Skip to content

tdx: allow limiting verification to explicit PIIDs #2048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
burgerdev merged 5 commits into from
Jan 13, 2026
Merged

tdx: allow limiting verification to explicit PIIDs #2048

burgerdev merged 5 commits into from
Jan 13, 2026

Conversation

@burgerdev
Copy link
Member

@burgerdev burgerdev commented Dec 22, 2025
edited
Loading

This PR adds a new field to the TDX reference values, AllowedPIIDs, that allows limiting the platform instance IDs (PIIDs) that are allowed by a manifest. Essentially, this can be used to only allow a specific, enumerated set of machines to participate in a Contrast deployment.

If the list of allowed PIIDs is empty (the default), all TDX machines are allowed, making this change backwards-compatible.

Conceptually, this is closely related to #1952.

@burgerdev burgerdev added the feature Shiny new feature for our users label Dec 22, 2025
@github-actions
Copy link

github-actions bot commented Dec 22, 2025
edited by burgerdev
Loading

Do the documentation changes need to be backported?

Changes to /docs/docs won't be visible until the next release.
If you are fixing something in the docs that should be immediately visible, the changes needs to be made to both /docs/docs and /docs/versioned_docs/version-X.Y, where X.Y is the version of the latest minor release.
This can be done in this same PR.

  • Yes, this should be backported to the current version of the docs.
  • No, the PR only contains docs changes relevant for future versions.

@github-actions
Copy link

github-actions bot commented Dec 22, 2025
edited
Loading

PR Preview Action v1.8.0
Preview removed because the pull request was closed.
2026-01-13 07:30 UTC

@burgerdev burgerdev force-pushed the burgerdev/tdx-machine-id branch from f422c86 to 516be18 Compare December 23, 2025 06:58
@burgerdev burgerdev force-pushed the burgerdev/tdx-machine-id branch from 516be18 to 1df7b83 Compare December 23, 2025 07:00
katexochen
katexochen reviewed Dec 23, 2025
View reviewed changes
thomasten
thomasten reviewed Dec 23, 2025
View reviewed changes
@burgerdev burgerdev force-pushed the burgerdev/tdx-machine-id branch from 1df7b83 to 26b94a6 Compare December 23, 2025 13:42
@burgerdev burgerdev marked this pull request as ready for review December 23, 2025 14:47
katexochen
katexochen requested changes Dec 29, 2025
View reviewed changes
@katexochen katexochen self-assigned this Dec 29, 2025
@katexochen katexochen added this to the v1.16.0 milestone Jan 12, 2026
@katexochen
Copy link
Member

katexochen commented Jan 12, 2026

needs PR description

@burgerdev burgerdev force-pushed the burgerdev/tdx-machine-id branch from 26b94a6 to 0ddd817 Compare January 12, 2026 11:05
@burgerdev burgerdev requested a review from katexochen January 12, 2026 15:33
@burgerdev
Copy link
Member Author

burgerdev commented Jan 12, 2026

All comments should be addressed now, ptal.

thomasten
thomasten approved these changes Jan 12, 2026
View reviewed changes
Copy link
Member

@thomasten thomasten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reviewed the first and the docs commit, which LGTM

@burgerdev burgerdev merged commit 23ff09a into main Jan 13, 2026
20 of 22 checks passed
@burgerdev burgerdev deleted the burgerdev/tdx-machine-id branch January 13, 2026 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@katexochen katexochen katexochen approved these changes

@thomasten thomasten thomasten approved these changes

Assignees

@katexochen katexochen

Labels

feature Shiny new feature for our users

Projects

None yet

Milestone

v1.16.0

Development

Successfully merging this pull request may close these issues.

4 participants

@burgerdev @katexochen @thomasten