clevis-pin-trustee for attestation.

Also, use the shared Containerfile for the custom image.

Signed-off-by: Roy Kaufman <[email protected]>

Author: Roy Kaufman

README.md

@@ -22,9 +22,9 @@ Build the Fedora CoreOS or Centos Stream CoreOS image with the custom initrd:
 ```bash
 cd coreos
 # Centos Stream CoreOS image
-just os=scos build oci-archive osbuild-qemu
+just os=scos build oci-archive osbuild
 # Fedora CoreOS image
-just build oci-archive osbuild-qemu
+just build oci-archive osbuild
 ```
 
 In this example, we use 2 VMs, the first for running the trustee server while the second VM has been attested and its

coreos/Containerfile

@@ -1,6 +1,10 @@
 ARG BASE
-FROM quay.io/afrosi_rh/kbs-client-image:latest as kbc
-FROM quay.io/confidential-clusters/clevis-pin-trustee as clevis
+
+ARG KBS_CLIENT_IMAGE=quay.io/afrosi_rh/kbs-client-image:latest
+ARG CLEVIS_PIN_TRUSTEE_IMAGE
+
+FROM $KBS_CLIENT_IMAGE as kbc
+FROM $CLEVIS_PIN_TRUSTEE_IMAGE as clevis
 FROM quay.io/confidential-clusters/ignition:clevis-pin-trustee as ignition
 FROM $BASE
 

coreos/justfile

@@ -17,22 +17,35 @@ image := if os == "scos" { scos_img } else { fcos_img }
 os_name := if os == "scos" { scos_os } else { fcos_os }
 label := if os == "scos" { scos_label } else { fcos_label }
 archive := os + ".ociarchive"
+platform := "qemu"
+kbc_image := "quay.io/afrosi_rh/kbs-client-image:latest"
+clevis_pin_trustee_image := "quay.io/confidential-clusters/clevis-pin-trustee"
 
 build:
-    sudo podman build --no-cache --build-arg BASE={{base}} --build-arg COM_COREOS_OSNAME={{label}} -t {{image}} -f Containerfile .
+    sudo podman build --no-cache --build-arg BASE={{base}} --build-arg COM_COREOS_OSNAME={{label}} --build-arg KBS_CLIENT_IMAGE={{kbc_image}} --build-arg CLEVIS_PIN_TRUSTEE_IMAGE={{clevis_pin_trustee_image}} -t {{image}} -f Containerfile .
 
 oci-archive:
     sudo skopeo copy containers-storage:{{image}} oci-archive:{{archive}}
 
-osbuild-qemu:
+osbuild:
     #!/bin/bash
     set -xeuo pipefail
 
+    SELINUX_STATUS=$(getenforce)
+
+    if [ "$SELINUX_STATUS" = "Enforcing" ]; then
+        sudo setenforce 0
+    fi
+
     TMPDIR=$(mktemp -d)
     git clone --depth 1 https://github.com/coreos/custom-coreos-disk-images ${TMPDIR}
 
-    sudo -E ${TMPDIR}/custom-coreos-disk-images.sh --platform qemu \
+    sudo -E ${TMPDIR}/custom-coreos-disk-images.sh --platform {{platform}} \
         --ociarchive {{archive}} \
         --osname {{os_name}}
     rm -rf "$TMPDIR"
-    sudo chown $USER:$USER {{os}}-qemu.x86_64.qcow2
+    sudo chown $USER:$USER {{os}}-{{platform}}.x86_64.*
+
+    if [ "$SELINUX_STATUS" = "Enforcing" ]; then
+        sudo setenforce 1
+    fi

scripts/populate-trustee-kbs.sh

@@ -3,19 +3,22 @@
 set -euo pipefail
 # set -x
 
-if [[ "${#}" -ne 1 ]]; then
+if [[ "${#}" > 3 ]]; then
 	echo "Usage: $0 <path-to-ssh-public-key>"
+	echo "Optional: $0 <path-to-ssh-public-key> <SERVER_IP> <HOSTNAME>"
 	exit 1
 fi
 
 KEY=$1
 TRUSTEE_PORT=8080
-
+IP=$2
+if [[ ${IP} == "" ]]; then 
 # Setup reference values, policies and secrets
 until IP="$(./scripts/get-ip.sh trustee)" && [ -n "$IP" ] && curl "http://${IP}:${TRUSTEE_PORT}" >/dev/null 2>&1; do
 	echo "Waiting for KBS to be available..."
 	sleep 1
 done
+fi
 until ssh core@$IP \
 	-i "${KEY%.*}" \
 	-o StrictHostKeyChecking=no \
@@ -29,18 +32,22 @@ done
 BUTANE=pin-trustee.bu
 IGNITION="${BUTANE%.bu}.ign"
 
