Skip to content

NOISSSUE - Fix SEV-SNP attestation policy validation#541

Merged
drasko merged 3 commits into
ultravioletrs:mainfrom
WashingtonKK:snp_test
Oct 15, 2025
Merged

NOISSSUE - Fix SEV-SNP attestation policy validation#541
drasko merged 3 commits into
ultravioletrs:mainfrom
WashingtonKK:snp_test

Conversation

@WashingtonKK

Copy link
Copy Markdown
Contributor

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

  • Related Issue #
  • Resolves #

Have you included tests for your changes?

Did you document any new/modified feature?

Notes

- Replace abi.ReportCertsToProto() with direct proto.Unmarshal() to bypass
  strict guest policy bit 17 validation that was failing
- Change protojson.Marshal() to proto.Marshal() for binary protobuf output

Signed-off-by: wkk <wkk@example.com>
- Remove fmt.Println debug statements from cmd/agent/main.go
- Remove fmt.Println debug statements from pkg/atls/certificate_provider.go
- Remove fmt.Println debug statements from pkg/attestation/azure/snp.go

Signed-off-by: wkk <wkk@example.com>
Signed-off-by: WashingtonKK <washingtonkigan@gmail.com>
return fmt.Errorf("failed to fetch TEE attestation report: %v", err)
}

extReport, err := abi.ReportCertsToProto(rawTeeAttestation)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this making a problem?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

{"agentLog":{"message":"Method Attestation took 58.752777ms to complete with error: failed to get vTPM quote : failed to convert TEE report to proto : malformed guest policy: mbz range policy[0x15:0x3f] not all zero: 73726576227b3a22", "level":"WARN", "timestamp":"2025-10-14T13:45:47.936604724Z"}}
{"agentLog":{"message":"failed to get attestation: failed to get vTPM quote : failed to convert TEE report to proto : malformed guest policy: mbz range policy[0x15:0x3f] not all zero: 73726576227b3a22", "level":"ERROR", "timestamp":"2025-10-14T13:45:47.936748503Z"}}

It brings this error

@codecov

codecov Bot commented Oct 15, 2025

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.90%. Comparing base (04b0cdf) to head (7807e38).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
pkg/attestation/vtpm/vtpm.go 0.00% 3 Missing ⚠️
pkg/attestation/quoteprovider/sev.go 0.00% 1 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main     #541   +/-   ##
=======================================
  Coverage   66.90%   66.90%           
=======================================
  Files          76       76           
  Lines        6884     6884           
=======================================
  Hits         4606     4606           
  Misses       1936     1936           
  Partials      342      342           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jovan-djukic

Copy link
Copy Markdown
Contributor

LGTM

@SammyOina SammyOina self-requested a review October 15, 2025 16:35
@drasko drasko merged commit 2b38f45 into ultravioletrs:main Oct 15, 2025
9 of 10 checks passed
@WashingtonKK WashingtonKK deleted the snp_test branch October 16, 2025 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants