COCOS-153 - Add host-data option
#163
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SammyOina
requested changes
Jul 1, 2024
manager/service.go
Outdated
Comment on lines
112
to
117
| jsonData, err := json.Marshal(ac) | ||
| if err != nil { | ||
| ms.publishEvent("vm-provision", c.Id, "failed", json.RawMessage{}) | ||
| return "", errors.Wrap(ErrFailedToMarshalJSON, err) | ||
| } | ||
| computationHash := sha3.Sum256(jsonData) |
dborovcanin
requested changes
Jul 1, 2024
cli/backend_info.go
Outdated
|
|
||
| type AttestationConfiguration struct { | ||
| SNPPolicy *check.Policy `json:"snp_policy,omitempty"` | ||
| RootOFTrust *check.RootOfTrust `json:"root_of_trust,omitempty"` |
There was a problem hiding this comment.
Done, my mistake. Thanks.
manager/service.go
Outdated
| @@ -156,3 +170,12 @@ func (ms *managerService) publishEvent(event, cmpID, status string, details json | |||
| }, | |||
| } | |||
| } | |||
|
|
|||
| func getComputationHash(ac *agent.Computation) ([32]byte, error) { | |||
There was a problem hiding this comment.
Rename to computationHash and use like ch := computationHash(ac). If there is no need to pass the pointer param here (i.e. we do not change the computation from this function), pass by value instead.
There was a problem hiding this comment.
Done. The computation is passed by value now.
dborovcanin
requested changes
Jul 2, 2024
cli/backend_info.go
Outdated
Comment on lines
65
to
86
| measurement, err := base64.StdEncoding.DecodeString(args[0]) | ||
| if err != nil { | ||
| log.Fatalf("Error could not decode base64: %v", err) | ||
| } | ||
|
|
||
| if len(measurement) != measurementLength { | ||
| log.Fatalf("Measurement must be 48 bytes in length") | ||
| } | ||
| attestationConfiguration := AttestationConfiguration{} | ||
|
|
||
| backendInfo, err := os.OpenFile(args[1], os.O_RDWR, filePermision) | ||
| if err != nil { | ||
| log.Fatalf("Error opening the backend information file: %v", err) | ||
| } | ||
| defer backendInfo.Close() | ||
|
|
||
| decoder := json.NewDecoder(backendInfo) | ||
| err = decoder.Decode(&attestationConfiguration) | ||
| if err != nil { | ||
| log.Fatalf("Error decoding the backend information file: %v", err) | ||
| } | ||
|
|
||
| attestationConfiguration.SNPPolicy.Measurement = measurement | ||
| if err = backendInfo.Truncate(0); err != nil { | ||
| log.Fatalf("Error could not truncate backend information JSON file: %v", err) | ||
| } | ||
|
|
||
| fileJson, err := json.MarshalIndent(attestationConfiguration, "", " ") | ||
| if err != nil { | ||
| log.Fatalf("Error marshaling the backend information JSON: %v", err) | ||
| } | ||
| if err = os.WriteFile(backendInfo.Name(), fileJson, filePermision); err != nil { | ||
| log.Fatalf("Error writing into backend information JSON file: %v", err) | ||
| } |
There was a problem hiding this comment.
