AA | Add Eventlog Recording for Attestation Agent #548
Conversation
Xynnn007
force-pushed
the
aa-eventlog
branch
2 times, most recently
from
b8eb5e6
to
3da8d73
Compare
Not yet, we'll have to add this to the API, since we also need it for Peerpod's initdata |
I am open to this. One of my close colleagues has been working on adding vTPM support there. I think the biggest challenge might be supporting all the forks that they currently rely on to get things running. We will also probably need a new vTPM attester/verifier or possibly one for each platform coconut runs on. |
Xynnn007
force-pushed
the
aa-eventlog
branch
2 times, most recently
from
dd44679
to
2b2502d
Compare
|
With great help from @arronwy , the whole stream from AA -> AS passed. I will put the AS side PR then. |
Xynnn007
force-pushed
the
aa-eventlog
branch
2 times, most recently
from
048580f
to
0f9f538
Compare
|
Rebased to resolve the conflicts. Does this PR now look good? |
|
@Xynnn007 can we merge this one? I would start working on a PR for vTPM runtime measurements based on this |
Signed-off-by: Xynnn007 <[email protected]>
Instead of running heuristics every time we invoke an AA function, the heuristics are invoked initially when the AA instance is created. This has the upside that we can define per-instance configuration that will be applied when AA interacts with the TEE. Signed-off-by: Magnus Kulke <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Related to/Close #495
This PR
extend_runtime_measurementto a one aligned with NELR proposed in AA: Measurement Event Log Format #495This PR is still a draft. TODOs
A specification document to define CoCo event typeslogic to convert NELR to CELRlogic to deliver eventlogs to the verifiersNeeds some comments to ensure we are on the same way.
cc @binxing @mythi
btw @mkulke I am not sure if vTPM crates are ready for extending PCRs now?