Skip to content

Commit

Permalink
Adding Turin support and updating ASK cn
Browse files Browse the repository at this point in the history 
Adding Turin support for certificate fetching.

A recent update to the CA certificates changed the name of the ASK common name to SEV-<processor name>,
we added that option to our parser so that certificate verfication still works.

Signed-off-by: DGonzalezVillal <[email protected]>
  • Loading branch information
@DGonzalezVillal @tylerfanelli
DGonzalezVillal authored and tylerfanelli committed Nov 7, 2024
1 parent 636e734 commit 0ba1ab5
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 12 additions & 2 deletions src/fetch.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ pub enum ProcType {

/// 4th Gen AMD EPYC Processor (Edge)
Siena,

/// 5th Gen AMD EPYC Processor (Standard)
Turin,
}

impl ProcType {
Expand All @@ -84,6 +87,7 @@ impl FromStr for ProcType {
"genoa" => Ok(ProcType::Genoa),
"bergamo" => Ok(ProcType::Bergamo),
"siena" => Ok(ProcType::Siena),
"turin" => Ok(ProcType::Turin),
_ => Err(anyhow::anyhow!("Processor type not found!")),
}
}
Expand All @@ -96,6 +100,7 @@ impl fmt::Display for ProcType {
ProcType::Genoa => write!(f, "Genoa"),
ProcType::Bergamo => write!(f, "Bergamo"),
ProcType::Siena => write!(f, "Siena"),
ProcType::Turin => write!(f, "Turin"),
}
}
}
Expand Down Expand Up @@ -236,8 +241,13 @@ mod vcek {
report::read_report(att_report_path).context("Could not open attestation report")?
};

// Use attestation report to get data for URL
let hw_id: String = hex::encode(att_report.chip_id);
let hw_id: String = match processor_model {
ProcType::Turin => {
let shorter_bytes: &[u8] = &att_report.chip_id[0..8];
hex::encode(shorter_bytes)
}
_ => hex::encode(att_report.chip_id),
};

let vcek_url: String = format!(
"{KDS_CERT_SITE}{KDS_VCEK}/{}/\
Expand Down
2 changes: 1 addition & 1 deletion src/verify.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ mod attestation {
{
match val.to_lowercase() {
x if x.contains("ark") => Ok(CertType::ARK),
x if x.contains("ask") => Ok(CertType::ASK),
x if x.contains("ask") | x.contains("sev") => Ok(CertType::ASK),
x if x.contains("vcek") => Ok(CertType::VCEK),
x if x.contains("vlek") => Ok(CertType::VLEK),
x if x.contains("crl") => Ok(CertType::CRL),
Expand Down

0 comments on commit 0ba1ab5

Please sign in to comment.