Add and verify endorsement field for text reference value #4973
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
conradgrobler
approved these changes
Apr 3, 2024
k-naliuka
approved these changes
Apr 3, 2024
copybara-service bot
pushed a commit
that referenced
this pull request
Apr 9, 2024
Squashed commit of the following: commit 1b24ec1 Author: Tiziano Santoro <[email protected]> Date: Thu Apr 4 00:50:26 2024 +0100 Update nix deps (#4979) Among other things, this update xz to v. 5.4.6 commit f68df2b Author: Tiziano Santoro <[email protected]> Date: Thu Apr 4 00:46:45 2024 +0100 Align with internal linter (#4978) b/332740854 commit 8bdd773 Author: jblebrun <[email protected]> Date: Wed Apr 3 21:43:20 2024 +0000 Update h2 to resolve vulnerability discovered by deny (#4977) https://rustsec.org/advisories/RUSTSEC-2024-0332 commit 5bc91be Author: jul-sh <[email protected]> Date: Wed Apr 3 16:05:06 2024 -0400 Directly issue kernel provenance for attestation measurements (#4976) * Directly issue kernel provenance attestation measurements Previously the provenance created by the SLSA builder was just for the bzImage. Not the artifact that would be measured in the attestation. With this PR the provenance subjects should include binaries measured in the attestation. Change-Id: I16e3234d0d65e3790319294c416c378cd7611681 * fix typo Change-Id: I3d078256d085ef05171e5997743d7497fc530ad0 commit 2ae6255 Author: Andri Saar <[email protected]> Date: Tue Apr 2 20:55:51 2024 +0000 Do a page state change operation before invoking `PVALIDATE` commit 8452885 Author: conradgrobler <[email protected]> Date: Wed Apr 3 17:54:04 2024 +0100 Ensure CPUID triggered the #VC exception (#4974) We want to make sure that the instruction pointer in a #VC exception really pointed to a CPUID instruction since it is the only #VC exception type we support. commit 4ad534f Author: thmsbinder <[email protected]> Date: Wed Apr 3 18:09:46 2024 +0200 Add and verify endorsement field for text reference value (#4973) The kernel command line reference value now follows the pattern from other reference values: skip, TR endorsement, or direct verification. When using TR endorsements in conjunction with the kernel command line the regex feature needs to be enabled. commit fa50670 Author: Patrick McGrath <[email protected]> Date: Tue Apr 2 10:43:22 2024 -0700 Unary gRPC transport template class (#4970) Implement unary transport class template for future Oak clients that use the unary interface. commit 65f6b46 Author: k-naliuka <[email protected]> Date: Fri Mar 29 00:33:37 2024 +0100 Add go and java options to the TcbVersion proto (#4969) commit cefb3c3 Author: Andri Saar <[email protected]> Date: Thu Mar 28 15:46:31 2024 +0000 Collect, and print out, some `PVALIDATE` stats in stage0 commit 579e92c Author: k-naliuka <[email protected]> Date: Wed Mar 27 20:49:53 2024 +0100 Refactor text reference values matching (#4965) Allow literal string comparison and make regex optional commit 121a6b0 Author: Ivan Petrov <[email protected]> Date: Wed Mar 27 19:13:14 2024 +0000 Sign group keys as part of Key Provisioning (#4961) This PR adds the ability to sign group keys in the attestation evidence as part of Key Provisioning. Ref #4442 commit 2a57cd6 Author: jul-sh <[email protected]> Date: Wed Mar 27 12:10:56 2024 -0400 Revert "Increase the size of the certificate in Stage0 DICE data (#4946)" (#4966) This reverts commit c869644, as it introduced a breaking change that broke imports. commit 57a8f73 Author: Ivan Petrov <[email protected]> Date: Wed Mar 27 15:29:07 2024 +0000 Add GroupEncryptionKeyHandle to C++ Containers SDK (#4964) Ref #4442 commit 863ee00 Author: k-naliuka <[email protected]> Date: Wed Mar 27 14:15:48 2024 +0100 Include regex in Bazel oak_crates_index (#4960) commit 83d881d Author: Tiziano Santoro <[email protected]> Date: Wed Mar 27 09:53:32 2024 +0000 Fix username and host when building kernel (#4963) b/330744888 Change-Id: Iac4a71c2d14238ccaca13c3997f47aa265a789ba
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The kernel command line reference value now follows the pattern from other reference values: skip, TR endorsement, or direct verification. When using TR endorsements in conjunction with the kernel command line the regex feature needs to be enabled.