forked from confidential-containers/trustee
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Qi Feng Huo <[email protected]>
- Loading branch information
Qi Feng Huo
committed
Jun 12, 2024
1 parent
3dfbfb3
commit c977a32
Showing
12 changed files
with
240 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| # Deployment of IBM SE verifier | ||
|
|
||
| ## Generate EC keys | ||
| ``` | ||
| openssl ecparam -list_curves |grep secp521r1 | ||
| openssl genpkey -algorithm EC -out encrypt_key.pem -pkeyopt ec_paramgen_curve:secp521r1 | ||
| openssl ec -in encrypt_key.pem -pubout -out encrypt_key.pub | ||
| ``` | ||
|
|
||
| ## Download Certs, CRLs, Root CA | ||
| https://www.ibm.com/support/resourcelink/api/content/public/secure-execution-gen2.html | ||
|
|
||
| ### Certs | ||
| ibm-z-host-key-signing-gen2.crt | ||
|
|
||
| ### CRL | ||
| ibm-z-host-key-gen2.crl (1KB) | ||
|
|
||
| ### Root CA | ||
| DigiCertCA.crt | ||
|
|
||
| ## Download HKD | ||
| https://www.ibm.com/docs/en/linux-on-z?topic=execution-verify-host-key-document | ||
|
|
||
| ## Get SE Header | ||
| https://github.com/ibm-s390-linux/s390-tools/blob/v2.33.1/rust/pvattest/tools/pvextract-hdr | ||
| ``` | ||
| ./pvextract-hdr -o hdr.bin se.img | ||
| ``` | ||
|
|
||
| ## Generate KBS key | ||
| ``` | ||
| openssl genpkey -algorithm ed25519 > kbs.key | ||
| openssl pkey -in kbs.key -pubout -out kbs.pem | ||
| ``` | ||
|
|
||
| ## Launch KBS with mount via docker-compose | ||
| ``` | ||
| cd ../test_data/se/ | ||
| docker-compose up -d | ||
| docker-compose logs web | ||
| docker-compose down | ||
| ``` | ||
|
|
||
| ## Expose the KBS endpoint | ||
|
|
38 changes: 38 additions & 0 deletions
38
attestation-service/verifier/test_data/se/data/DigiCertCA.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBi | ||
| MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 | ||
| d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg | ||
| RzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJV | ||
| UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy | ||
| dXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIIC | ||
| IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1 | ||
| M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZ | ||
| wZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI | ||
| 8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGi | ||
| TUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLm | ||
| ysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3S | ||
| vUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tv | ||
| k2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+ | ||
| 960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3s | ||
| MJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FK | ||
| PkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1H | ||
