Merge branch 'main' into update-superlinter-v8

Author: butler54

Chart.yaml

@@ -7,4 +7,4 @@ keywords:
 - confidential-containers
 name: trustee
 # DO NOT EDIT VERSION HERE, IT IS AUTO-GENERATED BY SEMANTIC-RELEASE
-version: 0.2.1
+version: 0.3.4

README.md

@@ -1,6 +1,6 @@
 # trustee
 
-![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square)
+![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square)
 
 A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
 
@@ -31,8 +31,10 @@ In order to use this chart, you will need to:
 | global.coco.securityPolicy | string | `"secret/data/hub/securityPolicyConfig"` |  |
 | global.coco.securityPolicyFlavour | string | `"insecure"` |  |
 | global.secretStore.backend | string | `""` |  |
+| kbs.admin.format | string | `"v1.0"` |  |
 | kbs.cosignKeys | string | `"secret/data/hub/coSignKeys"` |  |
 | kbs.extraSecrets | list | `[]` |  |
+| kbs.gpu.enabled | bool | `false` |  |
 | kbs.publicKey | string | `"secret/data/hub/kbsPublicKey"` |  |
 | kbs.secretResources[0].key | string | `"secret/data/hub/kbsres1"` |  |
 | kbs.secretResources[0].name | string | `"kbsres1"` |  |

templates/attestation-policy.yaml

@@ -14,66 +14,117 @@ data:
     default hardware := 97
     default configuration := 36
 
-    ## miminimal but reliable attestation policy
-    ## hardware and firmware changes. This is not in our control. It's up to the user to update acceptable measurements
-    ## In conjuction with verification with the service provider.
-    ## currently setup for azure vTPM
-
+    trust_claims := {
+      "executables": executables,
+      "hardware": hardware,
+      "configuration": configuration,
+    }
 
     ##### Azure vTPM SNP
     executables := 3 if {
-      # input.azsnpvtpm.measurement in data.reference.measurement
-      input.azsnpvtpm.tpm.pcr03 in data.reference.snp_pcr03
-      input.azsnpvtpm.tpm.pcr08 in data.reference.snp_pcr08
-      input.azsnpvtpm.tpm.pcr09 in data.reference.snp_pcr09
-      input.azsnpvtpm.tpm.pcr11 in data.reference.snp_pcr11
-      input.azsnpvtpm.tpm.pcr12 in data.reference.snp_pcr12
+      input["az-snp-vtpm"].tpm.pcr03 in query_reference_value("snp_pcr03")
+      input["az-snp-vtpm"].tpm.pcr08 in query_reference_value("snp_pcr08")
+      input["az-snp-vtpm"].tpm.pcr09 in query_reference_value("snp_pcr09")
+      input["az-snp-vtpm"].tpm.pcr11 in query_reference_value("snp_pcr11")
+      input["az-snp-vtpm"].tpm.pcr12 in query_reference_value("snp_pcr12")
     }
 
     hardware := 2 if {
-      # Check the reported TCB to validate the ASP FW
-      # input.azsnpvtpm.reported_tcb_bootloader in data.reference.tcb_bootloader
-      # input.azsnpvtpm.reported_tcb_microcode in data.reference.tcb_microcode
-      # input.azsnpvtpm.reported_tcb_snp in data.reference.tcb_snp
-      # input.azsnpvtpm.reported_tcb_tee in data.reference.tcb_tee
-      input.azsnpvtpm
-    }
-
-    # For the 'configuration' trust claim 2 stands for
-    # "The configuration is a known and approved config."
-    #
-    # For this, we compare all the configuration fields.
+      input["az-snp-vtpm"]
+    }
+
     configuration := 2 if {
-      # input.azsnpvtpm.platform_smt_enabled in data.reference.smt_enabled
-      # input.azsnpvtpm.platform_tsme_enabled in data.reference.tsme_enabled
-      # input.azsnpvtpm.policy_abi_major in data.reference.abi_major
-      # input.azsnpvtpm.policy_abi_minor in data.reference.abi_minor
-      # input.azsnpvtpm.policy_single_socket in data.reference.single_socket
-      # input.azsnpvtpm.policy_smt_allowed in data.reference.smt_allowed
-      input.azsnpvtpm
+      input["az-snp-vtpm"]
     }
 
     ##### Azure vTPM TDX
     executables := 3 if {
-      input.aztdxvtpm.tpm.pcr03 in data.reference.tdx_pcr03
-      input.aztdxvtpm.tpm.pcr08 in data.reference.tdx_pcr08
-      input.aztdxvtpm.tpm.pcr09 in data.reference.tdx_pcr09
-      input.aztdxvtpm.tpm.pcr11 in data.reference.tdx_pcr11
-      input.aztdxvtpm.tpm.pcr12 in data.reference.tdx_pcr12
+      input["az-tdx-vtpm"].tpm.pcr03 in query_reference_value("tdx_pcr03")
+      input["az-tdx-vtpm"].tpm.pcr08 in query_reference_value("tdx_pcr08")
+      input["az-tdx-vtpm"].tpm.pcr09 in query_reference_value("tdx_pcr09")
+      input["az-tdx-vtpm"].tpm.pcr11 in query_reference_value("tdx_pcr11")
+      input["az-tdx-vtpm"].tpm.pcr12 in query_reference_value("tdx_pcr12")
     }
 
     hardware := 2 if {
-      # Check the quote is a TDX quote signed by Intel SGX Quoting Enclave
-      input.aztdxvtpm.quote.header.tee_type == "81000000"
-      input.aztdxvtpm.quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607"
+      input["az-tdx-vtpm"].quote.header.tee_type == "81000000"
+      input["az-tdx-vtpm"].quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607"
+    }
 
