Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AS/verifier: support AA eventlog in TDX #408

Merged
merged 3 commits into from
Jul 15, 2024
Merged

AS/verifier: support AA eventlog in TDX #408

merged 3 commits into from
Jul 15, 2024

Conversation

Xynnn007
Copy link
Member

This is an alignment with guest-components side AA eventlog.

See confidential-containers/guest-components#548

cc @arronwy @binxing @mythi

@Xynnn007 Xynnn007 requested a review from sameo as a code owner June 12, 2024 09:46
@Xynnn007 Xynnn007 force-pushed the aa-eventlog branch 4 times, most recently from 3af2af9 to 0ee3742 Compare June 18, 2024 08:30
@Xynnn007 Xynnn007 force-pushed the aa-eventlog branch 2 times, most recently from c74cfdc to b0c7c36 Compare June 20, 2024 09:41
@Xynnn007
AS/verifier: support AA eventlog in TDX
e9ad270 
This is an alignment with guest-components side AA eventlog.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
AS: fix flatten function
4e627fc 
Before this commit, the parsed claims of arrays will be flatten into a
nested structure like map. But in real scenario like AAEL, Array will
only be the "leaf" member of the parsed claims. Thus keep it as-is is
better.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
Verifier: fix lint error for SGX/TDX
4095b44 
delete useless code for SGX, also makes submodules public.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007
Copy link
Member Author

btw, @mkulke do you think we should make a spec for CoCo about typical events, e.g. CreateContainer?

@mkulke
Copy link
Contributor

mkulke commented Jul 15, 2024

btw, @mkulke do you think we should make a spec for CoCo about typical events, e.g. CreateContainer?

I think we probably want to have a naming convention for Domain and Operation, but I'm not sure what typical events would be, in practice we probably follow the kata-agent API somehow, but the content of the logline depends on the payload:

e.g. github.com/confidential-containers CreateContainer docker.io/library/alpine implies that we extract the Image from a CreateContainer RPC payload, for SetPolicy the policy digest would be a meaningful content, etc...

So, I would suggest to create an RFC issue to discuss whether there should be a schema for CoCo events.

@Xynnn007 Xynnn007 merged commit 2720dd7 into confidential-containers:main Jul 15, 2024
15 checks passed
@Xynnn007 Xynnn007 deleted the aa-eventlog branch July 15, 2024 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkulke mkulke mkulke approved these changes

@sameo sameo Awaiting requested review from sameo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Xynnn007 @mkulke