Conversation
| return nil, err | ||
| } | ||
|
|
||
| var manifest []uint8 |
There was a problem hiding this comment.
Hi can we clarify whether the Services Manifest is guaranteed to be present for all responses? The current implementation assumes it is always present, but the code path will fail if manifest = nil.
There was a problem hiding this comment.
Thanks for taking a look. I don't think the services manifest is guaranteed to exist, so I changed the implementation to work if it's nil.
|
@onlyshawn anything we can do to move this along? |
|
@jmomort Sorry on delay here, i'll look to review and test it this week on an SVSM VM and then will move to push merging it |
|
I'd previously added SVSM support into go-tpm-tools directly by making use of go-configfs-tsm rather than implementing the QuoteProvider interface; but it sounds fine to also support the quote provider interface too |
4 participants
Adds an
SVSMQuoteProviderinterface, which represents a client in the SVSM attestation protocol as described in the Secure VM Service Module for SEV-SNP Guests specification to retrieve a quote.Updates the
LinuxConfigFsQuoteProviderclass to implementSVSMQuoteProviderby adding on theGetRawQuoteSVSM()method, which behaves similarly to theGetRawQuote()method in that it uses thelinuxtsm.GetReport()library call to get a report from the TPM.svsmas theServiceProvider, which will prompt the OS to use the SVSMSVSM_ATTEST_SERVICESprotocol when retrieving the report. As described in Section 7.1 of the specification, "This call is used to request a VMPL0 attestation report that includes a services manifest of the services that are running in the SVSM as part of the report data".Adds the
abi_svsm.gofile, which defines theServicesManifesttype, which is used to parse the services manifest returned by the SVSM into a human readable format, including protobuf.Attestationmessage in sevsnp.proto to include an optionalServicesManifestfield