-      # Check TDX Module version and its hash. Also check OVMF code hash.
-      # input.aztdxvtpm.quote.body.mr_seam in data.reference.mr_seam
-      # input.aztdxvtpm.quote.body.tcb_svn in data.reference.tcb_svn
-      # input.aztdxvtpm.quote.body.mr_td in data.reference.mr_td
+    configuration := 2 if {
+      input["az-tdx-vtpm"]
+    }
+
+    ##### Baremetal TDX
+    executables := 3 if {
+      input["tdx"]
+      input.init_data in query_reference_value("init_data")
+    }
+    hardware := 2 if { input["tdx"] }
+    configuration := 2 if { input["tdx"] }
+
+    ##### Baremetal SNP
+    executables := 3 if {
+      input["snp"]
+      input.init_data in query_reference_value("init_data")
+    }
+    hardware := 2 if { input["snp"] }
+    configuration := 2 if { input["snp"] }
+    {{- if .Values.kbs.gpu.enabled }}
+
+    ##### GPU Attestation (NVIDIA H100/H200) — CPU-class evidence with GPU data
+    hardware := 2 if {
+      input["snp"]
+      input["gpu"]
+    }
+
+    executables := 3 if {
+      input["snp"]
+      input["gpu"]
+      input.init_data in query_reference_value("init_data")
     }
 
     configuration := 2 if {
-      # input.aztdxvtpm.quote.body.xfam in data.reference.xfam
-      input.aztdxvtpm
-    }
+      input["snp"]
+      input["gpu"]
+    }
+    {{- end }}
+{{- if .Values.kbs.gpu.enabled }}
+  default_gpu.rego: |
+    package policy
+
+    import rego.v1
+
+    default hardware := 97
+    default executables := 33
+    default configuration := 36
+
+    trust_claims := {
+      "executables": executables,
+      "hardware": hardware,
+      "configuration": configuration,
+    }
+
+    hardware := 2 if {
+      input.nvidia
+      input.nvidia["x-nvidia-gpu-attestation-report-cert-chain"]["x-nvidia-cert-status"] == "valid"
+      input.nvidia["x-nvidia-gpu-attestation-report-parsed"]
+      input.nvidia["x-nvidia-gpu-attestation-report-signature-verified"]
+      input.nvidia["x-nvidia-gpu-arch-check"]
+    }
+
+    configuration := 2 if {
+      input.nvidia.secboot
+      input.nvidia.dbgstat == "disabled"
+    }
+
+    executables := 3 if {
+      input.nvidia["x-nvidia-gpu-driver-rim-fetched"]
+      input.nvidia["x-nvidia-gpu-driver-rim-schema-validated"]
+      input.nvidia["x-nvidia-gpu-driver-rim-signature-verified"]
+      input.nvidia["x-nvidia-gpu-vbios-rim-fetched"]
+      input.nvidia["x-nvidia-gpu-vbios-rim-schema-validated"]
+      input.nvidia["x-nvidia-gpu-vbios-rim-signature-verified"]
+      input.nvidia.measres == "success"
+    }
+{{- end }}

templates/kbs-config-map.yaml

@@ -9,12 +9,24 @@ data:
   kbs-config.toml: |
     [http_server]
     sockets = ["0.0.0.0:8080"]
+    {{- if .Values.kbs.workerCount }}
+    worker_count = {{ .Values.kbs.workerCount }}
+    {{- end }}
     insecure_http = false
     private_key = "/etc/https-key/tls.key"
     certificate = "/etc/https-cert/tls.crt"
     [admin]
+    {{- if eq (default "v1.0" .Values.kbs.admin.format) "v1.1" }}
+    type = "Simple"
+    insecure_api = false
+
+    [[admin.personas]]
+    id = "admin"
+    public_key_path = "/etc/auth-secret/publicKey"
+    {{- else }}
     insecure_api = false
     auth_public_key = "/etc/auth-secret/publicKey"
+    {{- end }}
 
     [attestation_token]
     insecure_key = false
@@ -43,6 +55,11 @@ data:
     [attestation_service.rvps_config.storage]
     type = "LocalJson"
     file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
+    {{- if .Values.kbs.gpu.enabled }}
+
+    [attestation_service.verifier_config.nvidia_verifier]
+    type = "Remote"
+    {{- end }}
 
