string using a configurable HTTP getter with improved error handling, and simplify `attestation_policy` command usage.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: ignore return value of cmd.Help()

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Implement CoRIM generation for Azure and GCP attestation policies and add a CLI command to download and verify GCP OVMF files.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Upgrade Python virtual environment setup to include setuptools and wheel, append computation ID to Docker container names, and improve test robustness with error assertions and conditional skips for runtime tests.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* test: Enhance attestation verification tests, including CoRIM integration and specific platform types like Azure SNP, vTPM, TDX, and IGVM.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Add comprehensive test cases for `VerifyWithCoRIM` including success and measurement mismatch, and refine reference value validation.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Add Azure and TDX attestation verification tests and abstract external service dependencies for improved testability.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Add new test cases for Azure measurement extraction, EAT platform types, IGVM measurement stopping, vTPM CoRIM verification, and GCP OVMF download CLI.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* test: enhance CLI CoRIM generation and ATLS certificate verification tests, and refactor the Azure MAA client to use an interface.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
2026-03-19 17:01:24 +01:00

4.3 KiB
Raw Blame History

CoRIM Generator (veraison/corim)

This package provides CoRIM (Concise Reference Integrity Manifest) generation using the standard veraison/corim library.

Overview

The corimgen package generates CoRIM attestation policies for confidential computing platforms (SNP and TDX) using the veraison/corim library, which provides:

  • Standard-compliant CoRIM/CoMID structures per RFC 9393
  • Built-in COSE signing and verification
  • Ecosystem compatibility with Veraison attestation services

Features

  • SNP Support: Generate CoRIM for AMD SEV-SNP with measurements, SVN, and product information
  • TDX Support: Generate CoRIM for Intel TDX with MRTD, MRSEAM, and RTMRs
  • COSE Signing: Optional COSE_Sign1 signing with crypto.Signer keys
  • Defaults: Sensible defaults for testing and development

Usage

Basic Usage (Unsigned)

import "github.com/ultravioletrs/cocos/pkg/attestation/corimgen"

opts := corimgen.Options{
    Platform:    "snp",
    Measurement: "abc123...", // hex-encoded
    Product:     "Milan",
    SVN:         1,
}

corimBytes, err := corimgen.GenerateCoRIM(opts)

With Signing

import (
    "crypto/ecdsa"
    "crypto/elliptic"
    "crypto/rand"
    
    "github.com/ultravioletrs/cocos/pkg/attestation/corimgen"
)

// Generate signing key
privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)

opts := corimgen.Options{
    Platform:    "snp",
    Measurement: "abc123...",
    SVN:         1,
    SigningKey:  privateKey, // COSE signing
}

signedCorimBytes, err := corimgen.GenerateCoRIM(opts)

TDX with RTMRs

opts := corimgen.Options{
    Platform:    "tdx",
    Measurement: "91eb2b44...", // MRTD
    MrSeam:      "5b38e33a...", // MRSEAM
    RTMRs:       "ce0891f4...,062ac322...,5fd86e8c...,00000000...", // comma-separated
    SVN:         2,
}

corimBytes, err := corimgen.GenerateCoRIM(opts)

Options

Field Type Description
Platform string Platform type: "snp" or "tdx"
Measurement string Hex-encoded measurement (MRTD for TDX, measurement for SNP)
Product string SNP processor product name (e.g., "Milan", "Genoa")
SVN uint64 Security Version Number
Policy uint64 SNP policy flags
RTMRs string TDX Runtime Measurement Registers (comma-separated hex)
MrSeam string TDX SEAM module measurement (hex)
HostData string SNP host data (hex)
LaunchTCB uint64 SNP minimum launch TCB
SigningKey crypto.Signer Optional COSE signing key (ES256)

Defaults

The package provides sensible defaults for testing:

SNP

  • SNPDefaultMeasurement: 48-byte zero measurement
  • SNPDefaultVmpl: VMPL level 2

TDX

  • TDXDefaultMrTd: Default MRTD value
  • TDXDefaultMrSeam: Default MRSEAM value
  • TDXDefaultRTMRs: Default RTMR values (4 registers)

Implementation Details

CoRIM Structure

Generated CoRIM contains:

  • CoRIM ID: Unique identifier (platform-corim-{uuid})
  • CoMID Tags: One or more CoMID tags with:
    • Tag Identity: Unique tag ID and version
    • Environment: Platform class (UUID) and optional instance (product)
    • Reference Values: Measurements with:
      • Key: UUID identifier for each measurement
      • Digests: SHA-256 hash of measurement
      • SVN: Security version number (if specified)

Signing

When SigningKey is provided:

  1. Creates unsigned CoRIM
  2. Wraps in COSE_Sign1 message
  3. Signs with ES256 algorithm (ECDSA P-256)
  4. Returns signed CBOR bytes

Verification

To verify a signed CoRIM:

import (
    "crypto/ecdsa"
    "github.com/veraison/corim/corim"
)

var signedCorim corim.SignedCorim
err := signedCorim.FromCOSE(signedBytes)

publicKey := privateKey.Public().(*ecdsa.PublicKey)
err = signedCorim.Verify(publicKey)

Testing

Run tests:

go test ./pkg/attestation/corimgen/... -v

Integration

This package is used by:

  • pkg/attestation/generator - Backward-compatible wrapper
  • cli - CoRIM generation commands
  • manager - Dynamic CoRIM policy generation

References

Reference in New Issue View Git Blame Copy Permalink