| s/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAw | ||
| HQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LS | ||
| cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF | ||
| BQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp | ||
| Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu | ||
| Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy | ||
| aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j | ||
| cmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQAD | ||
| ggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L | ||
| /Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHV | ||
| UHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rd | ||
| KOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK | ||
| 6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43N | ||
| b3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4Z | ||
| XDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvm | ||
| oLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8 | ||
| y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMM | ||
| B0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+F | ||
| SCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO | ||
| -----END CERTIFICATE----- |
44 changes: 44 additions & 0 deletions
44
attestation-service/verifier/test_data/se/data/certs/ibm-z-host-key-signing-gen2.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIHwTCCBamgAwIBAgIQC6fTuiqP3l1R75g66XCXJDANBgkqhkiG9w0BAQsFADBp | ||
| MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT | ||
| OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0 | ||
| IDIwMjEgQ0ExMB4XDTI0MDMwNjAwMDAwMFoXDTI3MDQwMTIzNTk1OVowgcgxCzAJ | ||
| BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw | ||
| MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0 | ||
| aW9uMSkwJwYDVQQLEyBJQk0gWjE2IEhvc3QgS2V5IFNpZ25pbmcgU2VydmljZTE0 | ||
| MDIGA1UEAxMrSW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3Jh | ||
| dGlvbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL+UwDJ8Tj65bFzT | ||
| JlnPZ8wllGSGgsGGxtFSvBkN0NgWjFOCIWtIN/onDvQzKcSES7fWi7u+DS/zuSON | ||
| E+9uzKIALj4QSnqXc3D1Li3rvoPyTJPyv4wc84tUrwK3JHEGyNP8x2u0Lr2+pmEb | ||
| SmKZAg2bJNW//DDNRekXG1ZmPOodIdiVjk/gVFjluSInAQn2Noe546PNfeyRri90 | ||
| GwsWj0rfzojOG3Z2WBl7lIbdpNfAaWTyzUWZRHAd2C82+dpbB5LFtYq+eCzf0wwi | ||
| ouZd9zP1JBEABPLfc/fQeq5Yrxn2sj9dltqUdxuCJ6cRrpWaNvUsw/hur27/RKrL | ||
| AAEltvT1OsMvBHESw/xfdNhCqclVSSOKzZlppfuNUQZMg/qDhqk/brxD9ea4hcEM | ||
| aHk7PnRXRDL0fFbeIFhjh3g2gSeLf/X4Hh0B+ofsTGOobuDQFAGYRRDABH922lBN | ||
| Z0ZmiV40B3OIaAvlsPgiOSK418Rn1ukLvfyxTS4ZrlPhOrEv73PHJ/9mjuamdDTm | ||
| HHGxPpcb1PBcmtH9i+KIw7944d5iE1pzuH/jaftXREukCkWaVc07pxDT5ZcTmJWp | ||
| jK29IkwtwfssFRn3oeGgGwtQTSyCCvxc2WwOb389KwblSl9DwBDc6XVKFY4yPwYd | ||
