Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initdata: update doc for digest usage #1991

Merged
merged 2 commits into from
Aug 13, 2024
Merged

initdata: update doc for digest usage #1991

merged 2 commits into from
Aug 13, 2024

Conversation

huoqifeng
Copy link

@huoqifeng huoqifeng commented Aug 9, 2024
edited
Loading

Add digest usage example in ibmse

initdata: update doc for digest usage
07d46fa 
Add digest usage example in ibmse

Signed-off-by: Qi Feng Huo <[email protected]>
@huoqifeng huoqifeng changed the title initdata: update doc for digest usae initdata: update doc for digest usage Aug 9, 2024
liudalibj
liudalibj reviewed Aug 9, 2024
View reviewed changes
src/cloud-api-adaptor/docs/initdata.md Outdated
}
```

`se.user_data` is the HEX of the initdata digest string `52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we give an example script on how to to convert 52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef to "353261663331373864643761643462663535316536323962383462343562666431666265313433346239383031323032363731383161653335373565613230636139303133623865616466333164323765656437666632353532643530306566"

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that's also not obvious to me. I thought initdata.digest hex was already a text representation? if not should we maybe write initdata.digest as raw bytes, so we avoid the double to_hex(to_hex(initdata_digest)) wrapping?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's more reasonable to use the hash directly, I created a PR confidential-containers/trustee#462 in trustee to revise it.

@huoqifeng huoqifeng mentioned this pull request Aug 12, 2024
Merged
initdata: use digest hash directly
fc94e5c 
Use initdata.digest directly rather than HEX in attestation policy

Signed-off-by: Qi Feng Huo <[email protected]>
liudalibj
liudalibj approved these changes Aug 12, 2024
View reviewed changes
Copy link
Member

@liudalibj liudalibj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@huoqifeng huoqifeng merged commit 7b7f7df into confidential-containers:main Aug 13, 2024
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt left review comments

@liudalibj liudalibj liudalibj approved these changes

@mkulke mkulke mkulke approved these changes

@stevenhorsman stevenhorsman Awaiting requested review from stevenhorsman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@huoqifeng @mkulke @bpradipt @liudalibj