From 17c99483fdcd9d564427efa7b45ffcc4deb42105 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Sat, 28 Jun 2025 11:37:00 +0900 Subject: [PATCH] feat: add example attestation policies Signed-off-by: Chris Butler --- attestation-notes.md | 3 + .../trustee/templates/attestation-policy.yaml | 85 +++++++ charts/hub/trustee/templates/kbs.yaml | 2 +- .../trustee/templates/reference-values.yaml | 238 ++++++++++++++++-- .../trustee/templates/resource-policy.yaml | 9 +- ...olicy-eso.yaml => securitypolicy-eso.yaml} | 0 values-simple.yaml | 2 +- 7 files changed, 320 insertions(+), 19 deletions(-) create mode 100644 attestation-notes.md create mode 100644 charts/hub/trustee/templates/attestation-policy.yaml rename charts/hub/trustee/templates/{securityPolicy-eso.yaml => securitypolicy-eso.yaml} (100%) diff --git a/attestation-notes.md b/attestation-notes.md new file mode 100644 index 00000000..c213fecb --- /dev/null +++ b/attestation-notes.md @@ -0,0 +1,3 @@ + + +# curl http://127.0.0.1:8006/aa/token?token_type=kbs \ No newline at end of file diff --git a/charts/hub/trustee/templates/attestation-policy.yaml b/charts/hub/trustee/templates/attestation-policy.yaml new file mode 100644 index 00000000..e446c896 --- /dev/null +++ b/charts/hub/trustee/templates/attestation-policy.yaml @@ -0,0 +1,85 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: attestation-policy + namespace: trustee-operator-system +data: + default.rego: | + package policy + + import rego.v1 + + # This policy validates multiple TEE platforms + # The policy is meant to capture the TCB requirements + # for confidential containers. + + # This policy is used to generate an EAR Appraisal. + # Specifically it generates an AR4SI result. + # More informatino on AR4SI can be found at + # + + # For the `executables` trust claim, the value 33 stands for + # "Runtime memory includes executables, scripts, files, and/or + # objects which are not recognized." + default executables := 33 + + # For the `hardware` trust claim, the value 97 stands for + # "A Verifier does not recognize an Attester's hardware or + # firmware, but it should be recognized." + default hardware := 97 + + # For the `configuration` trust claim the value 36 stands for + # "Elements of the configuration relevant to security are + # unavailable to the Verifier." + default configuration := 36 + + + ##### Azure vTPM SNP + executables := 3 if { + input.azsnpvtpm.measurement in data.reference.measurement + input.azsnpvtpm.tpm.pcr11 in data.reference.snp_pcr11 + input.azsnpvtpm.tpm.pcr12 in data.reference.snp_pcr12 + } + + hardware := 2 if { + # Check the reported TCB to validate the ASP FW + input.azsnpvtpm.reported_tcb_bootloader in data.reference.tcb_bootloader + input.azsnpvtpm.reported_tcb_microcode in data.reference.tcb_microcode + input.azsnpvtpm.reported_tcb_snp in data.reference.tcb_snp + input.azsnpvtpm.reported_tcb_tee in data.reference.tcb_tee + } + + # For the 'configuration' trust claim 2 stands for + # "The configuration is a known and approved config." + # + # For this, we compare all the configuration fields. + configuration := 2 if { + input.azsnpvtpm.platform_smt_enabled in data.reference.smt_enabled + input.azsnpvtpm.platform_tsme_enabled in data.reference.tsme_enabled + input.azsnpvtpm.policy_abi_major in data.reference.abi_major + input.azsnpvtpm.policy_abi_minor in data.reference.abi_minor + input.azsnpvtpm.policy_single_socket in data.reference.single_socket + input.azsnpvtpm.policy_smt_allowed in data.reference.smt_allowed + } + + ##### Azure vTPM TDX + executables := 3 if { + input.aztdxvtpm.tpm.pcr11 in data.reference.tdx_pcr11 + input.aztdxvtpm.tpm.pcr12 in data.reference.tdx_pcr12 + + } + + hardware := 2 if { + # Check the quote is a TDX quote signed by Intel SGX Quoting Enclave + input.aztdxvtpm.quote.header.tee_type == "81000000" + input.aztdxvtpm.quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607" + + # Check TDX Module version and its hash. Also check OVMF code hash. + input.aztdxvtpm.quote.body.mr_seam in data.reference.mr_seam + input.aztdxvtpm.quote.body.tcb_svn in data.reference.tcb_svn + input.aztdxvtpm.quote.body.mr_td in data.reference.mr_td + } + + configuration := 2 if { + input.aztdxvtpm.quote.body.xfam in data.reference.xfam + } \ No newline at end of file diff --git a/charts/hub/trustee/templates/kbs.yaml b/charts/hub/trustee/templates/kbs.yaml index 661755eb..bc0ea449 100644 --- a/charts/hub/trustee/templates/kbs.yaml +++ b/charts/hub/trustee/templates/kbs.yaml @@ -22,7 +22,7 @@ spec: # certStorePvc: # Override attestation policy (optional) - # kbsAttestationPolicyConfigMapName: attestation-policy + kbsAttestationPolicyConfigMapName: attestation-policy # Inject