-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added e2e test for CoCo-AS using SNP evidence #264
Conversation
192cad5
to
cdd8194
Compare
The error https://github.com/confidential-containers/kbs/actions/runs/7284163707/job/19849143732?pr=264 here is because PCCS cannot be connected (0xe019). I am not sure whether there is a accessable PCCS that is compatible with DCAP lib provided by Intel on GH Runner. Or we should use a self-hosted machine to run this test? |
There should be a PCCS available in azure, but I doubt that works ootb on github runners. If that's the case, I would suggest a self-hosted runner. There is already an open issue for that. We could use the coco azure subscription to spawn ephemeral self-hosted runners that have access to the PCCS. Maybe we can look into that sometime early next year. We should be able to reuse the existing Garm setup from the infra repo. |
@mkulke Ok. I think the original aim of #223 is to generate the evidence in real TEE and do the verification. Let me try to change this PR into another platform test case like SNP which does not rely on the GH Runner env. After this we can keep on #223 |
In the e2e test, we use a given SNP evidence to request the CoCoAS in both grpc and restful, and try to get the result token. But still, the evidence is not generated runtime. Fixes: confidential-containers#232 Signed-off-by: Xynnn007 <[email protected]>
Updated the code for easily support real TEE in future. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
In the future maybe we can extend it to evaluate some policy as well.
Also, if we use a self-hosted runner it shouldn't be too difficult to get some real evidence to use.
Depends on #262
Use a fixed
SGXSNP evidence to test gRPC and RESTful CoCoAS to get token