Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: allow users to use a custom nonce for SGX quote verification using --nonce flag #644

Merged
merged 6 commits into from
May 6, 2024
Merged

cli: allow users to use a custom nonce for SGX quote verification using --nonce flag #644

merged 6 commits into from
May 6, 2024

Conversation

daniel-weisse
Copy link
Member

Proposed changes

  • Add a new flag to the CLI: --nonce

    • Takes a string as argument which, if set, is used by the Coordinator to generate to generate an SGX quote
      • If not set the Coordinator creates a quote over sha256(rootCert) (default and current behvaior)
      • If set the Coordinator creates a quote over sha256(rootCert+nonce)
      • The Coordinator uses the literal byte value of the (ASCII) string nonce. In the future we may add options to supply a a nonce hex or base64 encoded to allow for a wider range of nonce values

  • Add a new endpoint to the Coordinators REST API: /api/v2/quote

    • This endpoint behaves the same as /quote, but additionally allows sending a nonce as part of the request query:

      https://<host>:<port>/api/v2/quote?nonce=<base64-url-encoded-nonce>

    • If a nonce is set, the Coordinator will generate a new quote over said nonce instead of using the stored quote generated at start up

  • Fix for the CI generating docs which claimed the default Coordinator cert path as /github/home/.config/marblerun/coordinator-cert.pem

    • The CI now generates docs which use $HOME/.config as a placeholder for the users actual config dir

Additional info

  • AB#4030

@daniel-weisse daniel-weisse requested a review from thomasten May 3, 2024 13:10
@netlify Netlify
Copy link

netlify bot commented May 3, 2024
edited
Loading

Deploy Preview for marblerun-docs canceled.

Name Link
🔨 Latest commit ff3705a
🔍 Latest deploy log https://app.netlify.com/sites/marblerun-docs/deploys/6638bb6655f44f00080e1d7a

thomasten
thomasten reviewed May 5, 2024
View reviewed changes
coordinator/clientapi/clientapi.go Outdated Show resolved Hide resolved
coordinator/clientapi/clientapi_test.go Outdated Show resolved Hide resolved
coordinator/core/core.go Outdated Show resolved Hide resolved
coordinator/core/core.go Show resolved Hide resolved
internal/attestation/attestation.go Outdated Show resolved Hide resolved
@daniel-weisse daniel-weisse merged commit 5dd144b into master May 6, 2024
9 of 10 checks passed
@daniel-weisse daniel-weisse deleted the feat/cli/nonce branch May 6, 2024 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasten thomasten thomasten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daniel-weisse @thomasten