token: allow KBS to verify Azure VTPM token

Added new entry in default extra tee token paths for Azure VTPM ITA Signed-off-by: Pawel Proskurnicki <[email protected]>
pawelpros · Dec 16, 2024 · eea2f2f · eea2f2f
1 parent c3e1d5c
commit eea2f2f
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/kbs/src/token/mod.rs b/kbs/src/token/mod.rs
@@ -16,6 +16,7 @@ pub const TOKEN_TEE_PUBKEY_PATH_ITA: &str = "/attester_runtime_data/tee-pubkey";
 pub const TOKEN_TEE_PUBKEY_PATH_COCO: &str = "/customized_claims/runtime_data/tee-pubkey";
 pub const TOKEN_TEE_PUBKEY_PATH_EAR: &str =
     "/submods/cpu/ear.veraison.annotated-evidence/runtime_data_claims/tee-pubkey";
+pub const TOKEN_TEE_PUBKEY_PATH_ITA_VTPM: &str = "/attester_user_data/tee-pubkey";
 
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct AttestationTokenVerifierConfig {
@@ -79,6 +80,7 @@ impl TokenVerifier {
         extra_teekey_paths.push(TOKEN_TEE_PUBKEY_PATH_ITA.into());
         extra_teekey_paths.push(TOKEN_TEE_PUBKEY_PATH_COCO.into());
         extra_teekey_paths.push(TOKEN_TEE_PUBKEY_PATH_EAR.into());
+        extra_teekey_paths.push(TOKEN_TEE_PUBKEY_PATH_ITA_VTPM.into());
 
         Ok(Self {
             verifier,