Moved attestation endpoint selection to GetToken. #43
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arvind5
force-pushed
the
42-calling-the-gettoken-method-on-connector-results-in-empty-path-and-403
branch
from
754147f to
1cf93de
Compare
arvind5
force-pushed
the
42-calling-the-gettoken-method-on-connector-results-in-empty-path-and-403
branch
from
b59178b to
ea39ab7
Compare
…results-in-empty-path-and-403
yzz127
added a commit
to yzz127/trustauthority-client-for-go
that referenced
this pull request
Mar 5, 2025
yzz127
added a commit
to yzz127/trustauthority-client-for-go
that referenced
this pull request
Mar 5, 2025
* CASSINI-8033: Support Azure TDX report generation in Amber client CLI (intel#43) * update README * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * Updated Azure adapter per TDX1.4 preview. * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * parent e50e871 author Kent Thompson <kent.thompson@intel.com> 1713878404 -0700 committer Thompson, Kent <kent.thompson@intel.com> 1726324756 -0700 Azure TDX+vTPM composite attestation (#125) * Draft changes for TDX/TPM composite attestation. * Help correction. * Misc code clean up. * Misc cleanup * Add pcr selection, additional refactoring of TPM/adapter. * Owner auth, request-ids, token signing alg. * Updates while debugging against poc/tpm_with_coordinator-main-rebase cc75186c. * Minor changes Add user-data/verifier-nonce handling Miscellaneous fixes from debugging. Add sleep to workaround Azure bug. Adjust the name of user_data/nonce. Wire up misc command line options into request body. Refactor TPM/vTPM and composite attestation. Revive "evidence" command (by popular demand). Correct command line usage (--aztdx vs. --tdx). Fix incorrect error handling in TPM adapter. Enable checkmarx check in CI Bump CLI version. CI updates. Unit test correction. Unit test corrections. Cassini 21810 -- README files for AZ-TDX/vTPM preview (#139) * Initial commit for TPM readmes. * Changes from first review feedback; ready for final review. * Fix typo --------- Co-authored-by: Thompson, Kent <kent.thompson@intel.com> Miscellaneous fixes made during "physical-tpm" validation. (#144) * CASSINI-21986: Remove 3 second sleep from azure adapter. * Misc fixes, unit tests and comment updates. * Correction. * Address pull request comments. CASSINI-21986: Remove 3 second sleep from azure adapter. Correction. Address pull request comments. Address pull request comments. Remove info message when writing to NV ram. Remove info/time from logrus messages when used in trustauthority-cli. Clean up comment. Consistently print '0x' and hex for TPM handles. * Misc alignment with main branch. * Refactor cli for composite attestation. * Add mockTdxAdapter for unit-tests. * Unit test correction. * Additional unit-test coverage. * Additional unit-test coverage. * Additional unit-tests. * Additional unit-test coverage. * Misc changes from pull request. * Address pull request comments. * Rollback readme changes (to be addressed in CASSINI-23226). * Report request-id if a failure occurs in the evidence builder. * Rename EvidenceProvider2 to CompositeEvidenceAdapter. * Remove "canonical" from structs/files. --------- Co-authored-by: Yanhui Zhao <wildyz.yky@gmail.com> Co-authored-by: Jerry Yu <jerry.yu@intel.com> Co-authored-by: arvind5 <arvind.rawat@intel.com>
yzz127
added a commit
to yzz127/trustauthority-client-for-go
that referenced
this pull request
Mar 5, 2025
* CASSINI-8033: Support Azure TDX report generation in Amber client CLI (intel#43) * Updated Azure adapter per TDX1.4 preview. * resolve tpm read issue - paravisor only update report when read full region Signed-off-by: Jerry Yu <jerry.yu@intel.com> * Removed GET nonce call to TrustAuthority. * update README * define nv index 0x1400002 if not yet Signed-off-by: Jerry Yu <jerry.yu@intel.com> * verify user data hash in the evidence Ensure the collected evidence matches the user data(hash) provided to the vTPM * use nonce to validate the evidence freshness * print out base64 encoded evidence (#97) Signed-off-by: Jerry Yu <jerry.yu@intel.com> * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * Add sleep time of 3 sec to reflect user data in runtime data. * Updated Azure adapter per TDX1.4 preview. * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * parent e50e871 author Kent Thompson <kent.thompson@intel.com> 1713878404 -0700 committer Thompson, Kent <kent.thompson@intel.com> 1726845567 -0700 Azure TDX+vTPM composite attestation (#125) * Draft changes for TDX/TPM composite attestation. * Help correction. * Misc code clean up. * Misc cleanup * Add pcr selection, additional refactoring of TPM/adapter. * Owner auth, request-ids, token signing alg. * Updates while debugging against poc/tpm_with_coordinator-main-rebase cc75186c. * Minor changes Add user-data/verifier-nonce handling Miscellaneous fixes from debugging. Add sleep to workaround Azure bug. Adjust the name of user_data/nonce. Wire up misc command line options into request body. Refactor TPM/vTPM and composite attestation. Revive "evidence" command (by popular demand). Correct command line usage (--aztdx vs. --tdx). Fix incorrect error handling in TPM adapter. Enable checkmarx check in CI Bump CLI version. CI updates. Unit test