salrashid123
salrashid123
`Impersonated` client does not have any way to generate signedurl or to signbytes. This credential type uses the IAM api to perform acquire various token types like `generateAccessToken`, `generateIdToken` (ref:...
FR to surface the instance attributes encoded into the x509 issued AK/EK certs on GCE instance: https://github.com/google/go-tpm-tools/blob/f599e6c6bb64d3c03e9507c9fc12c6dbf4a2f640/server/verify.go#L176 suggestion is having `server.VerifyGCECert` which directly returns the gceInstanceInfo
Question regarding how custom claims within a provided OIDC token can get baked into the issued cert Currently, the issued cert emits the email as SAN and [custom OID](https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md) that...
Cog currently [uses docker to build the images](https://github.com/replicate/cog/blob/main/pkg/docker/build.go#L42) however, docker based builds are not reproducible: you'll get different image hashes even with the identical config this long-term feature request is...
# 🐞 bug report ### Affected Rule * `container_image` * `go_image` ### Is this a regression? not sure, this is more of a question/clarification ### Description I'd like to specify...
Seems `python3-distutils` is missing from ubuntue even if python3 is installed. `dnsutils` is called by bazel while acquiring pip modules specified in the bazel `WORKSPACE` ## Affected builder image `gcr.io/cloud-builders/bazel`...
FR to allow [client.Key](https://pkg.go.dev/github.com/google/go-tpm-tools/client#Key) full persistence such that can be loadable after power cycles. Right now the only way to reuse objects across reboots is to `evictcontrol()` and find one...
[CreateSigningKeyImportBlob](https://pkg.go.dev/github.com/google/go-tpm-tools/server#CreateSigningKeyImportBlob) and [ImportSigningKey](https://pkg.go.dev/github.com/google/go-tpm-tools/client#Key.ImportSigningKey) only support restrictions with pcr values. However, the imorted key does not have any `authorization policy` that prevent duplication afaik (only pcr binding) ``` # tpm2_readpublic -c...
`GetGCEInstanceInfo` return `nil,nil` in certain circumstances: https://github.com/google/go-tpm-tools/blob/master/server/verify.go#L208-L211 shoudn't these `return nil, fmt.Errorf("...")`
`go-tpm-tools` currenlty supports importing an external rsa key _into_ the tpm using [CreateSigningKeyImportBlob](https://pkg.go.dev/github.com/google/[email protected]/server#CreateSigningKeyImportBlob) it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using [CreateImportBlob](https://pkg.go.dev/github.com/google/[email protected]/server#CreateImportBlob)...