| feCSpPhJvlS0titsNNODo29ECvnRAgMBAAGjggIDMIIB/zAfBgNVHSMEGDAWgBRo | ||
| N+Drtjv4XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUk7tsttHZWKqGUI6MNgTnwvOV | ||
| JnswPgYDVR0gBDcwNTAzBgZngQwBBAEwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3 | ||
| dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr | ||
| BgEFBQcDAzCBtQYDVR0fBIGtMIGqMFOgUaBPhk1odHRwOi8vY3JsMy5kaWdpY2Vy | ||
| dC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQy | ||
| MDIxQ0ExLmNybDBToFGgT4ZNaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lD | ||
| ZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmww | ||
| gZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp | ||
| Y2VydC5jb20wXAYIKwYBBQUHMAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv | ||
| bS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFD | ||
| QTEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBAAKCtV584RyMKNhX | ||
| DQkRNaiufA3JUmBGQXSL8u1IkZdeq2sA2rrikXwwpck2UlDi2uBAgWgqqsQl0wtQ | ||
| 2MpOD0C7Blhn1jOlbpfXo0I0DCqM81krCcpi9QnouiboFooEMNior6i7emXcXO7l | ||
| vynlwBY675MBdiXl+dFiKElQWRnL1W72CaH2bIy4TT3M0wZTj1nIi0+Zu+y+Zrnd | ||
| Si2rYOtOFqS8OcwpZlg4WhwhTVdStWS4o6L/o+a920n+mdRY9ueqfvUbYtQthcId | ||
| Qa/3oAKcELzsfFZQeryf6ONinDYcsYraYbbl4OURvrGJY1N2jLg7U+kMw4PmWAh7 | ||
| QNhrCCY6C8RsMfepgezWhPplMuf+eqL5fu1v9tot925Pp+hMsblq2O6LKcWZVYV+ | ||
| h9xgG/w8VVzCFUJ1MMjg/797cOqqGd/7pkwfJj8eKwqlgyCW+MCSF2Pb72ndr7gt | ||
| RPG2DKGxFyqvgAw26Mb9nu9zoXFprySed5qCAlyY7y/x+cvDQID+QnNaLf4XLCUI | ||
| R7yI4fiblxDxKEDNSgJzq0SrnoQgltdpIgs7rUCa33rLBGasd+fpCaOySksh0LrJ | ||
| Cg7zmg7Jm4LCB2qI4FYX6m1wayaeAaT/S9pJL2kuOBUzeqM20GjEW66JhHJDWrH5 | ||
| c0fo5JTIx4VeKkcPISJkORP7J6Yu | ||
| -----END CERTIFICATE----- |
23 changes: 23 additions & 0 deletions
23
attestation-service/verifier/test_data/se/data/crls/ibm-z-host-key-gen2.crl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| -----BEGIN X509 CRL----- | ||
| MIIDwzCCAasCAQEwDQYJKoZIhvcNAQENBQAwgc4xCzAJBgNVBAYTAlVTMTQwMgYD | ||
| VQQKDCtJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0aW9u | ||
| MSkwJwYDVQQLDCBJQk0gWjE2IEhvc3QgS2V5IFNpZ25pbmcgU2VydmljZTEVMBMG | ||
| A1UEBwwMUG91Z2hrZWVwc2llMREwDwYDVQQIDAhOZXcgWW9yazE0MDIGA1UEAwwr | ||
| SW50ZXJuYXRpb25hbCBCdXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbhcNMjQw | ||
| NTE0MDQwMDAxWhcNMjQwNjE2MDQwMDAwWqCBpzCBpDCBlQYDVR0cAQH/BIGKMIGH | ||
| oIGBoH+GfWh0dHBzOi8vd3d3LmlibS5jb20vc2VydmVycy9yZXNvdXJjZWxpbmsv | ||
| bGliMDMwNjAubnNmL3BhZ2VzL0lCTS1TZWN1cmUtRXhlY3V0aW9uLWZvci1MaW51 | ||
| eC1nZW4yLyRmaWxlL2libS16LWhvc3Qta2V5LWdlbjIuY3JsgQEBMAoGA1UdFAQD | ||
| AgEXMA0GCSqGSIb3DQEBDQUAA4ICAQBDqCtTd5T10j3lM2zRmL4vCWCIxyq6DpX2 | ||
| yHr6cv7+UbZyXhVYaH1H2Xj/ECBhUGbsvGQisppPSsqwTCwlnZi0JpsMbbQY6s9U | ||
| rfQoklzhvF5vps51Xm3mthIUJ7IHpa1buLFiGZxdvU/Ibb7vODfLnaXq26QZnv9P | ||
| DGdYl8Qy+KdKoLcbyBv7pamC1lEOvbE8chdpGwkMRnrb30vxymu8ltrUSc74lQYo | ||
