Skip to content

Commit

Permalink
attestation: use KDS as fallback if THIM retrieval fails
Browse files Browse the repository at this point in the history
  • Loading branch information
davidweisse committed Apr 25, 2024
1 parent ed4561e commit ab7cbc2
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions internal/attestation/snp/issuer.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,16 @@ func (i *Issuer) Issue(_ context.Context, ownPublicKey []byte, nonce []byte) (re
i.logger.Info("Retrieved report", "reportRaw", hex.EncodeToString(reportRaw))

// Get cert chain from THIM
var certChain *spb.CertificateChain
thimRaw, err := i.thimGetter.GetCertification()
if err != nil {
return nil, fmt.Errorf("issuer: getting cert chain from THIM: %w", err)
}
i.logger.Info("Retrieved THIM certification", "thim", thimRaw)
certChain, err := thimRaw.Proto()
if err != nil {
return nil, fmt.Errorf("issuer: converting THIM cert chain: %w", err)
i.logger.Info("Could not retrieve THIM certification", "error", err)
} else {
i.logger.Info("Retrieved THIM certification", "thim", thimRaw)
certChain, err = thimRaw.Proto()
if err != nil {
return nil, fmt.Errorf("issuer: converting THIM cert chain: %w", err)
}
}

// Get SNP product info from cpuid
Expand Down

0 comments on commit ab7cbc2

Please sign in to comment.