Skip to content

Commit

Permalink
verify: temporarily disable id block verification
Browse files Browse the repository at this point in the history
Since we currently cannot control when idkeys / igvm files are updated,
a working contrast deployment can break at any time.
Disable the validation for now to improve UX.

(cherry picked from commit 8e0412b)
  • Loading branch information
malt3 authored and github-actions[bot] committed Mar 12, 2024
1 parent 724711a commit 00b35ce
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion cli/cmd/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ func newCoordinatorValidateOptsGen(hostData []byte) *snp.StaticValidateOptsGener
},
PermitProvisionalFirmware: true,
TrustedIDKeyHashes: trustedIDKeyDigests,
RequireIDBlock: true,
RequireIDBlock: false, // TODO(malt3): re-enable once we control the full boot (including the id block)
},
}
}
Expand Down
2 changes: 1 addition & 1 deletion coordinator/mesh.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func (m *meshAuthority) SNPValidateOpts(report *sevsnp.Report) (*validate.Option
},
PermitProvisionalFirmware: true,
TrustedIDKeyHashes: trustedIDKeyDigestHashes,
RequireIDBlock: true,
RequireIDBlock: false, // TODO(malt3): re-enable once we control the full boot (including the id block)
}, nil
}

Expand Down

0 comments on commit 00b35ce

Please sign in to comment.