| bEiAR2bSXbEPGT3m8tsW32QFTiSzBDBttOQPdal/mdBWG/BGYtMZxusB6DqLlUSw | ||
| 4CLHBEy7odGRUplYo3Y+rBq71UbgEkn/2jwAKGBibdqtuDK/IYtlYPBK61aiIdt2 | ||
| S7xl2xC3IO5PC8TZzfXHMThns/pPLQ6g7ZSkxrdG8Aao6Gve4oOT5WVrKXVhYFDG | ||
| mQoSxKcXG9khoIOO5cEgzaJRJ2EqnmrANvneIsEIPLaZI1lXZMSkf4cX2Hf6a7rD | ||
| Et9/9vBuryIRZf9mM7TMNrU7vU0q7y4FT9q7HAYXX2EcNrQSSJW1BiHxhOnJUZWx | ||
| //8Jfn6HczCO8Bk4y67zTYDWAfFo3toEg2EEd/uKSBBY443MbIEguOO34W54n2eI | ||
| azLd+lvyDFP9jH5VmZ9P08YmXB1GpMYydZ//rH4VyoSkCEZ91/FXttRgvPC5GGI8 | ||
| NPH+VLPnUQ== | ||
| -----END X509 CRL----- |
8 changes: 8 additions & 0 deletions
8
attestation-service/verifier/test_data/se/data/ec-key/encrypt_key.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA6CLDuZEOhX6iWRm/ | ||
| bFhGpDTEVQ/cyT32400FA4obDy41Xd/Xy6f+AxkNgHxHPOkB1otpfAkBCuBwD5Iw | ||
| jx60WoahgYkDgYYABAG2HIlmp1vWwfZodSPa9OLA3/l4tiej070JOI8589IUuxzW | ||
| XSzUsZYbdlJ0sadQP2VjoOkAB9AlnMTZDyGPAo+fXwEUfoKvmRNlc5iVqqPy2I8g | ||
| roBq5meTtPlvQjYbv78MeKSbpuK0ovaw9f60pj4aN1VuirseN4uspegxRJZuFxEv | ||
| Wg== | ||
| -----END PRIVATE KEY----- |
6 changes: 6 additions & 0 deletions
6
attestation-service/verifier/test_data/se/data/ec-key/encrypt_key.pub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| -----BEGIN PUBLIC KEY----- | ||
| MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBthyJZqdb1sH2aHUj2vTiwN/5eLYn | ||
| o9O9CTiPOfPSFLsc1l0s1LGWG3ZSdLGnUD9lY6DpAAfQJZzE2Q8hjwKPn18BFH6C | ||
| r5kTZXOYlaqj8tiPIK6AauZnk7T5b0I2G7+/DHikm6bitKL2sPX+tKY+GjdVboq7 | ||
| HjeLrKXoMUSWbhcRL1o= | ||
| -----END PUBLIC KEY----- |
Binary file not shown.
24 changes: 24 additions & 0 deletions
24
attestation-service/verifier/test_data/se/data/hkds/HKD-3931-0275D38.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIID7jCCAdagAwIBAgIJBFlsRgUYzLtIMA0GCSqGSIb3DQEBDQUAMGMxCzAJBgNV | ||
| BAYTAlVTMQwwCgYDVQQKDANJQk0xEDAOBgNVBAsMB1Rlc3RpbmcxDDAKBgNVBAcM | ||
| A1BPSzELMAkGA1UECAwCTlkxGTAXBgNVBAMMEFFTYWZlIEhLIHNpZ25pbmcwHhcN | ||
| MjQwMjI4MTAzNjE4WhcNMjUwMjI3MTAzNjE4WjBbMQswCQYDVQQGEwJVUzEMMAoG | ||
| A1UECgwDSUJNMRAwDgYDVQQLDAdUZXN0aW5nMQwwCgYDVQQHDANQT0sxCzAJBgNV | ||
| BAgMAk5ZMREwDwYDVQQDDAhRc2FmZSBISzCBmzAQBgcqhkjOPQIBBgUrgQQAIwOB | ||
| hgAEAIs8F4mItSnho7Wx/ngnZTfsQ9LtSchfKvc1r6Op5vNKGOuiuJ30GTOZUoZD | ||
| M/MqioakC4EB0cpSTllh6qrYuxz2AUHgstGQNAFctkCKE3GqMEuFrcgazUvbV4JD | ||
| NXSl/KB6uaKCgAeOuxw37+WkWaUpNOvpsh/dCjZ3pJeWYjv92r6BozUwMzAOBgNV | ||
| HQ8BAf8EBAMCAwgwIQYDVR0fBBowGDAWoBSgEoYQaHR0cDovL3NvbWV3aGVyZTAN | ||
| BgkqhkiG9w0BAQ0FAAOCAgEAas/Vg/xdwA3BqroBY+aRAfd6hwMNdVjbooYjga9M | ||
| WeM6zDW+JOPuVYWij/yWGvRzKrmxwdpDrlEwQNFvh9uiwZorv6PCMnrF0Qprdwyl | ||
| rvUzwXV28xrRgJtCpU5PDw2NSXZse7nsZD9zxtEYu8RywhtVO6LnXViAeTZLn1jK | ||
| LMc+P1FlEA/+aVmNT3hr+sfFTDKn1oP4RbYJy4T9cbIGRgtRWpMyQaSqEX1bPytW | ||
| ZjdK+LU55bZceAIrfR0um+gGSB+rRdyDQU0g9BS0dDXxVhDkzKVrD/UG2dqXd106 | ||