environment variables (optional) # Enable DEBUG logging in trustee pods diff --git a/charts/hub/trustee/templates/reference-values.yaml b/charts/hub/trustee/templates/reference-values.yaml index c625134a..a67c5fcd 100644 --- a/charts/hub/trustee/templates/reference-values.yaml +++ b/charts/hub/trustee/templates/reference-values.yaml @@ -7,19 +7,225 @@ metadata: namespace: {{ .Values.kbs.deployNS }} data: reference-values.json: | - [ - ] - -# No reference values yet - # [ - # { - # "name": "sample.svn", - # "expired": "2025-01-01T00:00:00Z", - # "hash-value": [ - # { - # "alg": "sha256", - # "value": "1" - # } - # ] - # } - # ] + [ + { + "name": "tdx_pcr11", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "25f988b8b92a8394ee6c2413fe7bde77929ec143151df0a582f52d6c7ccba94c" + } + ] + }, + { + "name": "tdx_pcr12", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "ab45624dae8e56a3b7835ece6d95d764ff675806778a1a716004cdff886f8f30" + } + ] + }, + { + "name": "init_data", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "f754f893653bb36dafbb2b5c12de2a88f1725374ad59df818e84622c7f7bead1" + } + ] + }, + { + "name": "rtmr_1", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } + ] + }, + { + "name": "rtmr_2", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } + ] + }, + { + "name": "mr_seam", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "9790d89a10210ec6968a773cee2ca05b5aa97309f36727a968527be4606fc19e6f73acce350946c9d46a9bf7a63f8430" + } + ] + }, + { + "name": "tcb_svn", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "04010700000000000000000000000000" + } + ] + }, + { + "name": "mr_td", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "a6c9a329848900230bc81678b81d0d64ae88e20be8f73c848da7e2bd025558ef38b5319096e6d78633a3f2a3a804f729" + } + ] + }, + { + "name": "xfam", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "e718060000000000" + } + ] + }, + { + "name": "measurement", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "Cwa8qBJimP2freTTrrpvAZVbEQEyAhPY4fZGgSn9z4qtt0CAGmcS+Otz96qQZ92k" + } + ] + }, + { + "name": "tcb_bootloader", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "4" + } + ] + }, + { + "name": "tcb_microcode", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "219" + } + ] + }, + { + "name": "tcb_snp", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "24" + } + ] + }, + { + "name": "tcb_tee", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "0" + } + ] + }, + { + "name": "smt_enabled", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "1" + } + ] + }, + { + "name": "tsme_enabled", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "0" + } + ] + }, + { + "name": "abi_major", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "0" + } + ] + }, + { + "name": "abi_minor", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "31" + } + ] + }, + { + "name": "single_socket", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "0" + } + ] + }, + { + "name": "smt_allowed", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "1" + } + ] + }, + { + "name": "snp_pcr11", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "25f988b8b92a8394ee6c2413fe7bde77929ec143151df0a582f52d6c7ccba94c" + } + ] + }, + { + "name": "snp_pcr12", + "expiration": "2025-09-09T00:00:00Z", + "hash-value": [ + { + "alg": "sha256", + "value": "ab45624dae8e56a3b7835ece6d95d764ff675806778a1a716004cdff886f8f30" + } + ] + } + ] diff --git a/charts/hub/trustee/templates/resource-policy.yaml b/charts/hub/trustee/templates/resource-policy.yaml index 6cbed1bf..928bf2f2 100644 --- a/charts/hub/trustee/templates/resource-policy.yaml +++ b/charts/hub/trustee/templates/resource-policy.yaml @@ -6,4 +6,11 @@ metadata: data: policy.rego: | package policy - default allow = true \ No newline at end of file + import rego.v1 + default allow = false + allow if { + input["submods"]["cpu"]["ear.status"] != "contraindicated" + input["submods"]["cpu"]["ear.trustworthiness-vector"]["configuration"] == 2 + input["submods"]["cpu"]["ear.trustworthiness-vector"]["hardware"] == 2 + input["submods"]["cpu"]["ear.trustworthiness-vector"]["executables"] == 3 + } diff --git a/charts/hub/trustee/templates/securityPolicy-eso.yaml b/charts/hub/trustee/templates/securitypolicy-eso.yaml similarity index 100% rename from charts/hub/trustee/templates/securityPolicy-eso.yaml rename to charts/hub/trustee/templates/securitypolicy-eso.yaml diff --git a/values-simple.yaml b/values-simple.yaml index f25bc61f..86a54035 100644 --- a/values-simple.yaml +++ b/values-simple.yaml @@ -95,7 +95,7 @@ clusterGroup: # Default to 'safe' for ARO overrides: - name: letsencrypt.enabled - value: false + value: true hello-openshift: name: hello-openshift namespace: hello-openshift