Skip to content

Refactor 703 #728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
kvinwang wants to merge 44 commits into
base: master
Choose a base branch
from
Draft

Refactor 703 #728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
77aa2c2
feat: add amd sev-snp attestation support
May 26, 2026
87c78d7
fix: harden sev-snp report data binding
May 26, 2026
0701e63
fix: address sev-snp draft review findings
May 26, 2026
ce4aa6d
feat: add sev-snp verifier core
May 26, 2026
c0b442b
fix: normalize sev-snp cert collateral
May 26, 2026
1adfa2b
fix: add fail-closed sev-snp measurement binding
May 26, 2026
0e9f586
fix: recompute sev-snp launch measurement
May 26, 2026
5755441
fix: add sev-snp boot info helper
May 26, 2026
4b31c97
test: add sev-snp measurement golden vector
May 26, 2026
7dda8ff
fix: add sev-snp auth policy helper
May 26, 2026
6c2d817
fix: bind sev-snp app id into measurement
May 29, 2026
be054d8
fix: connect sev-snp verified attestation to boot info
May 29, 2026
ace8753
fix: parse sev-snp measurement inputs from vm config
May 29, 2026
2b73095
fix: route kms snp attestation through dry-run auth
May 29, 2026
922afd7
fix: report sev-snp onboarding attestation info
May 29, 2026
5b36b4c
fix: use sev-snp boot info for kms self auth
May 29, 2026
a8f0e88
fix: make auth-simple tcb policy explicit
May 29, 2026
058fd29
fix: block sev-snp temp ca release
Jun 1, 2026
73d857b
fix: derive sev-snp tcb policy from report
Jun 1, 2026
52d3fac
chore: satisfy sev-snp workspace clippy
Jun 1, 2026
0077ec9
docs: add sev-snp review readiness note
Jun 2, 2026
3792eb1
feat: enable guarded sev-snp key release
Jun 2, 2026
027077b
fix: bind sev-snp vm launch inputs
Jun 3, 2026
cfe476b
fix: complete sev-snp key release smoke path
Jun 3, 2026
40396b7
fix: satisfy ci lint checks
Jun 3, 2026
5cb4566
fix: satisfy prek shellcheck
Jun 3, 2026
409c4c5
test: add sev-snp e2e smoke script
Jun 3, 2026
2aa70e8
test: harden sev-snp smoke script
Jun 4, 2026
fc22673
docs: document sev-snp smoke host matrix
Jun 4, 2026
0303256
docs: clarify sev-snp smoke image requirements
Jun 4, 2026
1850e37
docs: clarify sev-snp fresh-box smoke
Jun 4, 2026
2e88b58
docs: record sev-snp smoke gate boundary
Jun 4, 2026
ac5fbf5
fix: complete sev-snp smoke proxy path
Jun 5, 2026
1660d98
docs: clarify sev-snp proxy smoke state
Jun 5, 2026
e00bdd4
Remove fallback DNS override in prepare script
kvinwang Jun 15, 2026
91267dc
Remove AMD KDS proxy from CVM boot path
kvinwang Jun 15, 2026
57d0f02
Keep SEV-SNP attestation variants last
kvinwang Jun 15, 2026
93d07ea
Use imported AMD SNP report type
kvinwang Jun 15, 2026
6361168
Split SEV-SNP attestation crates
kvinwang Jun 15, 2026
8bbade4
Bind SNP app config via HOST_DATA
kvinwang Jun 15, 2026
3f71e7d
Select SEV-SNP KDS product from report
kvinwang Jun 16, 2026
c5d4910
Use self-contained SNP measurement input
kvinwang Jun 16, 2026
48fa211
Detect SEV-SNP C-bit position from CPUID
kvinwang Jun 16, 2026
02865d0
Detect SEV-SNP launch params from QEMU
kvinwang Jun 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
172 changes: 168 additions & 4 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,12 @@ members = [
"ra-tls",
"tdx-attest",
"tpm-attest",
"sev-snp-attest",
"nsm-attest",
"tpm2",
"tpm-types",
"tpm-qvl",
"sev-snp-qvl",
"nsm-qvl",
"dstack-attest",
"dstack-util",
Expand Down Expand Up @@ -78,11 +80,13 @@ supervisor = { path = "supervisor" }
supervisor-client = { path = "supervisor/client" }
tdx-attest = { path = "tdx-attest" }
tpm-attest = { path = "tpm-attest" }
sev-snp-attest = { path = "sev-snp-attest" }
nsm-attest = { path = "nsm-attest" }
tpm2 = { path = "tpm2" }
tpm-types = { path = "tpm-types" }
dstack-attest = { path = "dstack-attest" }
tpm-qvl = { path = "tpm-qvl" }
sev-snp-qvl = { path = "sev-snp-qvl" }
nsm-qvl = { path = "nsm-qvl" }
certbot = { path = "certbot" }
rocket-vsock-listener = { path = "rocket-vsock-listener" }
Expand Down Expand Up @@ -135,11 +139,13 @@ hex_fmt = "0.3.0"
hex-literal = "1.0.0"
prost = "0.13.5"
prost-types = "0.13.5"
sev = { version = "=6.0.0", default-features = false, features = ["snp", "crypto_nossl"] }
scale = { version = "3.7.4", package = "parity-scale-codec", features = [
"derive",
] }
serde = { version = "1.0.228", features = ["derive"], default-features = false }
serde-human-bytes = "0.1.2"
serde_jcs = "0.2.0"
rmp-serde = "1.3.1"
serde_json = { version = "1.0.140", default-features = false }
serde_ini = "0.2.0"
Expand Down
Loading
Loading