Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

az-snp/tdx-vtpm-verifier: add PCRs to claims map #334

Merged
merged 1 commit into from
Feb 28, 2024
Merged

az-snp/tdx-vtpm-verifier: add PCRs to claims map #334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
310 changes: 162 additions & 148 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

16 changes: 16 additions & 0 deletions attestation-service/docs/parsed_claims.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,3 +72,19 @@ The following fields always exist.
- `sgx.body.reserved4`: Reserved.
- `sgx.body.isv_family_id`: ISV assigned Family ID.
- `sgx.body.report_data`: Data provided by the user.

## Azure TDX Confidential VM (az-tdx-vtpm)

The claim inherit the fields from the TDX claim with and additional `tpm` hierarchy in which the TEE's PCR values are stored:

- `tpm.pcr{01,..,n}`: SHA256 PCR registers for the TEE's vTPM quote.

Note: The TD Report and TD Quote are fetched during early boot in this TEE. Kernel, Initrd and rootfs are measured into the vTPM's registers.

## Azure SEV-SNP Confidential VM (az-snp-vtpm)

The claim inherit the fields from the SEV-SNP claim with and additional `tpm` hierarchy in which the TEE's PCR values are stored:

- `tpm.pcr{01,..,n}`: SHA256 PCR registers for the TEE's vTPM quote.

Note: The TD Report and TD Quote are fetched during early boot in this TEE. Kernel, Initrd and rootfs are measured into the vTPM's registers.
4 changes: 2 additions & 2 deletions attestation-service/verifier/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ cca-verifier = [ "ear", "jsonwebtoken", "veraison-apiclient" ]
anyhow.workspace = true
asn1-rs = { version = "0.5.1", optional = true }
async-trait.workspace = true
az-snp-vtpm = { version = "0.5.1", default-features = false, features = ["verifier"], optional = true }
az-tdx-vtpm = { version = "0.5.1", default-features = false, features = ["verifier"], optional = true }
az-snp-vtpm = { version = "0.5.2", default-features = false, features = ["verifier"], optional = true }
az-tdx-vtpm = { version = "0.5.2", default-features = false, features = ["verifier"], optional = true }
base64 = "0.21"
bincode = "1.3.3"
byteorder = "1"
Expand Down
44 changes: 42 additions & 2 deletions attestation-service/verifier/src/az_snp_vtpm/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ use az_snp_vtpm::vtpm::Quote;
use log::{debug, warn};
use openssl::pkey::PKey;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use sev::firmware::host::{CertTableEntry, CertType};

const HCL_VMPL_VALUE: u32 = 0;
Expand All @@ -43,6 +44,24 @@ impl AzSnpVtpm {
}
}

pub(crate) fn extend_claim_with_tpm_quote(
claim: &mut TeeEvidenceParsedClaim,
quote: &Quote,
) -> Result<()> {
let Value::Object(ref mut map) = claim else {
bail!("failed to extend the claim, not an object");
};

let mut tpm_values = serde_json::Map::new();
for (i, pcr) in quote.pcrs_sha256().enumerate() {
Copy link
Member

@portersrc portersrc Feb 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where's pcrs_sha256 coming from? I couldn't track it down.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@portersrc

https://docs.rs/az-snp-vtpm/latest/az_snp_vtpm/vtpm/struct.Quote.html#method.pcrs_sha256

those are the measurement digests from the CVM's vTPM. The launch measurements in TD/SNP reports do not tell us much beyond the HW state of the guest here, since the reports are fetched at early boot. Measurement of e.g. kernel, initrd, rootfs and more is deferred to the TPM registers. So we will have reference values for, say quote.tpm.pcr11, to verify the UKI of the confidential guest.

