AA/kbs_protocol: fix RCAR handshake protocol #406
Conversation
|
The test failure is as expected because the runtime data changes. |
| let runtime_data = json!({ | ||
| "tee-pubkey": tee_pubkey, | ||
| "nonce": challenge.nonce, | ||
| }); |
There was a problem hiding this comment.
is there a reason why to combine them? My expectation was to have it the same way it's implemented in #369
There was a problem hiding this comment.
no matter Nonce or tee pub key, they all are things whose integrity should be protected by binding the evidence. There must be more scenarios except for the two fields.
We use a json map here to have a standard way to organize them
There was a problem hiding this comment.
this contributes to the hashing problem we've talked about. it's not only what hash algorithm is used but also what data is hashed. this won't work well with Intel Trust Authority which makes me think that perhaps we are going to need AS specific cfg flags to decide how the reportdata needs to be generated by the attesters
There was a problem hiding this comment.
see the runtime data spec confidential-containers/trustee#259
This would be a good start to make runtime data usage more standard
There was a problem hiding this comment.
thanks! I saw it earlier but forgot to take a closer look. I'll do it today.
There was a problem hiding this comment.
LGTM. This seems closely tied to confidential-containers/trustee#259 but I guess we can implement that separately.
Before this commit, the tee-pubkey is not fully integrity-protected by binding the digest into the evidence. The update of this commit is aligned with the KBS side. Fixes confidential-containers#366 Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
fix-kbs-protocol
branch
from
b2f863f to
31895ec
Compare
The newest KBS uses a configuration file to launch. The new KBS image was built after merging commit confidential-containers/trustee@f141a78#diff-16118c763a8e72d853ec0c7c5d6e8355496c41d1b3da27bf0e4c432a2ea158a8 That commit updates the KBS side RCAR runtime data definition. Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
fix-kbs-protocol
branch
from
31895ec to
b4d7788
Compare
|
cc @mythi Is this PR now good to you? |
This is also a workaround. Once confidential-containers/guest-components#406 is merged, we will change the dep rev to upstream repo. Signed-off-by: Xynnn007 <[email protected]>
This is also a workaround. Once confidential-containers/guest-components#406 is merged, we will change the dep rev to upstream repo. Signed-off-by: Xynnn007 <[email protected]>
This is also a workaround. Once confidential-containers/guest-components#406 is merged, we will change the dep rev to upstream repo. Signed-off-by: Xynnn007 <[email protected]>
This is also a workaround. Once confidential-containers/guest-components#406 is merged, we will change the dep rev to upstream repo. Signed-off-by: Xynnn007 <[email protected]>
This is also a workaround. Once confidential-containers/guest-components#406 is merged, we will change the dep rev to upstream repo. Signed-off-by: Xynnn007 <[email protected]>
Before this commit, the tee-pubkey is not fully integrity-protected by binding the digest into the evidence. The update of this commit is aligned with the KBS side.
Fixes #366
cc @mythi