| Q3JeuROVwdd55dvwD5b+UmSS52oRlmTff1uJg6BF6tHWP7zh5rqLJdH3ds5AfITb | ||
| 2tHK3M1KhwIivbtBzogWH+LaxEF3n5V2FCc8bx92zB81IhKycSLnmE9OZ602d/0j | ||
| BCU0hkh8BZS7o6A3sTHZHFh65jjFwRMQSDY43MLeNBWhdX8ymOcuiwVPWsHrrIBK | ||
| w01nAbpR4IedQgwc0SJtExsqWKGS6OEyaDV5QcZh97/PA8ddBmsaJyZESJuwj1hp | ||
| hq6jU/NtOT/J33vnoO0UWX8FaX58+4MCG638/fatMsdCUmt1OTw1b9Qry/p7pn56 | ||
| 53FvYE30z1G7Arsu7LzTaz8EfLzQ57MVKb9cj2/NKzqhh5PMIb+9SdznQGuDqj5F | ||
| ++c= | ||
| -----END CERTIFICATE----- |
25 changes: 25 additions & 0 deletions
25
attestation-service/verifier/test_data/se/docker-compose.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| services: | ||
| web: | ||
| image: ghcr.io/confidential-containers/staged-images/kbs:3dfbfb357f3f932211e6cc0840b62c76f16883d5 | ||
| command: [ | ||
| "/usr/local/bin/kbs", | ||
| "--config-file", | ||
| "/etc/kbs-config.toml", | ||
| ] | ||
| restart: always # keep the server running | ||
| environment: | ||
| - RUST_LOG=debug | ||
| ports: | ||
| - "8080:8080" | ||
| volumes: | ||
| - ./data/kbs-storage:/opt/confidential-containers/kbs/repository:rw | ||
| - ./data/attestation-service:/opt/confidential-containers/attestation-service:rw | ||
| - ./kbs.pem:/kbs/kbs.pem | ||
| - ./kbs-config.toml:/etc/kbs-config.toml | ||
| - ./data/hkds:/run/confidential-containers/ibmse/hkds | ||
| - ./data/certs:/run/confidential-containers/ibmse/certs | ||
| - ./data/DigiCertCA.crt:/run/confidential-containers/ibmse/certs/ca | ||
| - ./data/crls:/run/confidential-containers/ibmse/crls | ||
| - ./data/hdr.bin:/run/confidential-containers/ibmse/hdr/hdr.bin | ||
| - ./data/ec-key/encrypt_key.pem:/run/confidential-containers/ibmse/ec/encrypt_key.pem | ||
| - ./data/ec-key/encrypt_key.pub:/run/confidential-containers/ibmse/ec/encrypt_key.pub |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| sockets = ["0.0.0.0:8080"] | ||
| auth_public_key = "/kbs/kbs.pem" | ||
| # Ideally we should use some solution like cert-manager to issue let's encrypt based certificate: | ||
| # https://cert-manager.io/docs/configuration/acme/ | ||
| insecure_http = true | ||
|
|
||
| [attestation_token_config] | ||
| attestation_token_type = "CoCo" | ||
|
|
||
| [as_config] | ||
| work_dir = "/opt/confidential-containers/attestation-service" | ||
| policy_engine = "opa" | ||
| attestation_token_broker = "Simple" | ||
|
|
||
| [as_config.attestation_token_config] | ||
| duration_min = 5 | ||
|
|
||
| [as_config.rvps_config] | ||
| store_type = "LocalFs" | ||
| remote_addr = "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MC4CAQAwBQYDK2VwBCIEIEtIV3vl2DzJ0g6G1Cx2xdnDGw7XHt/feOOwxupdfLU0 | ||
| -----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| -----BEGIN PUBLIC KEY----- | ||
| MCowBQYDK2VwAyEAoV1QxPhILBdL8KMgrz0CPdNA7EP86ReN9VsmUNoqOYk= | ||
| -----END PUBLIC KEY----- |