CCF/attestation-container
dependabot[bot] 3392bc400e
Bump google.golang.org/grpc from 1.56.1 to 1.56.2 in /attestation-container (#5436)
2023-07-11 09:34:24 +01:00
..
attest Attestation container: Support for reading security context from directory (#5221) 2023-04-26 18:23:28 +01:00
protobuf Update attestation-container document (#5109) 2023-03-15 15:33:39 +00:00
uvm Attestation container: Support for reading security context from directory (#5221) 2023-04-26 18:23:28 +01:00
.dockerignore Attestation container: reduce size of container image (#4955) 2023-02-10 09:50:22 +00:00
.gitignore Use Unix domain socket (#4858) 2023-01-24 16:20:40 +00:00
CMakeLists.txt External executor: use attestation container in end-to-end test (#5082) 2023-03-10 17:55:33 +00:00
Dockerfile External executor: use attestation container in end-to-end test (#5082) 2023-03-10 17:55:33 +00:00
README.md Attestation container: Support for reading security context from directory (#5221) 2023-04-26 18:23:28 +01:00
attestation-container.go Attestation container: Support for reading security context from directory (#5221) 2023-04-26 18:23:28 +01:00
attestation-container_test.go External executor: use attestation container in end-to-end test (#5082) 2023-03-10 17:55:33 +00:00
go.mod Bump google.golang.org/grpc from 1.56.1 to 1.56.2 in /attestation-container (#5436) 2023-07-11 09:34:24 +01:00
go.sum Bump google.golang.org/grpc from 1.56.1 to 1.56.2 in /attestation-container (#5436) 2023-07-11 09:34:24 +01:00

README.md

Attestation Container

This is a gRPC server application to fetch SEV-SNP attestation and its endorsement.

Environment

This application needs to run on SEV-SNP VM.

Dependencies

How to start the app

The following command starts the gRPC server application (must be inside SEV-SNP VM).

# In the same directory as this README.md
go run .

You can use insecure virtual mode to run the application on non SEV-SNP VM. (Not secure. Do not use it in production).

go run . --insecure-virtual

You can find the details of the flag and other flags by running go run . --help.

Build

Since it's a go application, you can build the application before running it.

go build
./attestation-container

API

The gPRC API is defined in attestation-container.proto.

Note that gPRC communication is used over Unix domain sockets (UDS). You can find an example client code in the E2E test.

Test

Unit test:

cd attest
go test # Test for attest package

cd ../uvm
go test # Test for uvm package

E2E test:

# Run the app first
go run .

# In another terminal
go test

Development and maintenance

Update protobuf

When you edit .proto file, you also need to update .pb.go files by:

protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative protobuf/attestation-container.proto

Upgrade dependencies

PRs to upgrade the dependencies are created automatically by Dependabot (The setting is done here).

However, when Dependabot creates multiple PRs at the same time, go.mod file can be corrupted. In that case, you still need to fix go.mod using go command manually.

go get -u
go mod tidy