Skip to content

Commit

Permalink
Temporarily log PCR
Browse files Browse the repository at this point in the history
  • Loading branch information
DJAndries committed Sep 17, 2024
1 parent 42dfbcf commit de2d2eb
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 1 deletion.
1 change: 1 addition & 0 deletions attestation.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ func arePCRsIdentical(ourPCRs, theirPCRs map[uint][]byte) bool {
}

for pcr, ourValue := range ourPCRs {
fmt.Println(pcr, ": ", ourValue)
// PCR4 contains a hash over the parent's instance ID. Our enclaves run
// on different parent instances; PCR4 will therefore always differ:
// https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html
Expand Down
41 changes: 40 additions & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,18 @@ import (
"bufio"
"errors"
"flag"
"fmt"
"io"
"log"
"math"
"net/url"
"os"
"os/exec"
"strings"

"github.com/hf/nitrite"
"github.com/hf/nsm"
"github.com/hf/nsm/request"
)

var (
Expand All @@ -33,10 +38,44 @@ func init() {
}

func main() {
sess, err := nsm.OpenDefaultSession()

if err != nil {
log.Fatal(err)
}

arbBytes := []byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}
res, err := sess.Send(&request.Attestation{
Nonce: arbBytes,
UserData: arbBytes,
PublicKey: arbBytes,
})
if err != nil {
log.Fatal(err)
}

if res.Error != "" {
log.Fatal(res.Error)
}

if res.Attestation == nil || res.Attestation.Document == nil {
log.Fatal("no attestation doc")
}

vres, err := nitrite.Verify(res.Attestation.Document, nitrite.VerifyOptions{})

if err != nil {
log.Fatal(err)
}

for pcr, value := range vres.Document.PCRs {
fmt.Println(pcr, ": ", value)
}
sess.Close()

var fqdn, fqdnLeader, appURL, appWebSrv, appCmd, prometheusNamespace, mockCertFp string
var extPubPort, extPrivPort, intPort, hostProxyPort, prometheusPort, hostIpProviderPort uint
var useACME, waitForApp, useProfiling, useVsockForExtPort, disableKeepAlives, debug bool
var err error

flag.StringVar(&fqdn, "fqdn", "",
"FQDN of the enclave application (e.g., \"example.com\").")
Expand Down

0 comments on commit de2d2eb

Please sign in to comment.