Xynnn_
Xynnn_
Currently tokens returned by CoCo-AS is signed by a private key that is randomly generated during runtime. It is expected to configure a signing key at the launch of CoCo-AS...
After merging AS code into KBS, it is a good time to refactor KBS codes. Before v0.8.0, we use KBS to return an attestation token from CoCo AS that includes...
## Background Now different attesters in [cc-KBC](https://github.com/confidential-containers/attestation-agent/tree/main/src/kbc_modules/cc_kbc/attester) (like [tdx](https://github.com/confidential-containers/attestation-agent/blob/main/src/kbc_modules/cc_kbc/attester/tdx/mod.rs), [sev-snp](https://github.com/confidential-containers/attestation-agent/pull/105/files)) are being developed or perfected and related verifiers in Attestation-Service ([tdx](https://github.com/confidential-containers/attestation-service/pull/33) and [sev-snp](https://github.com/confidential-containers/attestation-service/pull/38)) are also under development. The attesters help...
https://github.com/confidential-containers/kbs/blob/main/src/api/src/attestation/amber/mod.rs#L51 The `nonce` parameter is a crytical parameter in KBS RCAR protocol. See https://github.com/confidential-containers/kbs/blob/main/docs/kbs_attestation_protocol.md#challenge It helps to avoid reply attack from the attestation-agent side. Currently Amber attestation service does not...
#### Background [KBS Attestation Protocol](https://github.com/confidential-containers/kbs/blob/main/docs/kbs_attestation_protocol.md) is a protocol proposed by CoCo Community. It is really an important protocol in CoCo community as it has the following functionalities: 1. Authenticates a...
Now key management has a relatively mature industry implementation, it is required for KBS to support different KMSes as the backend to store keys and secrets. In this scenario, KBS...
This PR mainly fixes #8111. Le's temporarily make it draft as it depends the following PRs - #8870. Which brings CDH, the component inside guest to decrypt image layer -...
Due to definition of AAEL, a ' ' is allowed as part of content field. Thus we now parse the original eventlog string using ' ' as separator to distinguish...
Much thanks to @arronwy and @ChengyuZhu6 's great help upon this. This PR resolves #9468. Mainly including both runtime(qemu) and kata-agent side change to support initdata (TDX and SNP in...
Close #8120. The test commit has not been testsed and I just followed what was coded in https://github.com/kata-containers/kata-containers/pull/9904. On top of #9904. Let's continue this after #9904 is merged. cc...