From 34f7614ccb62c072e4181daa6f26c9656b06afa8 Mon Sep 17 00:00:00 2001 From: Qi Feng Huo Date: Tue, 13 Aug 2024 16:59:39 +0800 Subject: [PATCH] ibmse: update readme to reflect initdata change Update readme for initdata and se.user_data field in attestation policy Signed-off-by: Qi Feng Huo --- deps/verifier/src/se/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deps/verifier/src/se/README.md b/deps/verifier/src/se/README.md index 11cde22f2..0ee09c088 100644 --- a/deps/verifier/src/se/README.md +++ b/deps/verifier/src/se/README.md @@ -241,13 +241,13 @@ allow if { input["se.attestation_phkh"] == "xxx" input["se.image_phkh"] == "xxx" input["se.tag"] == "xxx" - input["se.user_data"] == "00" + input["se.user_data"] == "xxx" converted_version == "256" } EOF ``` -Where the values come from [retrive-the-rvps-field-for-an-ibm-se-image](#retrive-the-rvps-field-for-an-ibm-se-image) +Where the values `se.version`, `se.attestation_phkh`, `se.image_phkh` and `se.tag` come from [retrive-the-rvps-field-for-an-ibm-se-image](#retrive-the-rvps-field-for-an-ibm-se-image). The value `se.user_data` comes from [initdata](https://github.com/confidential-containers/cloud-api-adaptor/blob/main/src/cloud-api-adaptor/docs/initdata.md). Please remove `input["se.user_data"] == "xxx"` if `initdata` is not used. #### Set the attestation policy ```bash