Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update go-sev-guest #140

Merged
merged 1 commit into from
Feb 9, 2024
Merged

deps: update go-sev-guest #140

merged 1 commit into from
Feb 9, 2024

Conversation

malt3
Copy link
Contributor

@malt3 malt3 commented Feb 9, 2024
edited
Loading

Upgrading to a proper release.

Changelog: https://github.com/google/go-sev-guest/releases/tag/v0.10.2

@malt3 malt3 requested a review from katexochen as a code owner February 9, 2024 08:10
@daniel-weisse
Copy link
Member

Not setting the expected product will now log a warning when verifying SNP statements.
You probably want to update the usage of verify.DefaultOptions(), which doesnt have a default product set.
This code should set options.Product to abi.DefaultSevProduct() to avoid the warning.

@malt3
Copy link
Contributor Author

malt3 commented Feb 9, 2024

Not setting the expected product will now log a warning

Indeed: WARN : 2024/02/09 08:24:19.827547 verify.go:688: Attestation missing product information. KDS certificate may be invalid. Using default Milan-B1

@malt3 malt3 force-pushed the deps/go-sev-guest-0-10-2 branch 2 times, most recently from 098e7a9 to 43dd178 Compare February 9, 2024 09:51
@malt3
Copy link
Contributor Author

malt3 commented Feb 9, 2024
edited
Loading

Currently testing GetQuoteProto on the issuer side. Please stand by..

EDIT: we have a choice between:

  • Using GetQuoteProto produces a lot of warnings since the extended report is not available (see below)
  • Hardcoding milan as the product name on the verifier side works but is not flexible
  • We could ask for the report and the product info in the VM and send this as a custom format that we reassemble in the verifier
│ ERROR: Logging before logger.Init.                                                                                                                                                                                                                                                            │
│ WARN : 2024/02/09 10:03:08.276541 abi.go:861: Warning: Neither VCEK nor VLEK certificate found in data pages                                                                                                                                                                                  │
│ ERROR: Logging before logger.Init.                                                                                                                                                                                                                                                            │
│ WARN : 2024/02/09 10:03:08.276791 abi.go:865: ASK certificate not found in data pages                                                                                                                                                                                                         │
│ ERROR: Logging before logger.Init.                                                                                                                                                                                                                                                            │
│ WARN : 2024/02/09 10:03:08.276809 abi.go:868: ARK certificate not found in data pages

@katexochen
Copy link
Member

@malt3 I think hardcoding the product is ok for now, but please file an issue upstream to a) get clarification why the library expects product name from the verifier as independent input, and b) if we can find a solution to send this info similar to GetQuoteProto when no extended report is available.

@malt3
Copy link
Contributor Author

malt3 commented Feb 9, 2024

Upstream issue: google/go-sev-guest#108

@katexochen katexochen force-pushed the main branch 2 times, most recently from 2aaf78e to 5b4eb97 Compare February 9, 2024 13:39
@malt3
deps: update go-sev-guest
688d2dc 
Also specify the exact SEV product in the validator.
@malt3 malt3 force-pushed the deps/go-sev-guest-0-10-2 branch from 43dd178 to 688d2dc Compare February 9, 2024 13:50
@malt3 malt3 merged commit 1cad62f into main Feb 9, 2024
5 checks passed
@malt3 malt3 deleted the deps/go-sev-guest-0-10-2 branch February 9, 2024 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@malt3 @daniel-weisse @katexochen