Verifier evaluate fails due to trailing characters

[c3d]

Reported by @uril following the quickstart guide on Azure, he got a message

Attestation failed: Verifier evaluate failed: json parse error\n\nCaused by:\n	trailing characters at line 1 column 420"

Here are the steps he reported doing:

• Started a confidential Ubuntu VM on Azure and tested with it - using a container.
• Created a container image based on CoCo existing image but built with openssl and added kbs-client (quay.io/uril/coco-kbs-pubkey – currently private)
• When attesting, the kbs-client program must be run as root, as it needs access to /dev/tpm0.
• Tested it - similar to what I did on my laptop (following kbs/quickstart.md), but without the environment-variable (AA_SAMPLE_ATTESTER_TEST=yes) so it’s actually doing attestation.
• Attestation protocol is running but fails for me with an error message:

Attestation failed: Verifier evaluate failed: json parse error\n\nCaused by:\n	trailing characters at line 1 column 420"

I did not find an issue with a similar report. The parsing seems to be done by public_key_from_pem, which is code expanded from an openssl crate. So it looks like there is a bit of fussiness of this parser when there is extra trailing characters.

[mkulke]

Indeed, thanks for reporting. That was a problem in the verifier. The Azure CVM platform has been slowly rolled out a change that we didn't account for. It has been fixed in confidential-containers/attestation-service#145

[mkulke]

@c3d Hello Christophe, can you confirm the issue is fixed for you?

[fitzthum]

I think this is fixed now. If not, please reopen.