Skip to content

COCOS-390 - Add IGVM measurement on manager#404

Merged
dborovcanin merged 12 commits into
ultravioletrs:mainfrom
jovan-djukic:issue-390
Mar 12, 2025
Merged

COCOS-390 - Add IGVM measurement on manager#404
dborovcanin merged 12 commits into
ultravioletrs:mainfrom
jovan-djukic:issue-390

Conversation

@jovan-djukic

@jovan-djukic jovan-djukic commented Mar 12, 2025

Copy link
Copy Markdown
Contributor

What type of PR is this?

This is a feature and a documentation update.

What does this do?

The method FetchAttestationPolicy has been update. Now in the case of SEV-SNP it measures the IGVM file.

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

No.

Did you document any new/modified feature?

Manager README.md file was modified since it is now expected that MANAGER_ATTESTATION_POLICY_BINARY variable points to a directory that includes the igvmmeasure binary.

Notes

@codecov

codecov Bot commented Mar 12, 2025

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 34.61538% with 17 lines in your changes missing coverage. Please review.

Project coverage is 56.67%. Comparing base (4bb732e) to head (61a3e1b).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
manager/attestation_policy.go 0.00% 14 Missing ⚠️
pkg/attestation/igvmmeasure/igvmmeasure.go 75.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #404      +/-   ##
==========================================
- Coverage   56.88%   56.67%   -0.21%     
==========================================
  Files          59       59              
  Lines        5058     5078      +20     
==========================================
+ Hits         2877     2878       +1     
- Misses       1882     1900      +18     
- Partials      299      300       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jovan-djukic jovan-djukic changed the title NOISSUE-379 COCOS - IGVM measurement Mar 12, 2025
@SammyOina SammyOina changed the title COCOS - IGVM measurement COCOS-390 - IGVM measurement Mar 12, 2025
@SammyOina SammyOina changed the title COCOS-390 - IGVM measurement COCOS-390 - IGVM measurement on manager Mar 12, 2025
Comment thread manager/attestation_policy.go Outdated
}
case vmi.Config.EnableSEVSNP:
measurement, err = guest.CalcLaunchDigest(guest.SEV_SNP, vmi.Config.SMPCount, uint64(cpuid.CpuSigs[vmi.Config.CPU]), vmi.Config.OVMFCodeConfig.File, vmi.Config.KernelFile, vmi.Config.RootFsFile, strconv.Quote(qemu.KernelCommandLine), defGuestFeatures, "", vmmtypes.QEMU, false, "", 0)
args := []string{}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use the

func NewIgvmMeasurement(binPath string, stderr, stdout io.Writer) (*IgvmMeasurement, error) {
to execute the measurement calculation command

Comment on lines +87 to +91
err = igvmMeasurement.Run(ms.qemuCfg.IGVMConfig.File)

if err != nil {
return nil, err
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
err = igvmMeasurement.Run(ms.qemuCfg.IGVMConfig.File)
if err != nil {
return nil, err
}
if err = igvmMeasurement.Run(ms.qemuCfg.IGVMConfig.File);err != nil {
return nil, err
}

Comment on lines +81 to 85
igvmMeasurement, err := igvmmeasure.NewIgvmMeasurement(igvmMeasurementBinaryPath, stderr, stdout)

if err != nil {
return nil, err
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
igvmMeasurement, err := igvmmeasure.NewIgvmMeasurement(igvmMeasurementBinaryPath, stderr, stdout)
if err != nil {
return nil, err
}
igvmMeasurement, err := igvmmeasure.NewIgvmMeasurement(igvmMeasurementBinaryPath, stderr, stdout)
if err != nil {
return nil, err
}

@dborovcanin dborovcanin changed the title COCOS-390 - IGVM measurement on manager COCOS-390 - Add IGVM measurement on manager Mar 12, 2025
@dborovcanin dborovcanin merged commit 33744a1 into ultravioletrs:main Mar 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Feature: Update attestation policy to use vTPM measurement for Confidential VMs

3 participants