Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sample: always enable sample attester #426

Merged
merged 1 commit into from
Jan 5, 2024
Merged

sample: always enable sample attester #426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion attestation-agent/attester/src/bin/evidence_getter.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ async fn main() {
.read(&mut report_data)
.expect("read input failed");

let tee = detect_tee_type().expect("unknown tee type");
let tee = detect_tee_type();
let attester: BoxedAttester = tee.try_into().expect("create attester failed");
let evidence = attester
.get_evidence(report_data)
Expand Down
23 changes: 10 additions & 13 deletions attestation-agent/attester/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,45 +77,42 @@ pub trait Attester {
}

// Detect which TEE platform the KBC running environment is.
pub fn detect_tee_type() -> Option<Tee> {
if sample::detect_platform() {
return Some(Tee::Sample);
}

pub fn detect_tee_type() -> Tee {
#[cfg(feature = "tdx-attester")]
if tdx::detect_platform() {
return Some(Tee::Tdx);
return Tee::Tdx;
}

#[cfg(feature = "sgx-attester")]
if sgx_dcap::detect_platform() {
return Some(Tee::Sgx);
return Tee::Sgx;
}

#[cfg(feature = "az-tdx-vtpm-attester")]
if az_tdx_vtpm::detect_platform() {
return Some(Tee::AzTdxVtpm);
return Tee::AzTdxVtpm;
}

#[cfg(feature = "az-snp-vtpm-attester")]
if az_snp_vtpm::detect_platform() {
return Some(Tee::AzSnpVtpm);
return Tee::AzSnpVtpm;
}

#[cfg(feature = "snp-attester")]
if snp::detect_platform() {
return Some(Tee::Snp);
return Tee::Snp;
}

#[cfg(feature = "csv-attester")]
if csv::detect_platform() {
return Some(Tee::Csv);
return Tee::Csv;
}

#[cfg(feature = "cca-attester")]
if cca::detect_platform() {
return Some(Tee::Cca);
return Tee::Cca;
}

None
log::warn!("No TEE platform detected. Sample Attester will be used.");
Tee::Sample
}
6 changes: 2 additions & 4 deletions attestation-agent/attester/src/sample/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,10 @@ use super::Attester;
use anyhow::*;
use base64::Engine;
use serde::{Deserialize, Serialize};
use std::env;

// If the environment variable "AA_SAMPLE_ATTESTER_TEST" is set,
// the TEE platform is considered as "sample".
// Sample attester is always supported
pub fn detect_platform() -> bool {
env::var("AA_SAMPLE_ATTESTER_TEST").is_ok()
true
}

// A simple example of TEE evidence.
Expand Down
3 changes: 0 additions & 3 deletions attestation-agent/kbs_protocol/src/error.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,6 @@ pub enum Error {
#[error("get token failed: {0}")]
GetTokenFailed(String),

#[error("get tee type failed: {0}")]
GetTeeTypeFailed(String),

#[error("http request failed: {0}")]
HttpError(String),

Expand Down
12 changes: 4 additions & 8 deletions attestation-agent/kbs_protocol/src/evidence_provider/native.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,9 @@ pub struct NativeEvidenceProvider(BoxedAttester);

impl NativeEvidenceProvider {
pub fn new() -> Result<Self> {
let tee = detect_tee_type()
.ok_or_else(|| Error::GetTeeTypeFailed("no supported Tee type detected.".into()))?
.try_into()
.map_err(|e| {
Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e}"))
})?;
let tee = detect_tee_type().try_into().map_err(|e| {
Error::NativeEvidenceProvider(format!("failed to initialize tee driver: {e}"))
})?;
Ok(Self(tee))
}
}
Expand All @@ -35,7 +32,6 @@ impl EvidenceProvider for NativeEvidenceProvider {
}

async fn get_tee_type(&self) -> Result<Tee> {
detect_tee_type()
.ok_or_else(|| Error::GetTeeTypeFailed("no supported Tee type detected.".into()))
Ok(detect_tee_type())
}
}
4 changes: 2 additions & 2 deletions attestation-agent/lib/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ impl AttestationAPIs for AttestationAgent {

/// Get TEE hardware signed evidence that includes the runtime data.
async fn get_evidence(&mut self, runtime_data: &[u8]) -> Result<Vec<u8>> {
let tee_type = detect_tee_type().ok_or(anyhow!("no supported tee type found!"))?;
let tee_type = detect_tee_type();
let attester = TryInto::<BoxedAttester>::try_into(tee_type)?;
let evidence = attester.get_evidence(runtime_data.to_vec()).await?;
Ok(evidence.into_bytes())
Expand All @@ -207,7 +207,7 @@ impl AttestationAPIs for AttestationAgent {
events: Vec<Vec<u8>>,
register_index: Option<u64>,
) -> Result<()> {
let tee_type = detect_tee_type().ok_or(anyhow!("no supported tee type found!"))?;
let tee_type = detect_tee_type();
let attester = TryInto::<BoxedAttester>::try_into(tee_type)?;
attester
.extend_runtime_measurement(events, register_index)
Expand Down
Loading