Update GPU attestation support

Signed-off-by: Jiale Zhang <[email protected]>
openanolis · Jan 20, 2025 · 4319292 · 4319292
1 parent fc2e160
commit 4319292
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/attestation-service/docker/as-grpc/Dockerfile b/attestation-service/docker/as-grpc/Dockerfile
@@ -40,7 +40,7 @@ RUN python3.11 -m pip install /usr/verifier-1.3.0-py3-none-any.whl
 RUN python3.11 -m pip install /usr/nv_attestation_sdk-1.3.0-py3-none-any.whl
 
 # Install NV Attestation Default Token validation policy
-COPY --from=builder /usr/src/attestation-service/deps/verifier/test_data/NVGPULocalPolicyDefault.json /opt/confidential-containers/attestation-service
+COPY --from=builder /usr/src/attestation-service/deps/verifier/test_data/NVGPULocalPolicyDefault.json /usr/
 
 RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
     echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \

diff --git a/attestation-service/docker/as-restful/Dockerfile b/attestation-service/docker/as-restful/Dockerfile
@@ -39,7 +39,7 @@ RUN python3.11 -m pip install /usr/verifier-1.3.0-py3-none-any.whl
 RUN python3.11 -m pip install /usr/nv_attestation_sdk-1.3.0-py3-none-any.whl
 
 # Install NV Attestation Default Token validation policy
-COPY --from=builder /usr/src/attestation-service/deps/verifier/test_data/NVGPULocalPolicyDefault.json /opt/confidential-containers/attestation-service
+COPY --from=builder /usr/src/attestation-service/deps/verifier/test_data/NVGPULocalPolicyDefault.json /usr/
 
 RUN if [ "${ARCH}" = "x86_64" ]; then curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | tee intel-sgx-deb.key | apt-key add - && \
     echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \

diff --git a/deps/verifier/src/tdx/mod.rs b/deps/verifier/src/tdx/mod.rs
@@ -19,7 +19,7 @@ pub(crate) mod claims;
 pub mod eventlog;
 pub(crate) mod quote;
 
-const GPU_POLICY_FILE_PATH: &str = "/opt/confidential-containers/attestation-service/NVGPULocalPolicyDefault.json";
+const GPU_POLICY_FILE_PATH: &str = "/usr/NVGPULocalPolicyDefault.json";
 
 #[derive(Serialize, Deserialize, Debug)]
 struct TdxEvidence {