Is it possible to simplify with something like:
Suggested change
| measurement, err := base64.StdEncoding.DecodeString(args[0]) | |
| if err != nil { | |
| log.Fatalf("Error could not decode base64: %v", err) | |
| } | |
| if len(measurement) != measurementLength { | |
| log.Fatalf("Measurement must be 48 bytes in length") | |
| } | |
| attestationConfiguration := AttestationConfiguration{} | |
| backendInfo, err := os.OpenFile(args[1], os.O_RDWR, filePermision) | |
| if err != nil { | |
| log.Fatalf("Error opening the backend information file: %v", err) | |
| } | |
| defer backendInfo.Close() | |
| decoder := json.NewDecoder(backendInfo) | |
| err = decoder.Decode(&attestationConfiguration) | |
| if err != nil { | |
| log.Fatalf("Error decoding the backend information file: %v", err) | |
| } | |
| attestationConfiguration.SNPPolicy.Measurement = measurement | |
| if err = backendInfo.Truncate(0); err != nil { | |
| log.Fatalf("Error could not truncate backend information JSON file: %v", err) | |
| } | |
| fileJson, err := json.MarshalIndent(attestationConfiguration, "", " ") | |
| if err != nil { | |
| log.Fatalf("Error marshaling the backend information JSON: %v", err) | |
| } | |
| if err = os.WriteFile(backendInfo.Name(), fileJson, filePermision); err != nil { | |
| log.Fatalf("Error writing into backend information JSON file: %v", err) | |
| } | |
| measurement, err := base64.StdEncoding.DecodeString(args[0]) | |
| if err != nil { | |
| log.Fatalf("Error could not decode base64: %v", err) | |
| } | |
| if len(measurement) != measurementLength { | |
| log.Fatalf("Measurement must be 48 bytes in length") | |
| } | |
| ac := AttestationConfiguration{} | |
| bi, err := os.ReadFile(args[1]) | |
| if err != nil { | |
| log.Fatalf("Failed to read the config file: %v", err) | |
| } | |
| if err := json.Unmarshal(bi, &ac); err != nil { | |
| log.Fatalf("Failed to unmarshal JSON data: %v", err) | |
| } | |
| ac.SNPPolicy.Measurement = measurement | |
| bi, err = json.MarshalIndent(ac, "", "") | |
| if err != nil { | |
| log.Fatalf("Failed to marshal JSON configuration: %v", err) | |
| } | |
| if err := os.WriteFile(args[1], bi, filePermission); err != nil { | |
| log.Fatalf("Failed to write config to the file: %v", err) | |
| } |
cli/backend_info.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| filePermision = 0o755 |
There was a problem hiding this comment.
Fix typo permission. Also, consider completely removing it and using predefined modes from the fs like fs.<Whatever_mode_we_need_here>.
dborovcanin
reviewed
Jul 3, 2024
| } | ||
| } | ||
|
|
||
| func (cli *CLI) NewAddMeasurementCmd() *cobra.Command { |
There was a problem hiding this comment.
There are a lot of repetitions, please extract to an unexported function.
There was a problem hiding this comment.
Changed. I have written a single function that alters the backend info file (adds the measurement and host data) and takes the fieldType argument so that the function knows if it should change the measurement field or host data field.
SammyOina
requested changes
Jul 4, 2024
cli/backend_info.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| // 0o744 file permission gives RWX permission to the user and only the R permission to others |
There was a problem hiding this comment.
Suggested change
| // 0o744 file permission gives RWX permission to the user and only the R permission to others | |
| // 0o744 file permission gives RWX permission to the user and only the R permission to others. |
danko-miladinovic
force-pushed
the
host_data
branch
from
df6ddfc to
662aca0
Compare
SammyOina
approved these changes
Jul 7, 2024
dborovcanin
requested changes
Jul 8, 2024
| case measurementField: | ||
| ac.SNPPolicy.Measurement = data | ||
| case hostDataField: | ||
| ac.SNPPolicy.HostData = data |
There was a problem hiding this comment.
Add a default case that returns an error.
dborovcanin
approved these changes
Jul 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
This is a feature because it adds:
host-dataoption to the launching of CVMs.This PR also renames the
platform_info.jsonintobackend_info.json.What does this do?
This PR enables the Manager to launch CVMs with the
host-datafiled of the attestation report populated with the computation configuration of the Agent. This way, the Agent can check what is being sent to him by the Manager.This PR also renames the
platform_info.jsonintobackend_info.json.Which issue(s) does this PR fix/relate to?
host-dataQEMU option to CVM boot up #153Have you included tests for your changes?
The manual README.md has been changed to reflect this new feature.
Did you document any new/modified feature?
Documentation will be updated in a separate PR.
Notes