Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aa: attester: Let attesters to prepare reportdata #369

Closed
wants to merge 3 commits into from
Closed

aa: attester: Let attesters to prepare reportdata #369

wants to merge 3 commits into from

Conversation

mythi
Copy link
Contributor

@mythi mythi commented Sep 27, 2023

Fixes: #366

Mostly build-tested only so keeping in draft for now.

@mythi
Copy link
Contributor Author

mythi commented Sep 27, 2023

Looks like this old get_evidence() is used all over the place. I need to take a closer look what can be changed.

@mythi mythi force-pushed the hasher branch 3 times, most recently from a28d693 to fd0681d Compare September 27, 2023 10:42
mythi added 3 commits November 1, 2023 13:57
@mythi
aa: attester: add generic reportdata hasher
4499301 
Similar to how CoCo attestation-service has per TEE verifier
logic knowing how to verify the report data evidence, make it the
same on the attesters side too.

Instead of KBS protocol doing the nonce + tee_pubkey hashing
to be used in the evidence reportdata, pass the information
to attesters to crunch.

Additionally, hash the full tee_pubkey info as specified by
the KBS protocol specification:

"The hash of the tee-pubkey field must be included in the
custom field of HW-TEE evidence and signed by HW-TEE hardware."

Signed-off-by: Mikko Ylinen <[email protected]>
@mythi
aa: attester: update Intel TEE hashers
2815d84 
For better compatibility with different attestation services,
move Intel SGX and Intel TDX to use Sha256 and Sha512 hashers,
respectively.

Signed-off-by: Mikko Ylinen <[email protected]>
@mythi
WIP: fake call to get AA built
16b32b1 
Signed-off-by: Mikko Ylinen <[email protected]>
@mythi mythi mentioned this pull request Nov 22, 2023
Merged
@Xynnn007
Copy link
Member

Xynnn007 commented Nov 27, 2023
edited
Loading

I think coupling the report data calculation insde attester is not a good choice. Different users would want to calculate report data with different algorithms. This PR would reduce flexibility.

@mythi mythi mentioned this pull request Dec 13, 2023
Merged
@mythi
Copy link
Contributor Author

mythi commented Jun 13, 2024

not needed anymore

@mythi mythi closed this Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kbs_protocol does not follow the KBS spec
2 participants
@mythi @Xynnn007