     [[plugins]]
     name = "resource"

templates/reference-values.yaml

@@ -7,7 +7,5 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "4"
 data:
-  reference-values.json: |
-    [
-    ]
+  reference-values.json: '[]'
 {{ end }}

templates/resource-policy.yaml

@@ -8,7 +8,17 @@ metadata:
 data:
   policy.rego: |
     package policy
+    import rego.v1
+
     default allow = false
-    allow {
-      input["submods"]["cpu0"]["ear.status"] == "affirming"
+
+    allow if {
+        not any_not_affirming
+        count(input.submods) > 0
+
+    }
+
+    any_not_affirming if {
+        some _, submod in input.submods
+        submod["ear.status"] != "affirming"
     }

templates/rvps-values-policies.yaml

@@ -20,12 +20,30 @@ spec:
         severity: medium
         object-templates-raw: |
           {{`{{- $pcr8Hash := fromConfigMap "imperative" "initdata" "PCR8_HASH" -}}`}}
-          {{`{{- $secretData := (lookup "v1" "Secret" "trustee-operator-system" "pcr-stash").data.json | base64dec | fromJson -}}`}}
+          {{`{{- $debugPcr8Hash := fromConfigMap "imperative" "debug-initdata" "PCR8_HASH" -}}`}}
+          {{`{{- $rawHash := fromConfigMap "imperative" "initdata" "RAW_HASH" -}}`}}
+          {{`{{- $debugRawHash := fromConfigMap "imperative" "debug-initdata" "RAW_HASH" -}}`}}
+          {{`{{- $rawHashPadded := printf "%s00000000000000000000000000000000" $rawHash -}}`}}
+          {{`{{- $debugRawHashPadded := printf "%s00000000000000000000000000000000" $debugRawHash -}}`}}
+          {{`{{- $referenceValues := list (dict "name" "init_data" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr8Hash $debugPcr8Hash $rawHash $debugRawHash $rawHashPadded $debugRawHashPadded)) -}}`}}
+          {{`{{- $pcrStash := (lookup "v1" "Secret" "trustee-operator-system" "pcr-stash") -}}`}}
+          {{`{{- if $pcrStash -}}`}}
+          {{`{{- $secretData := $pcrStash.data.json | base64dec | fromJson -}}`}}
           {{`{{- $pcr03 := $secretData.measurements.sha256.pcr03 -}}`}}
           {{`{{- $pcr09 := $secretData.measurements.sha256.pcr09 -}}`}}
           {{`{{- $pcr11 := $secretData.measurements.sha256.pcr11 -}}`}}
           {{`{{- $pcr12 := $secretData.measurements.sha256.pcr12 -}}`}}
-          {{`{{- $referenceValues := list (dict "name" "snp_pcr03" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr03)) (dict "name" "tdx_pcr03" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr03)) (dict "name" "snp_pcr08" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr8Hash)) (dict "name" "tdx_pcr08" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr8Hash)) (dict "name" "snp_pcr09" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr09)) (dict "name" "tdx_pcr09" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr09)) (dict "name" "snp_pcr11" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr11)) (dict "name" "tdx_pcr11" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr11)) (dict "name" "snp_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) (dict "name" "tdx_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr03" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr03)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr03" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr03)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr08" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr8Hash $debugPcr8Hash)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr08" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr8Hash $debugPcr8Hash)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr09" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr09)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr09" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr09)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr11" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr11)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr11" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr11)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) -}}`}}
+          {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) -}}`}}
+          {{`{{- end -}}`}}
           - complianceType: mustonlyhave
             objectDefinition:
               apiVersion: v1

templates/tdx-config.yaml

@@ -9,6 +9,7 @@ metadata:
 data:
   sgx_default_qcnl.conf: |
     {
-      "collateral_service": "{{ .Values.kbs.tdx.collateralService }}"
+      "collateral_service": "{{ .Values.kbs.tdx.collateralService }}",
+      "use_secure_cert": false
     }
 {{- end }}

values.yaml

@@ -20,6 +20,11 @@ global:
 
 # KBS (Key Broker Service) configuration
 kbs:
+  admin:
+    # Admin config format: "v1.0" for Trustee 1.0 (auth_public_key),
+    # "v1.1" for Trustee 1.1+ (type = "Simple" with [[admin.personas]])
+    format: "v1.0"
+
   # Security policy is an expected secret and is required to be pushed into the KBS
   # presumes security policy flavour is signed
   cosignKeys: secret/data/hub/coSignKeys
@@ -43,6 +48,17 @@ kbs:
   # exist in the trustee-operator-system namespace.
   extraSecrets: []
 
+  # Number of HTTP worker threads for the KBS server.
+  # If unset, the KBS binary defaults to one worker per logical CPU core,
+  # which can cause "too many open files" crashes on high-core-count systems
+  # where the container's nofile ulimit is lower than the worker count.
+  # Set this to a reasonable value (e.g., 4-8) on systems with many cores.
+  # workerCount: 4
+
+  # NVIDIA GPU confidential computing configuration
+  gpu:
+    enabled: false
+
   # Intel TDX (Trust Domain Extensions) configuration
   tdx:
     # Enable TDX attestation support