sample: always enable sample attester #426
Conversation
fitzthum
force-pushed
the
always-detect-sample
branch
from
d4c1abd to
7f45726
Compare
| @@ -78,10 +78,6 @@ pub trait Attester { | |||
|
|
|||
| // Detect which TEE platform the KBC running environment is. | |||
| pub fn detect_tee_type() -> Option<Tee> { | |||
There was a problem hiding this comment.
Maybe we should also change the result to Tee rather than Option as at least sample will be returned.
There was a problem hiding this comment.
Got rid of the option. I kept the interface the same at the level of the EvidenceProvider, but adjusted things up to that.
fitzthum
force-pushed
the
always-detect-sample
branch
4 times, most recently
from
ae6eb91 to
a05a908
Compare
Rather than setting an environment variable to enable the sample attester, always enable it as a fallback. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
fitzthum
force-pushed
the
always-detect-sample
branch
from
a05a908 to
006e1ff
Compare
|
We might also think about in real TEE, if no legal platform is detected, the attester will downgrade to sample attester and do rcar. At AS side, it might directly use sample verifier without a explicit approval of the user. The user should define a rule in policy on AS side to ban sample verifier claims. Or, a non-tee might be leveraged by an attacker to do a successful attestation. with environment variable, we can ensure that the logic of not setting env by checking the measurement of the guest image. |
Yes, I think we should setup the AS/KBS so that the default policy rejects the sample attester. Then for tests we can manually enable it. |
Rather than setting an environment variable to enable the sample attester, always enable it as a fallback.
See confidential-containers/confidential-containers#184 for reasons
I don't think it makes much sense to enable the sample attester based on an environment variable. Having it always available as a fallback shouldn't cause any security problems. The KBS/AS shouldn't be fooled by the sample evidence in a real deployment.