ear: add TDX sample policy checks #667
Conversation
Populate the default EAR policy with an initial TDX policy configuration. Co-developed-by: Jorge Almansa <[email protected]> Signed-off-by: Mikko Ylinen <[email protected]>
|
thanks. This should be enough to get started. I need to make a few adjustments once I get |
There was a problem hiding this comment.
LGTM. Looks like one important thing is to ensure the boot chain for tdx guest. If we use td-shim, we will have tdx.ccel.kernel in parsed claims. I am not sure what ovmf from ubuntu upstream will generate, needs a try.
| # Check TDX Module version and its hash. Also check OVMF code hash. | ||
| input.tdx.quote.body.mr_seam in data.reference.mr_seam | ||
| input.tdx.quote.body.tcb_svn in data.reference.tcb_svn | ||
| input.tdx.quote.body.mr_td in data.reference.mr_td |
There was a problem hiding this comment.
Following https://github.com/confidential-containers/trustee/blob/main/attestation-service/docs/parsed_claims.md#intel-tdx, seems that we can also add
tdx.quote.body.mrsigner_seam also?
There was a problem hiding this comment.
I left that out on purpose for now since that's all zeros for Intel's TDX Module. Do you think it would be good to add a check for zero here?
There was a problem hiding this comment.
As a sample policy, it is ok imo.
it does not work and that is one thing on my list two fix |
Something I drafted together with @jorgealmansa.
Populate the default EAR policy with an initial TDX policy configuration.