correction. Unit test corrections. Cassini 21810 -- README files for AZ-TDX/vTPM preview (#139) * Initial commit for TPM readmes. * Changes from first review feedback; ready for final review. * Fix typo --------- Co-authored-by: Thompson, Kent <kent.thompson@intel.com> Miscellaneous fixes made during "physical-tpm" validation. (#144) * CASSINI-21986: Remove 3 second sleep from azure adapter. * Misc fixes, unit tests and comment updates. * Correction. * Address pull request comments. CASSINI-21986: Remove 3 second sleep from azure adapter. Correction. Address pull request comments. Address pull request comments. Remove info message when writing to NV ram. Remove info/time from logrus messages when used in trustauthority-cli. Clean up comment. Consistently print '0x' and hex for TPM handles. WIP IMA changes. Better error reporting for ima log failures. Misc changes while debuging end-to-end. WIP Corrections for IMA demo. WIP event-log changes. CASSINI-21894: Event-log filtering. Evidence json correction. Fixes issue with TCG event-log header verification. * Additional unit test coverage. * Correction. * Address PR comment. * Add mock tpm adapter for unit tests. --------- Signed-off-by: Jerry Yu <jerry.yu@intel.com> Co-authored-by: Yanhui Zhao <wildyz.yky@gmail.com> Co-authored-by: Rawat, Arvind <arvind.rawat@intel.com> Co-authored-by: Jerry Yu <jerry.yu@intel.com>
yzz127
added a commit
to yzz127/trustauthority-client-for-go
that referenced
this pull request
Mar 5, 2025
* CASSINI-8033: Support Azure TDX report generation in Amber client CLI (intel#43) * Updated Azure adapter per TDX1.4 preview. * resolve tpm read issue - paravisor only update report when read full region Signed-off-by: Jerry Yu <jerry.yu@intel.com> * Removed GET nonce call to TrustAuthority. * update README * define nv index 0x1400002 if not yet Signed-off-by: Jerry Yu <jerry.yu@intel.com> * verify user data hash in the evidence Ensure the collected evidence matches the user data(hash) provided to the vTPM * use nonce to validate the evidence freshness * print out base64 encoded evidence (#97) Signed-off-by: Jerry Yu <jerry.yu@intel.com> * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * Add sleep time of 3 sec to reflect user data in runtime data. * Updated Azure adapter per TDX1.4 preview. * Modified Connector to use new attestation end-point for Azure tdvm. (#100) * Azure TDX+vTPM composite attestation (#125) * Draft changes for TDX/TPM composite attestation. * Help correction. * Misc code clean up. * Misc cleanup * Add pcr selection, additional refactoring of TPM/adapter. * Owner auth, request-ids, token signing alg. * Updates while debugging against poc/tpm_with_coordinator-main-rebase cc75186c. * Minor changes * Add user-data/verifier-nonce handling * Miscellaneous fixes from debugging. * Add sleep to workaround Azure bug. * Adjust the name of user_data/nonce. * Wire up misc command line options into request body. * Refactor TPM/vTPM and composite attestation. * Revive "evidence" command (by popular demand). * Correct command line usage (--aztdx vs. --tdx). * Fix incorrect error handling in TPM adapter. * Enable checkmarx check in CI * Bump CLI version. * CI updates. * Unit test correction. * Unit test corrections. * Cassini 21810 -- README files for AZ-TDX/vTPM preview (#139) * Initial commit for TPM readmes. * Changes from first review feedback; ready for final review. * Fix typo --------- Co-authored-by: Thompson, Kent <kent.thompson@intel.com> * CASSINI-21986: Remove 3 second sleep from azure adapter. * Misc fixes, unit tests and comment updates. * Correction. * Address pull request comments. * Miscellaneous fixes made during "physical-tpm" validation. (#144) * CASSINI-21986: Remove 3 second sleep from azure adapter. * Misc fixes, unit tests and comment updates. * Correction. * Address pull request comments. * Address pull request comments. * Remove info message when writing to NV ram. * Remove info/time from logrus messages when used in trustauthority-cli. * Clean up comment. * Consistently print '0x' and hex for TPM handles. * AK provisioning. * Changes to send TPMT_Public instead of AK public key to the provisioning service. * WIP: Debug ak-provisioning, add tpm-simulator and initial unit tests. * Unit test correction. * Unit test correction. * Add Ak certificate to evidence command. * Update ak provisioning endpoint * Address CASSINI-22273 and other miscellaneous changes. * Misc code clean up. * Misc updates for validation (error typo, max handle values, support "all" for pcr selections, better config.json parsing). * Fix unit tests. * Rebase with tpm-preview. * Consistently add '0x' and hex to TPM handle messages. * WIP * Unit tests for go-tpm package. * Misc cleanup. * Fix connector unit-tests. * Increase unit-test coverage for go-connector package. * Version bump. * Unit test correction. * Unit test correction. * Address PR comments. --------- Signed-off-by: Jerry Yu <jerry.yu@intel.com> Co-authored-by: Yanhui Zhao <wildyz.yky@gmail.com> Co-authored-by: Rawat, Arvind <arvind.rawat@intel.com> Co-authored-by: Jerry Yu <jerry.yu@intel.com> Co-authored-by: Yanhui Zhao <yanhui.zhao@intel.com> Co-authored-by: Glenn Minch <97639000+grminch@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.