Copy link
Member

@portersrc portersrc Feb 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mkulke, that info is helpful. Yeah I was sanity-checking the element iteration/ordering when I asked this question, I believe. LGTM, nice PR.

tpm_values.insert(format!("pcr{:02}", i), Value::String(hex::encode(pcr)));
mkulke marked this conversation as resolved.
Show resolved Hide resolved
}
debug!("extending claim with TPM quote: {:#?}", tpm_values);
map.insert("tpm".to_string(), Value::Object(tpm_values));
mkulke marked this conversation as resolved.
Show resolved Hide resolved

Ok(())
}

#[async_trait]
impl Verifier for AzSnpVtpm {
/// The following verification steps are performed:
Expand Down Expand Up @@ -83,7 +102,9 @@ impl Verifier for AzSnpVtpm {
let vcek = Vcek::from_pem(&evidence.vcek)?;
verify_snp_report(&snp_report, &vcek, &self.vendor_certs)?;

let claim = parse_tee_evidence(&snp_report);
let mut claim = parse_tee_evidence(&snp_report);
extend_claim_with_tpm_quote(&mut claim, &evidence.quote)?;

Ok(claim)
}
}
Expand Down Expand Up @@ -145,9 +166,10 @@ fn verify_snp_report(
mod tests {
use super::*;
use az_snp_vtpm::vtpm::VerifyError;
use serde_json::json;

const REPORT: &[u8; 2600] = include_bytes!("../../test_data/az-snp-vtpm/hcl-report.bin");
const QUOTE: &[u8; 1362] = include_bytes!("../../test_data/az-snp-vtpm/quote.bin");
const QUOTE: &[u8; 1170] = include_bytes!("../../test_data/az-snp-vtpm/quote.bin");
const REPORT_DATA: &[u8] = "challenge".as_bytes();

#[test]
Expand Down Expand Up @@ -273,4 +295,22 @@ mod tests {
VerifyError::PcrMismatch.to_string()
);
}

#[test]
fn test_extend_claim_with_tpm_quote() {
let mut claim = json!({"some": "thing"});
let quote: Quote = bincode::deserialize(QUOTE).unwrap();
extend_claim_with_tpm_quote(&mut claim, &quote).unwrap();

let map = claim.as_object().unwrap();
assert_eq!(map.len(), 2);
let tpm_map = map.get("tpm").unwrap().as_object().unwrap();
assert_eq!(tpm_map.len(), 24);

for (i, pcr) in quote.pcrs_sha256().enumerate() {
let key = format!("pcr{:02}", i);
let value = tpm_map.get(&key).unwrap().as_str().unwrap();
assert_eq!(value, hex::encode(pcr));
}
}
}
7 changes: 5 additions & 2 deletions attestation-service/verifier/src/az_tdx_vtpm/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
// SPDX-License-Identifier: Apache-2.0
//

use super::az_snp_vtpm::extend_claim_with_tpm_quote;
use super::tdx::claims::generate_parsed_claim;
use super::tdx::quote::{ecdsa_quote_verification, parse_tdx_quote, Quote as TdQuote};
use super::{TeeEvidenceParsedClaim, Verifier};
Expand Down Expand Up @@ -62,7 +63,9 @@ impl Verifier for AzTdxVtpm {

verify_hcl_var_data(&hcl_report, &td_quote)?;

let claim = generate_parsed_claim(td_quote, None)?;
let mut claim = generate_parsed_claim(td_quote, None)?;
extend_claim_with_tpm_quote(&mut claim, &evidence.tpm_quote)?;

Ok(claim)
}
}
Expand Down Expand Up @@ -111,7 +114,7 @@ mod tests {
use az_tdx_vtpm::vtpm::VerifyError;

const REPORT: &[u8; 2600] = include_bytes!("../../test_data/az-tdx-vtpm/hcl-report.bin");
const QUOTE: &[u8; 1362] = include_bytes!("../../test_data/az-tdx-vtpm/quote.bin");
const QUOTE: &[u8; 1170] = include_bytes!("../../test_data/az-tdx-vtpm/quote.bin");
const TD_QUOTE: &[u8; 5006] = include_bytes!("../../test_data/az-tdx-vtpm/td-quote.bin");

#[test]
Expand Down
4 changes: 3 additions & 1 deletion attestation-service/verifier/src/snp/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,9 @@ impl Verifier for Snp {
}
}

