Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AA | Fix the idempotence of eventlog #807

Merged
merged 1 commit into from
Dec 4, 2024
Merged

AA | Fix the idempotence of eventlog #807

merged 1 commit into from
Dec 4, 2024

Conversation

Xynnn007
Copy link
Member

This patch fixes the idempotence of eventlog. Before this, when AA restarts and eventlog is activated, the originally recorded aael will be truncated and the INIT event will be recorded repeatedly. This patch will check whether there is an existing AAEL when AA is restarted. If so, it will skip creating and recording the INIT event.

At the same time, a synchronization mechanism is used to ensure that RTMR expansion will not occur repeatedly after AA abnormally interrupts execution.

Close #803

@Xynnn007 Xynnn007 requested a review from a team as a code owner November 15, 2024 07:07
@Xynnn007 Xynnn007 changed the title Fix aa eventlog AA | Fix the idempotence of eventlog Nov 15, 2024
mkulke
mkulke reviewed Nov 15, 2024
View reviewed changes
attestation-agent/attester/src/lib.rs Outdated Show resolved Hide resolved
attestation-agent/attester/src/tdx/mod.rs Outdated Show resolved Hide resolved
attestation-agent/attester/src/tdx/mod.rs Outdated Show resolved Hide resolved
api-server-rest/openapi/api.json Outdated Show resolved Hide resolved
@dcmiddle
Copy link
Member

fyi, @mythi @binxing for abnormal logger behavior and implications for how logs and events are managed.

@Xynnn007 Xynnn007 force-pushed the fix-aa-eventlog branch 3 times, most recently from 98e8f2a to 3713a4b Compare November 19, 2024 03:21
@Xynnn007
AA: fix eventlog idempotence
c17cb44 
This patch fixes the idempotence of eventlog. Before this, when AA
restarts and eventlog is activated, the originally recorded aael will be
truncated and the INIT event will be recorded repeatedly. This patch
will check whether there is an existing AAEL when AA is restarted. If
so, it will skip creating and recording the INIT event.

At the same time, a synchronization mechanism is used to ensure that
RTMR expansion will not occur repeatedly after AA abnormally interrupts
execution.

Signed-off-by: Xynnn007 <[email protected]>
@Xynnn007 Xynnn007 merged commit a590b69 into confidential-containers:main Dec 4, 2024
19 checks passed
@Xynnn007 Xynnn007 deleted the fix-aa-eventlog branch December 4, 2024 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkulke mkulke mkulke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AA | Idempotence and robust of AAEL (AA Eventlog)
3 participants
@Xynnn007 @dcmiddle @mkulke