attested-get: add support for dcap-tdx, and use auto detection mode by default#45
attested-get: add support for dcap-tdx, and use auto detection mode by default#45
attested-get: add support for dcap-tdx, and use auto detection mode by default#45Conversation
metachris
force-pushed
the
attested-get-dcap
branch
from
57c0fcb to
8f9b092
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR extends the attested-get command-line tool to support DCAP TDX attestation in addition to the existing Azure TDX attestation support.
Key Changes:
- Added DCAP TDX as a supported attestation type alongside Azure TDX
- Implemented DCAP TDX validator configuration for the client
- Updated measurement extraction to recognize both Azure TDX and QEMU TDX OIDs
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
metachris
changed the title
dcap-tdx, and use auto detection mode by default
metachris
changed the title
dcap-tdx, and use auto detection mode by defaultattested-get: add support for dcap-tdx, and use auto detection mode by default
MoeMahhouk
left a comment
MoeMahhouk
left a comment
There was a problem hiding this comment.
lgtm!
I left some nit suggestion and a question
| attConfig := config.DefaultForAzureTDX() | ||
| attConfig.SetMeasurements(measurements.M{}) |
There was a problem hiding this comment.
would this also work as you did below for QEMUTDX? something like config.AzureTDX{Measurements: measurements.M{}}
There was a problem hiding this comment.
not sure, didn't want to touch the previously working code
| case proxy.AttestationAuto: | ||
| // In auto mode, add all validators to support any attestation type | ||
| log.Info("Auto mode: creating validators for all supported attestation types") | ||
| validators = append(validators, createAzureTDXValidator(log, overrideAzurev6Tcbinfo)) | ||
| validators = append(validators, createDCAPTDXValidator(log)) |
There was a problem hiding this comment.
would this mean that it would try to verify with all validators and see which ones passes?
Would it errors if any of the validators returns an error? or would it just continue with the next one until one passes?
Just checking in case it would result in the same error one would encounter when it is not validating for the correct platform
There was a problem hiding this comment.
i think it would try them one by one
3 participants
No description provided.