Ok(parse_tee_evidence(&report))
let claims_map = parse_tee_evidence(&report);
let json = json!(claims_map);
Ok(json)
}
}

Expand Down
Binary file modified attestation-service/verifier/test_data/az-snp-vtpm/hcl-report.bin
View file
Open in desktop
Binary file not shown.
Binary file modified attestation-service/verifier/test_data/az-snp-vtpm/quote.bin
View file
Open in desktop
Binary file not shown.
116 changes: 96 additions & 20 deletions attestation-service/verifier/test_data/az-snp-vtpm/vcek.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,29 +3,105 @@ MIIFTDCCAvugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATB7MRQwEgYD
VQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDASBgNVBAcMC1NhbnRhIENs
YXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5jZWQgTWljcm8gRGV2aWNl
czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDEwMTA1MzExOFoXDTMwMDEwMTA1
MzExOFowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
czESMBAGA1UEAwwJU0VWLU1pbGFuMB4XDTIzMDUwMjIxMjIxOVoXDTMwMDUwMjIx
MjIxOVowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYD
VQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2Vk
IE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WQ0VLMHYwEAYHKoZIzj0CAQYF
K4EEACIDYgAEP3PCTk5P1qVUrvZPD+Motv8TNuSxJs5IR21EHLVk7HKQ3bNFknCc
mwE4ldVb27hjHGpizC9Oom6HHfa7XjX+3P+77N217Tn8/u2MUWhlv7koTxe/xwuV
Xn07DiWV7ZSKo4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
K4EEACIDYgAE53roqP63VFYieePXcG6qPLq8m9pLUrvFe4V3RUMfTwPmAMBILaXW
3jNzcaPfj8bz9ZgtTRaIHPW5hPuro1OO1rM+dYI6N11Xtjqadw78qxcPdOUQMkjY
y6q5pqga5xj9o4IBFjCCARIwEAYJKwYBBAGceAEBBAMCAQAwFwYJKwYBBAGceAEC
BAoWCE1pbGFuLUIwMBEGCisGAQQBnHgBAwEEAwIBAzARBgorBgEEAZx4AQMCBAMC
AQAwEQYKKwYBBAGceAEDBAQDAgEAMBEGCisGAQQBnHgBAwUEAwIBADARBgorBgEE
AZx4AQMGBAMCAQAwEQYKKwYBBAGceAEDBwQDAgEAMBEGCisGAQQBnHgBAwMEAwIB
CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEA6dUWWsrgPLlF2yq6v
VEvZSbse/BceAuFyGwp2fd/Jn04lmNJXQQtXEr6LTctPmYOLymx50lAmx2rwnxl5
gvA8MEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B
AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQA3s4HR1ZshYd/PeYXfiuLV
kmTCWm+OBd9HVM0hXcNv2KWxRzmG7lBzNKfk71DLqsjOYK5uAS0Jdad9iSbJS6F9
nQNL1O7/n8M3K6OYa1SYFubU1tXJjRL3Bzx/rcL1w6sGQIeXwDXNjxyPO433YbIW
oQ6VuUj5AeTLlp3hChfrQ0Nkj3DbfsmDmSL4F0vsSq629YxQ6XTT+tIT897iMMVI
IMUeJ4O7wxcMnoKoNbM+dTmKrkDm4/FdqYpsT2ziPD9FcTcMud0qZGy8YmUCa9cV
/g7xKrDfRe8A8FDe1iFAVJ62xhS7GiOx/F2Gd/oEHto9dwE4/OVRmZlFy1njlxZt
3Dd6W8z0TLmiyHngApx8VMJHNuf4+UeiDYkWo14ZzGlsMKHweGQhy/bRbkIpjNB/
fUZsn404ZxV8+mbTdeMftIUAofDHryPq2/K4FZB6IucEil9S/dejUerlAlDn+uq/
TT/FatsAv8gMnTHNB2/GRDRuiLf5bqRGXFRelV8K0edfoxxvW8JjiK2h6bsQf4aA
JPH53P1GFWvEu9zOsGTldzOIvcPdykMFxhssRryI4YTTwAg6BPpXM83kdnGCEPgU
pNO5zaEImuqtrxdmOZt8qGxyQ2DYgwS0QC8srEIxBtM9eBSJAodvgUiovwACF4+w
5CU3rQt0CzyWLJop7k8GMw==
