Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Which module initiates the RA request? #484

Open
ccxiaop opened this issue Aug 28, 2024 · 2 comments
Open

Which module initiates the RA request? #484

ccxiaop opened this issue Aug 28, 2024 · 2 comments

Comments

@ccxiaop
Copy link

ccxiaop commented Aug 28, 2024

kata-agent starts the aa process, but the get_evidence and get_token interfaces are not invoked in the aa process. Which module initiates the RA request?
@Xynnn007
Copy link
Member

It is CDH. When a confidential resource is to be get from CDH via get_resource API, the CDH will call AA's API to get an attestation token. AA then connects to KBS to perform RCAR handshake and get a token. Then AA returns back the token to CDH. Then CDH uses this token to retrieve resource from KBS.

@Xynnn007
Copy link
Member

Typical callers of get_resource is image-rs. Try to search this key word in image-rs' code. Image decryption keys, image policies, registry credential auth files are all resources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ccxiaop @Xynnn007