Skip to content

Commit

Permalink
snp: use correct cert
Browse files Browse the repository at this point in the history
Signed-off-by: Moritz Sanft <[email protected]>
  • Loading branch information
msanft committed Apr 15, 2024
1 parent ec4fdcc commit ad991fd
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 10 deletions.
4 changes: 2 additions & 2 deletions internal/attestation/gcp/snp/issuer.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,8 @@ func getInstanceInfo(_ context.Context, _ io.ReadWriteCloser, extraData []byte)
if len(extraData) > 64 {
return nil, fmt.Errorf("extra data too long: %d, should be 64 bytes at most", len(extraData))
}
extraData64 := make([]byte, 64)
copy(extraData64, extraData)
var extraData64 [64]byte
copy(extraData64[:], extraData)

device, err := sevclient.OpenDevice()
if err != nil {
Expand Down
14 changes: 7 additions & 7 deletions internal/attestation/gcp/snp/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,21 +68,21 @@ func NewValidator(cfg *config.GCPSEVSNP, log attestation.Logger) (*Validator, er

// getTrustedKey returns TPM endorsement key provided through the GCE metadata API.
func (v *Validator) getTrustedKey(ctx context.Context, attDoc vtpm.AttestationDocument, extraData []byte) (crypto.PublicKey, error) {
ekPub, err := v.gceKeyGetter(ctx, attDoc, nil)
if err != nil {
return nil, fmt.Errorf("getting TPM endorsement key: %w", err)
}

if len(extraData) > 64 {
return nil, fmt.Errorf("extra data too long: %d, should be 64 bytes at most", len(extraData))
}
extraData64 := make([]byte, 64)
copy(extraData64, extraData)
var extraData64 [64]byte
copy(extraData64[:], extraData)

if err := v.reportValidator.validate(attDoc, (*x509.Certificate)(&v.cfg.AMDSigningKey), (*x509.Certificate)(&v.cfg.AMDRootKey), [64]byte(extraData64), v.cfg, v.log); err != nil {
return nil, fmt.Errorf("validating SNP report: %w", err)
}

ekPub, err := v.gceKeyGetter(ctx, attDoc, nil)
if err != nil {
return nil, fmt.Errorf("getting TPM endorsement key: %w", err)
}

return ekPub, nil
}

Expand Down
2 changes: 1 addition & 1 deletion internal/attestation/snp/snp.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ func (a *InstanceInfo) AttestationWithCerts(getter trust.HTTPSGetter,
logger.Info("Using cached ASK certificate")
att.CertificateChain.AskCert = fallbackCerts.ask.Raw
}
if att.CertificateChain.ArkCert == nil && fallbackCerts.ark != nil {
if fallbackCerts.ark != nil {
logger.Info("Using cached ARK certificate")
att.CertificateChain.ArkCert = fallbackCerts.ark.Raw
}
Expand Down

0 comments on commit ad991fd

Please sign in to comment.