feat: add PCR measurement and attestation infrastructure

Add PCR measurement extraction script, update initdata gzipper
and default toml template for attestation, and configure trustee
and secret template values for PCR stash support.

Co-authored-by: Beraldo Leal <bleal@redhat.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: 3 people

ansible/init-data-gzipper.yaml

@@ -1,4 +1,4 @@
-- name: Gzip initdata
+- name: Gzip initdata and register init data
   become: false
   connection: local
   hosts: localhost
@@ -7,6 +7,7 @@
     kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
     cluster_platform: "{{ global.clusterPlatform | default('none') | lower }}"
     hub_domain: "{{ global.hubClusterDomain | default('none')  | lower}}"
+    security_policy_flavour: "{{ global.coco.securityPolicyFlavour | default('insecure') }}"
     template_src: "initdata-default.toml.tpl"
   tasks:
     - name: Create temporary working directory
@@ -36,7 +37,6 @@
     - name: Define temp file paths
       ansible.builtin.set_fact:
         rendered_path: "{{ tmpdir.path }}/rendered.toml"
-        gz_path: "{{ tmpdir.path }}/rendered.toml.gz"
 
     - name: Render template to temp file
       ansible.builtin.template:
@@ -45,15 +45,33 @@
         mode: "0600"
 
 
-    - name: Gzip the rendered content
+    - name: Gzip and base64 encode the rendered content
       ansible.builtin.shell: |
-        gzip -c "{{ rendered_path }}" > "{{ gz_path }}"
-      changed_when: true
+        set -o pipefail
+        cat "{{ rendered_path }}" | gzip | base64 -w0
+      register: initdata_encoded
+      changed_when: false
+
+    # This block runs a shell script that calculates a hash value (PCR8_HASH) derived from the contents of 'initdata.toml'.
+    # The script performs the following steps:
+    # 1. hash=$(sha256sum initdata.toml | cut -d' ' -f1): Computes the sha256 hash of 'initdata.toml' and assigns it to $hash.
+    # 2. initial_pcr=0000000000000000000000000000000000000000000000000000000000000000: Initializes a string of zeros as the initial PCR value.
+    # 3. PCR8_HASH=$(echo -n "$initial_pcr$hash" | xxd -r -p | sha256sum | cut -d' ' -f1):
+    #    Concatenates initial_pcr and $hash, converts from hex to binary,
+    #    computes its sha256 hash, and stores the result as PCR8_HASH.
+    # 4. echo $PCR8_HASH: Outputs the PCR hash value.
+    # The important part: The 'register: pcr8_hash' registers the **stdout of the command**,
+    #    which is the value output by 'echo $PCR8_HASH', as 'pcr8_hash.stdout' in Ansible.
+    # It does NOT register an environment variable, but rather the value actually printed by 'echo'.
+    - name: Register init data pcr into a var
+      ansible.builtin.shell: |
+        set -o pipefail
+        hash=$(sha256sum "{{ rendered_path }}" | cut -d' ' -f1)
+        initial_pcr=0000000000000000000000000000000000000000000000000000000000000000
+        PCR8_HASH=$(echo -n "$initial_pcr$hash" | xxd -r -p | sha256sum | cut -d' ' -f1) && echo $PCR8_HASH
+      register: pcr8_hash
+      changed_when: false
 
-    - name: Read gzip as base64
-      ansible.builtin.slurp:
-        path: "{{ gz_path }}"
-      register: gz_slurped
 
     - name: Create/update ConfigMap with gzipped+base64 content
       kubernetes.core.k8s:
@@ -66,4 +84,5 @@
             name: "initdata"
             namespace: "imperative"
           data:
-            INITDATA: "{{ gz_slurped.content }}"
+            INITDATA: "{{ initdata_encoded.stdout }}"
+            PCR8_HASH: "{{ pcr8_hash.stdout }}"

ansible/initdata-default.toml.tpl

@@ -1,4 +1,4 @@
-algorithm = "sha384"
+algorithm = "sha256"
 version = "0.1.0"
 
 [data]
@@ -9,9 +9,7 @@ url = "https://kbs.{{ hub_domain }}"
 
 [token_configs.kbs]
 url = "https://kbs.{{ hub_domain }}"
-cert = """
-{{ trustee_cert }}
-"""
+cert = """{{ trustee_cert }}"""
 '''
 
