Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

attestation: add awsSEVSNP as new variant #1900

Merged
merged 8 commits into from
Jun 9, 2023
Merged

attestation: add awsSEVSNP as new variant #1900

merged 8 commits into from
Jun 9, 2023

Conversation

derpsteb
Copy link
Member

@derpsteb derpsteb commented Jun 8, 2023
edited
Loading

Proposed change(s)

  • Add awsSEVSNP as attestation variant. This does not include the attestation implementation. Instead, the standard awsNitroTPM attestation is used. A warning is printed during init and the config includes a warning comment.
  • Enable AMD-SEV-SNP machines by default when generating a new config. To change an existing config, specify awsSEVSNP as value for attestation.
  • Move internal/variant to internal/attestation/variant
  • Change the default region for AWS in our e2e tests. Clear measurements for awsSEVSNP during e2e tests.

Additional info

  • testrun 🟢 with image: ref/feat-aws-snp-attestation/stream/debug/v2.8.0-pre.0.20230608071806-582d3a0b5009
  • Will add feature label to the PR that adds attestation, as the feature should be completed with that PR.

Checklist

  • Add labels (e.g., for changelog category)
  • Link to Milestone

@derpsteb derpsteb added the no changelog Change won't be listed in release changelog label Jun 8, 2023
@derpsteb derpsteb added this to the v2.9.0 milestone Jun 8, 2023
@netlify
Copy link

netlify bot commented Jun 8, 2023
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit de3ce70
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/648326c5162e2a0007ab5c41

daniel-weisse
daniel-weisse requested changes Jun 9, 2023
View reviewed changes
cli/internal/cmd/configgenerate_test.go Outdated Show resolved Hide resolved
cli/internal/cmd/init.go Outdated Show resolved Hide resolved
cli/internal/cmd/log.go Outdated Show resolved Hide resolved
internal/attestation/aws/snp/issuer.go Outdated Show resolved Hide resolved
internal/attestation/aws/snp/issuer.go Outdated Show resolved Hide resolved
internal/attestation/aws/snp/issuer.go Outdated Show resolved Hide resolved
internal/attestation/aws/snp/snp.go Outdated
Comment on lines 7 to 15
/*
--------- WARNING! ---------
THIS PACKAGE DOES CURRENTLY NOT IMPLEMENT ANY SNP ATTESTATION.
It exists to implement required interfaces while implementing other parts of the AWS SNP attestation variant within Constellation.
----------------------------

# SNP
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/*
--------- WARNING! ---------
THIS PACKAGE DOES CURRENTLY NOT IMPLEMENT ANY SNP ATTESTATION.
It exists to implement required interfaces while implementing other parts of the AWS SNP attestation variant within Constellation.
----------------------------
# SNP
/*
--------- WARNING! ---------
THIS PACKAGE DOES CURRENTLY NOT IMPLEMENT ANY SNP ATTESTATION.
It exists to implement required interfaces while implementing other parts of the AWS SNP attestation variant within Constellation.
----------------------------
# SNP

Otherwise the formatting looks weird on the docs site.

This doc comment also still contains a lot of Azure specific information which should be updated for AWS

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed some Azure specific abbreviation from the bottom. Not sure what else you mean. Would be great if you could highlight that on your next pass if you still see something.

internal/attestation/aws/snp/validator.go Outdated Show resolved Hide resolved
internal/attestation/measurements/measurements_oss.go Outdated Show resolved Hide resolved
internal/config/config.go Show resolved Hide resolved
@derpsteb
variant: move into internal/attestation
cc4243b 
This makes the pkg's purpose more visible through it's import path.
@derpsteb
attesation: move aws attesation into subfolder nitrotpm
f6f90a8 
This is preparation for adding snp attesation.
@derpsteb
config: add aws-sev-snp variant
227b731 
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
@derpsteb
cli: add tf option to enable AWS SNP
d8a4949
@derpsteb
fixup! variant: move into internal/attestation
9a78d88 
fix readme link
@derpsteb
fixup! config: add aws-sev-snp variant
0bf4727 
fix config_test.go
@derpsteb
fixup! config: add aws-sev-snp variant
4a3cf86 
add image measurements
@derpsteb
Address feedback
de3ce70 
* do not extend debugLogger interface
* use cmd.PrintErr to print warnings
* adapt comments
* do not use log.fatalf
@derpsteb derpsteb merged commit 8f21972 into main Jun 9, 2023
@derpsteb derpsteb deleted the feat/aws/snp-attestation branch June 9, 2023 13:41
elchead pushed a commit that referenced this pull request Jun 12, 2023
@derpsteb @elchead
attestation: add awsSEVSNP as new variant (#1900)
a647191 
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
@derpsteb derpsteb mentioned this pull request Jun 13, 2023
Merged
2 tasks
@derpsteb derpsteb added feature This introduces new functionality and removed no changelog Change won't be listed in release changelog labels Jul 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniel-weisse daniel-weisse daniel-weisse approved these changes

@thomasten thomasten Awaiting requested review from thomasten thomasten is a code owner

@katexochen katexochen Awaiting requested review from katexochen

@3u13r 3u13r Awaiting requested review from 3u13r 3u13r is a code owner

Assignees
No one assigned
Labels
feature This introduces new functionality
Projects
None yet
Milestone
v2.9.0
Development

Successfully merging this pull request may close these issues.
2 participants
@derpsteb @daniel-weisse