Skip to content

Commit

Permalink
attestation.snp: set productLine in verifyOpts bcs of reference value…
Browse files Browse the repository at this point in the history 
…s dependence
  • Loading branch information
@jmxnzo
jmxnzo committed Dec 18, 2024
1 parent d8d75fc commit b0a4247
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions internal/manifest/manifest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,11 @@ func (m *Manifest) SNPValidateOpts(kdsGetter trust.HTTPSGetter) ([]ValidatorOpti
}

verifyOpts := verify.DefaultOptions()
// Setting the productLine explicitly, because of full dependence of trustedMeasurements and derivation of trustedRoots on productLine.
verifyOpts.Product, err = kds.ParseProductLine(string(refVal.ProductName))
if err != nil {
return nil, fmt.Errorf("SNP reference values: %w", err)
}
verifyOpts.TrustedRoots, err = trustedRoots(refVal.ProductName)
if err != nil {
return nil, fmt.Errorf("determine trusted roots: %w", err)
Expand Down Expand Up @@ -281,6 +286,8 @@ func trustedRoots(productName ProductName) (map[string][]*trust.AMDRootCerts, er
return trustedRoots, nil
}



// The QE Vendor ID used by Intel.
var intelQeVendorID = []byte{0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9, 0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07}

Expand Down

0 comments on commit b0a4247

Please sign in to comment.