 "cdh.toml"  = '''
@@ -21,22 +19,27 @@ credentials = []
 [kbc]
 name = "cc_kbc"
 url = "https://kbs.{{ hub_domain }}"
-kbs_cert = """ 
-{{ trustee_cert }}
-"""
+kbs_cert = """{{ trustee_cert }}"""
+
+
+[image]
+image_security_policy_uri = 'kbs:///default/security-policy/{{ security_policy_flavour }}'
 '''
 
 "policy.rego" = '''
 package agent_policy
 
+import future.keywords.in
+import future.keywords.if
+import future.keywords.every
+
 default AddARPNeighborsRequest := true
 default AddSwapRequest := true
 default CloseStdinRequest := true
 default CopyFileRequest := true
 default CreateContainerRequest := true
 default CreateSandboxRequest := true
 default DestroySandboxRequest := true
-default ExecProcessRequest := false
 default GetMetricsRequest := true
 default GetOOMEventRequest := true
 default GuestDetailsRequest := true
@@ -52,7 +55,6 @@ default RemoveStaleVirtiofsShareMountsRequest := true
 default ReseedRandomDevRequest := true
 default ResumeContainerRequest := true
 default SetGuestDateTimeRequest := true
-default SetPolicyRequest := true
 default SignalProcessRequest := true
 default StartContainerRequest := true
 default StartTracingRequest := true
@@ -64,5 +66,20 @@ default UpdateEphemeralMountsRequest := true
 default UpdateInterfaceRequest := true
 default UpdateRoutesRequest := true
 default WaitProcessRequest := true
-default WriteStreamRequest := true
-'''
+default ExecProcessRequest := false
+default SetPolicyRequest := true 
+default WriteStreamRequest := false
+
+ExecProcessRequest if {
+    input_command = concat(" ", input.process.Args)
+    some allowed_command in policy_data.allowed_commands
+    input_command == allowed_command
+}
+
+policy_data := {
+  "allowed_commands": [
+        "curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/status",
+        "curl http://127.0.0.1:8006/cdh/resource/default/attestation-status/random"
+  ]
+}
+'''

overrides/values-trustee.yaml

@@ -6,4 +6,9 @@ kbs:
     - name: "kbsres1" # name is the name of the k8s secret that will be presented to trustee and accessible via the CDH
       key: "secret/data/hub/kbsres1" # this is the path to the secret in vault. 
     - name: "passphrase"
-      key: "secret/data/hub/passphrase"
+      key: "secret/data/hub/passphrase"
+# Override the default values for the coco pattern this is because when testing against a branch strange stuff happens
+# FIXME: Don't commit this to main
+global:
+  coco:
+    secured: true # true or false. If true, the cluster will be secured. If false, the cluster will be insecure.

