trustee

trustee copied to clipboard

Hi, I run the kbs and other services inside docker with docker compose up -d and when I use skopeo to encrypt an image, the encryption works but the key...

pegahnikbakht

[AS] Return generic report_data & init_data field in Attestation Claim

6

Inspired by https://github.com/confidential-containers/kbs/pull/216#discussion_r1399837721 we should also embed two more claims `init_data` and `report_data` to the Attestation-Claims of each verifier handler. This would do great help to the consumer of the...

Xynnn007

KBS: build s390x key-broker-service image in CI

1

I'd like to have s390x kbs OCI image built in CI. A cross-platform build or by a s390x runner in GHA both works for me.

huoqifeng

Documenting Intel and AMD services used for attestation

8

Is there a central location documenting the Intel and AMD services used for attestation? This info helps to plan for actual deployment w.r.t urls to add to firewall allow list,...

bpradipt

SNP: add fallback for cert-chain without extended report

5

If the cert chain does not include the extended report, we should connect to the KDS to get it.

fitzthum

It's not possible to run ``` kubectl kustomize https://github.com/confidential-containers/trustee/kbs/config/kubernetes/overlays?ref=18c8ee378c6d83446ee635a702d5dee389028d8f ``` It'd be good to have it so that users could have their own `kustomization.yaml`s defined: ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization...

mythi

[RVPS] RVPS Update Design

7

Currently, we have Reference Value Provider Service (RVPS) as a black box aiming to provide the following functionalities 1. `register_reference_value(manifest)` Receive different format of reference value manifests, e.g. Sample format,...

Xynnn007

Release KBS Client Binary

4

It would be handy if we released a binary for the KBS client. Unlike the services that we already release, we probably don't want this to be a standalone container...

fitzthum

Adopt EAR in Attestation Service

5

Following @thomas-fossati's excellent presentation about EAR in the community meeting, I think we should move towards replacing/reformating our attestation token to use EAR. There are a few pieces that we'll...

fitzthum

OPA Engine Quirks

11

I am not an expert on OPA, but I have noticed a few weird things about our implementation. First, it seems like we probably have some duplicate code between the...

fitzthum