fixup! cli: use manifest reference values for attestation

cli/cmd/verify.go

@@ -17,9 +17,6 @@ import (
 	"github.com/edgelesssys/contrast/internal/grpc/dialer"
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/internal/userapi"
-	"github.com/google/go-sev-guest/abi"
-	"github.com/google/go-sev-guest/kds"
-	"github.com/google/go-sev-guest/validate"
 	"github.com/spf13/cobra"
 )
 
@@ -164,38 +161,13 @@ func parseVerifyFlags(cmd *cobra.Command) (*verifyFlags, error) {
 }
 
 func newCoordinatorValidateOptsGen(mnfst manifest.Manifest, hostData []byte) (*snp.StaticValidateOptsGenerator, error) {
-	trustedMeasurement, err := mnfst.ReferenceValues.TrustedMeasurement.Bytes()
+	validateOpts, err := mnfst.SNPValidateOpts()
 	if err != nil {
-		return nil, fmt.Errorf("failed to convert TrustedMeasurement from manifest to byte slices: %w", err)
-	}
-	if trustedMeasurement == nil {
-		// This is required to prevent an empty measurement in the manifest from disabling the measurement check.
-		trustedMeasurement = make([]byte, 48)
+		return nil, err
 	}
-
+	validateOpts.HostData = hostData
 	return &snp.StaticValidateOptsGenerator{
-		Opts: &validate.Options{
-			HostData:    hostData,
-			Measurement: trustedMeasurement,
-			GuestPolicy: abi.SnpPolicy{
-				Debug: false,
-				SMT:   true,
-			},
-			VMPL: new(int), // VMPL0
-			MinimumTCB: kds.TCBParts{
-				BlSpl:    mnfst.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
-				TeeSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
-				SnpSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
-				UcodeSpl: mnfst.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
-			},
-			MinimumLaunchTCB: kds.TCBParts{
-				BlSpl:    mnfst.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
-				TeeSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
-				SnpSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
-				UcodeSpl: mnfst.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
-			},
-			PermitProvisionalFirmware: true,
-		},
+		Opts: validateOpts,
 	}, nil
 }
 

coordinator/internal/authority/authority.go

@@ -26,8 +26,6 @@ import (
 	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/internal/recoveryapi"
 	"github.com/edgelesssys/contrast/internal/userapi"
-	"github.com/google/go-sev-guest/abi"
-	"github.com/google/go-sev-guest/kds"
 	"github.com/google/go-sev-guest/proto/sevsnp"
 	"github.com/google/go-sev-guest/validate"
 	"github.com/prometheus/client_golang/prometheus"
@@ -101,36 +99,7 @@ func (m *Authority) SNPValidateOpts(report *sevsnp.Report) (*validate.Options, e
 		return nil, fmt.Errorf("hostdata %s not found in manifest", hostData)
 	}
 
-	trustedMeasurement, err := mnfst.ReferenceValues.TrustedMeasurement.Bytes()
-	if err != nil {
-		return nil, fmt.Errorf("failed to convert TrustedMeasurement from manifest to byte slices: %w", err)
-	}
-	if trustedMeasurement == nil {
-		// This is required to prevent an empty measurement in the manifest from disabling the measurement check.
-		trustedMeasurement = make([]byte, 48)
-	}
-
-	return &validate.Options{
-		Measurement: trustedMeasurement,
-		GuestPolicy: abi.SnpPolicy{
-			Debug: false,
-			SMT:   true,
-		},
-		VMPL: new(int), // VMPL0
-		MinimumTCB: kds.TCBParts{
-			BlSpl:    mnfst.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
-			TeeSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
-			SnpSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
-			UcodeSpl: mnfst.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
-		},
-		MinimumLaunchTCB: kds.TCBParts{
-			BlSpl:    mnfst.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
-			TeeSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
-			SnpSpl:   mnfst.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
-			UcodeSpl: mnfst.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
-		},
-		PermitProvisionalFirmware: true,
-	}, nil
+	return mnfst.SNPValidateOpts()
 }
 
 // ValidateCallback creates a certificate bundle for the verified client.

internal/manifest/manifest.go

@@ -10,6 +10,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"strconv"
+
+	"github.com/google/go-sev-guest/abi"
+	"github.com/google/go-sev-guest/kds"
+	"github.com/google/go-sev-guest/validate"
 )
 
 // Manifest is the Coordinator manifest and contains the reference values of the deployment.
@@ -120,3 +124,38 @@ func (p Policy) Hash() HexString {
 	hashBytes := sha256.Sum256(p)
 	return NewHexString(hashBytes[:])
 }
+
+// SNPValidateOpts returns validate options populated with the manifest's
+// SNP reference values and trusted measurement.
+func (m *Manifest) SNPValidateOpts() (*validate.Options, error) {
+	trustedMeasurement, err := m.ReferenceValues.TrustedMeasurement.Bytes()
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert TrustedMeasurement from manifest to byte slices: %w", err)
+	}
+	if trustedMeasurement == nil {
+		// This is required to prevent an empty measurement in the manifest from disabling the measurement check.
+		trustedMeasurement = make([]byte, 48)
+	}
+
+	return &validate.Options{
+		Measurement: trustedMeasurement,
+		GuestPolicy: abi.SnpPolicy{
+			Debug: false,
+			SMT:   true,
+		},
+		VMPL: new(int), // VMPL0
+		MinimumTCB: kds.TCBParts{
+			BlSpl:    m.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
+			TeeSpl:   m.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
+			SnpSpl:   m.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
+			UcodeSpl: m.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
+		},
+		MinimumLaunchTCB: kds.TCBParts{
+			BlSpl:    m.ReferenceValues.SNP.MinimumTCB.BootloaderVersion.UInt8(),
+			TeeSpl:   m.ReferenceValues.SNP.MinimumTCB.TEEVersion.UInt8(),
+			SnpSpl:   m.ReferenceValues.SNP.MinimumTCB.SNPVersion.UInt8(),
+			UcodeSpl: m.ReferenceValues.SNP.MinimumTCB.MicrocodeVersion.UInt8(),
+		},
+		PermitProvisionalFirmware: true,
+	}, nil
+}