scripts/get-pcr.sh

@@ -0,0 +1,122 @@
+#!/usr/bin/env bash
+set -e
+
+# Script to retrieve the sandboxed container operator CSV for the current clusterGroup
+# using the pull secret for authentication if needed.
+
+# 1. Locate pull secret
+PULL_SECRET_PATH="${HOME}/pull-secret.json"
+if [ ! -f "$PULL_SECRET_PATH" ]; then
+    if [ -n "${PULL_SECRET}" ]; then
+        PULL_SECRET_PATH="${PULL_SECRET}"
+        if [ ! -f "$PULL_SECRET_PATH" ]; then
+            echo "ERROR: Pull secret file not found at path specified in PULL_SECRET: $PULL_SECRET_PATH"
+            exit 1
+        fi
+    else
+        echo "ERROR: Pull secret not found at ~/pull-secret.json"
+        echo "Please either place your pull secret at ~/pull-secret.json or set the PULL_SECRET environment variable"
+        exit 1
+    fi
+fi
+
+echo "Using pull secret: $PULL_SECRET_PATH"
+
+# 2. Check for required tools
+if ! command -v yq &> /dev/null; then
+    echo "ERROR: yq is required but not installed"
+    echo "Please install yq: https://github.com/mikefarah/yq#install"
+    exit 1
+fi
+
+if ! command -v skopeo &> /dev/null; then
+    echo "ERROR: skopeo is required but not installed"
+    echo "Please install skopeo: https://github.com/containers/skopeo/blob/main/install.md"
+    exit 1
+fi
+
+if ! command -v podman &> /dev/null; then
+    echo "ERROR: podman is required but not installed"
+    echo "Please install podman: https://podman.io/docs/installation"
+    exit 1
+fi
+
+# 3. Check values-global.yaml exists
+if [ ! -f "values-global.yaml" ]; then
+    echo "ERROR: values-global.yaml not found in current directory"
+    echo "Please run this script from the root directory of the project"
+    exit 1
+fi
+
+# 4. Get the active clusterGroupName from values-global.yaml
+CLUSTER_GROUP_NAME=$(yq eval '.main.clusterGroupName' values-global.yaml)
+
+if [ -z "$CLUSTER_GROUP_NAME" ] || [ "$CLUSTER_GROUP_NAME" == "null" ]; then
+    echo "ERROR: Could not determine clusterGroupName from values-global.yaml"
+    echo "Expected: main.clusterGroupName to be set"
+    exit 1
+fi
+
+echo "Active clusterGroup: $CLUSTER_GROUP_NAME"
+
+# 5. Locate the values file for the active clusterGroup
+VALUES_FILE="values-${CLUSTER_GROUP_NAME}.yaml"
+
+if [ ! -f "$VALUES_FILE" ]; then
+    echo "ERROR: Values file for clusterGroup not found: $VALUES_FILE"
+    exit 1
+fi
+
+# 6. Get the sandboxed container operator CSV from the clusterGroup values
+SANDBOX_CSV=$(yq eval '.clusterGroup.subscriptions.sandbox.csv' "$VALUES_FILE")
+
+if [ -z "$SANDBOX_CSV" ] || [ "$SANDBOX_CSV" == "null" ]; then
+    echo "WARNING: No sandboxed container operator CSV found in $VALUES_FILE"
+    echo "The subscription clusterGroup.subscriptions.sandbox.csv is not defined"
+    exit 0
+fi
+
+# Extract version from CSV (e.g., "sandboxed-containers-operator.v1.11.0" -> "1.11.0")
+# Remove everything up to and including ".v"
+SANDBOX_VERSION="${SANDBOX_CSV##*.v}"
+
+echo "Sandboxed container operator CSV: $SANDBOX_CSV"
+echo "Version: $SANDBOX_VERSION"
+# alternatively, use the operator-version tag.
+# OSC_VERSION=1.11.1
+VERITY_IMAGE=registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image
+
+TAG=$(skopeo inspect --authfile $PULL_SECRET_PATH docker://${VERITY_IMAGE}:${SANDBOX_VERSION} | jq -r .Digest)
+
+IMAGE=${VERITY_IMAGE}@${TAG}
+
+echo "IMAGE: $IMAGE"
+
+curl -L https://tuf-default.apps.rosa.rekor-prod.2jng.p3.openshiftapps.com/targets/rekor.pub -o rekor.pub
+curl -L https://security.access.redhat.com/data/63405576.txt -o cosign-pub-key.pem
+# export REGISTRY_AUTH_FILE=${PULL_SECRET_PATH}
+# echo "REGISTRY_AUTH_FILE: $REGISTRY_AUTH_FILE"
+# export SIGSTORE_REKOR_PUBLIC_KEY=${PWD}/rekor.pub
+# echo "SIGSTORE_REKOR_PUBLIC_KEY: $SIGSTORE_REKOR_PUBLIC_KEY"
+# cosign verify --key cosign-pub-key.pem --output json  --rekor-url=https://rekor-server-default.apps.rosa.rekor-prod.2jng.p3.openshiftapps.com $IMAGE > cosign_verify.log
+
+
+# Ensure output directory exists
+mkdir -p ~/.coco-pattern
+
+# Clean up any existing measurement files
+rm -f ~/.coco-pattern/measurements-raw.json ~/.coco-pattern/measurements.json
+
+# Download the measurements using podman cp (works on macOS with remote podman)
+podman pull --authfile $PULL_SECRET_PATH $IMAGE
+
+cid=$(podman create --entrypoint /bin/true $IMAGE)
+echo "CID: ${cid}"
+podman cp $cid:/image/measurements.json ~/.coco-pattern/measurements-raw.json
+podman rm $cid
+
+# Trim leading "0x" from all measurement values
+jq 'walk(if type == "string" and startswith("0x") then .[2:] else . end)' \
+    ~/.coco-pattern/measurements-raw.json > ~/.coco-pattern/measurements.json
+
+echo "Measurements saved to ~/.coco-pattern/measurements.json (0x prefixes removed)"