deps: update go-sev-guest

Also specify the exact SEV product in the validator.
edgelesssys · Feb 9, 2024 · 688d2dc · 688d2dc
1 parent 5b4eb97
commit 688d2dc
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/edgelesssys/nunki
 go 1.21
 
 require (
-	github.com/google/go-sev-guest v0.10.2-0.20240126023144-76997c0b1210
+	github.com/google/go-sev-guest v0.10.2
 	github.com/spf13/afero v1.11.0
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4

diff --git a/go.sum b/go.sum
@@ -15,8 +15,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98=
 github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo=
-github.com/google/go-sev-guest v0.10.2-0.20240126023144-76997c0b1210 h1:PTC8sKRH6u2XAsnQfn4V8sCKLIvsCPGKMW4TVti2Cdk=
-github.com/google/go-sev-guest v0.10.2-0.20240126023144-76997c0b1210/go.mod h1:/5hrgGWqG7+MPTXKhQz+v9ZE+Eh4MCBdItCNwgshlrk=
+github.com/google/go-sev-guest v0.10.2 h1:2XoNyuoKAmGFOE9LsDCbKdvrkCZGatiCTM3uXxvUUfk=
+github.com/google/go-sev-guest v0.10.2/go.mod h1:/5hrgGWqG7+MPTXKhQz+v9ZE+Eh4MCBdItCNwgshlrk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=

diff --git a/internal/attestation/snp/validator.go b/internal/attestation/snp/validator.go
@@ -93,6 +93,9 @@ func (v *Validator) Validate(ctx context.Context, attDocRaw []byte, nonce []byte
 	v.logger.Info("Report decoded", "reportRaw", hex.EncodeToString(reportRaw))
 
 	verifyOpts := verify.DefaultOptions()
+	verifyOpts.Product = &sevsnp.SevProduct{
+		Name: sevsnp.SevProduct_SEV_PRODUCT_MILAN,
+	}
 	verifyOpts.CheckRevocations = true
 	verifyOpts.Getter = v.kdsGetter
 

diff --git a/packages/default.nix b/packages/default.nix
@@ -42,7 +42,7 @@ rec {
 
       src = goFiles;
       proxyVendor = true;
-      vendorHash = "sha256-WDkEJC8Bv1gl85BewcaaVQEvzLEcCNhBTnWUl/ZjCPA=";
+      vendorHash = "sha256-RjKhJ39o4b8xumwAw9PgnmjHlxxfvsTq1ALhXW6/0gM=";
 
       prePatch = ''
         install -D ${lib.getExe genpolicy} cli/assets/genpolicy