CDARBgorBgEEAZx4AQMIBAMCAXMwTQYJKwYBBAGceAEEBEAZdSpEfbUBoyreRkKK
RukmOb01Fdu0Xi5nu8sJNP/PHz48AEzLSpnJ+n5P+wnaazJKxYrO2vZ58kun21+D
jGzKMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0B
AQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBA4ICAQCJk1WMW74Z9cOTBpgetdgb
fNHAmUKPwJIsOAWVlM/8dciPWcKdWc5VB7fy8bpOqCc95/RbUKFdT3cezjZ8Ukmo
mQh7ALdiuSvBVh2RVGVAJW9/xuIQTB09jJO2izL03vHy6ojrUBohyLUJI1Qajheu
6YjlZ2sL4xkvzMGqvKInqXYGEqMDrqgCIEFQ63Si1HWIi/ms3DPW+kZZNQVzAFCk
dDxMAaApAbBJNww28bCSHrkgnQdwrRzUlM38truqV/g0ItThiAzBWE7asBggRHxA
lHu53ECo4uZ0k9v3lD6NQ6lldnl0nM31rbry1rQlJqseyvWqDq4+/+LksBqdfsud
hDP1SdeRD7YzBziTn5Tr/XY+Vg+GxMfUNE2E0XW3FJMLGd8AnGIipRN67BmDQuY7
oVeWF1ZJ0Gk+d3fbCuJ5lYECcBBq8zKje9u/zX1UaSwgi11RMkKB4pfBmLrGPppz
q/s5rx4x2+HrHyHLvpLeQaxWzMe0ZaF5XBYi5ujsOci550cl4x6mjb/grUucurSc
cjl0NTQeyL5L7cpNTp450U9p7+EVRRxx2kufc1EbcDyZ5pwlnqApcgLX5ajF51im
LikpLkCNCWdu5QNKFXquJkNSCaocE56djP1CwqirfeRuHvj7NpVA6QRJ8TFdjWV/
J7rtq64Z//EpcDJ1B/c7PA==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIGiTCCBDigAwIBAgIDAQABMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTgyNDIwWhcNNDUxMDIy
MTgyNDIwWjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJU0VWLU1pbGFuMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAnU2drrNTfbhNQIllf+W2y+ROCbSzId1aKZft
2T9zjZQOzjGccl17i1mIKWl7NTcB0VYXt3JxZSzOZjsjLNVAEN2MGj9TiedL+Qew
KZX0JmQEuYjm+WKksLtxgdLp9E7EZNwNDqV1r0qRP5tB8OWkyQbIdLeu4aCz7j/S
l1FkBytev9sbFGzt7cwnjzi9m7noqsk+uRVBp3+In35QPdcj8YflEmnHBNvuUDJh
LCJMW8KOjP6++Phbs3iCitJcANEtW4qTNFoKW3CHlbcSCjTM8KsNbUx3A8ek5EVL
jZWH1pt9E3TfpR6XyfQKnY6kl5aEIPwdW3eFYaqCFPrIo9pQT6WuDSP4JCYJbZne
KKIbZjzXkJt3NQG32EukYImBb9SCkm9+fS5LZFg9ojzubMX3+NkBoSXI7OPvnHMx
jup9mw5se6QUV7GqpCA2TNypolmuQ+cAaxV7JqHE8dl9pWf+Y3arb+9iiFCwFt4l
AlJw5D0CTRTC1Y5YWFDBCrA/vGnmTnqG8C+jjUAS7cjjR8q4OPhyDmJRPnaC/ZG5
uP0K0z6GoO/3uen9wqshCuHegLTpOeHEJRKrQFr4PVIwVOB0+ebO5FgoyOw43nyF
D5UKBDxEB4BKo/0uAiKHLRvvgLbORbU8KARIs1EoqEjmF8UtrmQWV2hUjwzqwvHF
ei8rPxMCAwEAAaOBozCBoDAdBgNVHQ4EFgQUO8ZuGCrD/T1iZEib47dHLLT8v/gw
HwYDVR0jBBgwFoAUhawa0UP3yKxV1MUdQUir1XhK1FMwEgYDVR0TAQH/BAgwBgEB
/wIBADAOBgNVHQ8BAf8EBAMCAQQwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cHM6Ly9r
ZHNpbnRmLmFtZC5jb20vdmNlay92MS9NaWxhbi9jcmwwRgYJKoZIhvcNAQEKMDmg
DzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKID
AgEwowMCAQEDggIBAIgeUQScAf3lDYqgWU1VtlDbmIN8S2dC5kmQzsZ/HtAjQnLE
PI1jh3gJbLxL6gf3K8jxctzOWnkYcbdfMOOr28KT35IaAR20rekKRFptTHhe+DFr
3AFzZLDD7cWK29/GpPitPJDKCvI7A4Ug06rk7J0zBe1fz/qe4i2/F12rvfwCGYhc
RxPy7QF3q8fR6GCJdB1UQ5SlwCjFxD4uezURztIlIAjMkt7DFvKRh+2zK+5plVGG
FsjDJtMz2ud9y0pvOE4j3dH5IW9jGxaSGStqNrabnnpF236ETr1/a43b8FFKL5QN
mt8Vr9xnXRpznqCRvqjr+kVrb6dlfuTlliXeQTMlBoRWFJORL8AcBJxGZ4K2mXft
l1jU5TLeh5KXL9NW7a/qAOIUs2FiOhqrtzAhJRg9Ij8QkQ9Pk+cKGzw6El3T3kFr
Eg6zkxmvMuabZOsdKfRkWfhH2ZKcTlDfmH1H0zq0Q2bG3uvaVdiCtFY1LlWyB38J
S2fNsR/Py6t5brEJCFNvzaDky6KeC4ion/cVgUai7zzS3bGQWzKDKU35SqNU2WkP
I8xCZ00WtIiKKFnXWUQxvlKmmgZBIYPe01zD0N8atFxmWiSnfJl690B9rJpNR/fI
ajxCW3Seiws6r1Zm+tCuVbMiNtpS9ThjNX4uve5thyfE2DgoxRFvY1CsoF5M
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy
MTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg
W41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta
1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2
SzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0
60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05
gmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg
bKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs
+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi
Qi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ
eTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18
fHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j
WhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI
rFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG
SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
AWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel
ETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw
STjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK
dHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq
zT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp
KGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e
pmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq
HnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh
3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn
JZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH
CViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4
AFZEAwoKCQ==
-----END CERTIFICATE-----

Binary file modified attestation-service/verifier/test_data/az-tdx-vtpm/hcl-report.bin
View file
Open in desktop
Binary file not shown.
Binary file modified attestation-service/verifier/test_data/az-tdx-vtpm/quote.bin
View file
Open in desktop
Binary file not shown.
Binary file modified attestation-service/verifier/test_data/az-tdx-vtpm/td-quote.bin
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion kbs/tools/client/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ base64.workspace = true
clap = { version = "4.0.29", features = ["derive"] }
env_logger.workspace = true
jwt-simple = "0.11.4"
kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "8b0dbeb", default-features = false }
kbs_protocol = { git = "https://github.com/confidential-containers/guest-components.git", rev = "21b2c536b4d6c5c1442b53916c908b54dde136e8", default-features = false }
log.workspace = true
reqwest = { version = "0.11.18", default-features = false, features = ["cookies", "json"] }
serde = { version = "1.0", features = ["derive"] }
Expand Down
Loading