-sed "s/<IP>/$IP/" configs/remote-ign/${BUTANE} > tmp/${BUTANE}
+HOSTNAME=$3
+if [[ ${HOSTNAME} == "" ]]; then 
+HOSTNAME=${IP}
+fi
+sed "s/<IP>/$HOSTNAME/" configs/remote-ign/${BUTANE} > ${BUTANE}
 
 podman run --interactive --rm --security-opt label=disable \
-	--volume "$(pwd)/tmp:/pwd" \
+	--volume "$(pwd):/pwd" \
 	--workdir /pwd \
 	quay.io/confidential-clusters/butane:clevis-pin-trustee \
 	--pretty --strict /pwd/$BUTANE --output "/pwd/$IGNITION"
 
 scp -i "${KEY%.*}" \
 	-o StrictHostKeyChecking=no \
 	-o UserKnownHostsFile=/dev/null \
-	tmp/${IGNITION} core@$IP:
+	/${IGNITION} core@$IP:
 
 ssh core@$IP \
 	-i "${KEY%.*}" \

trustee-on-GCP/README.md

@@ -5,48 +5,52 @@ This guide provides step-by-step instructions for setting up remote attestation
 
 ## Prerequisites
 
-1. Copy the pull secret from [Red Hat OpenShift](https://console.redhat.com/openshift/create/local) to ```~/.config/containers/auth.json``` into auths:quay.io:auth:<pull_secret>
+1. Copy the pull secret from [Red Hat OpenShift](https://console.redhat.com/openshift/create/local) to `~/.config/containers/auth.json` under `auths:quay.io:auth:<pull_secret>`
 2. Install [gcloud](https://cloud.google.com/sdk/docs/install)
-3. Configure a subnet on GCP for the server and client by running ```./scripts/network_setup.sh```.
+3. Configure a subnet on GCP for the server and client by running `./scripts/network_setup.sh`
 
 
-## Deploy the trustee server (KBS)
+## Deploy the Trustee Server (KBS)
 
-1. Run ```./scripts/deploy-trustee.sh -k <SSH_KEY> -b ./trustee/trustee.bu```. This will start the KBS with the correct configuration (the name of this VM must match the hostname of the server, so it has to match `KBS_HOSTNAME` in `./scripts/rh-coreos/usr/libexec/aa-client`).
-2. Access the VM via SSH, then run ```sudo /usr/local/bin/populate_kbs.sh```. This will add the refrence value to Trustee.
+1. To deploy the Trustee server, run:
+```bash
+./trustee-on-GCP/scripts/deploy-trustee.sh -k <SSH_KEY> -b ./trustee-on-GCP/trustee/trustee.bu -i <IMAGE_NAME>
+```
+2. After the server is up, populate the KBS with the reference value and add the remote ignition file:
+```bash
+./scripts/populate-trustee-kbs.sh <SSH_KEY> <SERVER_IP> <HOSTNAME>
+``` 
+(The default hostname is `kbs`)
 
-## Deploy the client
+
+## Deploy the Client
 
 1. Build a custom RHCOS image by running:
     ```bash
-    ./scripts/build-rhcos-image.sh <IMAGE_NAME>
+    cd coreos
+    just clevis_pin_trustee_image=quay.io/rkaufman/clevis-pin-trustee:latest os=scos base=quay.io/okd/scos-content:4.20.0-okd-scos.6-stream-coreos \
+    kbc_image=quay.io/rkaufman/kbs-tpm-snp:latest platform=gcp build oci-archive osbuild
     ```
 
 2. Upload the image to GCP by running:
     ```bash
-    ./scripts/upload_image_gcp.sh <BUCKET_NAME> <IMAGE_NAME>
+    ./trustee-on-GCP/scripts/upload_image_gcp.sh <BUCKET_NAME> <IMAGE_NAME>
     ```
 
 3. Deploy the client by running:
     ```bash
-    ./scripts/deploy-client.sh -k <SSH_KEY> -b ./rh-coreos/luks.bu -n <VM_NAME> -i <IMAGE_NAME>
+    ./trustee-on-GCP/scripts/deploy-client.sh -k <SSH_KEY> -b ./rh-coreos/luks.bu -n <VM_NAME> -i <IMAGE_NAME>
     ```
-    This will create the VM, perform attestation and decrypt the disk.
-
-
-
+    This will create the VM, perform attestation, and decrypt the disk using clevis-pin.
 
-## Info about the kbs and kbs-client
 
-I use this version of [trustee](https://github.com/iroykaufman/trustee/tree/addtpm) and the [guest component](https://github.com/iroykaufman/guest-components/tree/TPM-as-additional-device).
+## Information About KBS, KBS-Client, and Clevis-Pin
 
-Trustee includes [pr#851](https://github.com/confidential-containers/trustee/pull/851) with the following changes:
+These are modified versions of [trustee](https://github.com/iroykaufman/trustee/tree/addtpm) and the [guest component](https://github.com/iroykaufman/guest-components/tree/TPM-as-additional-device) to support the TPM as an additional device.
 
-1. The guest component encrypts the public part of the AK in ASN.1 format, but trustee unmarshals it. The unmarshal part was replaced with an ASN.1 decrypt method.
-2. The TPM verifier does not check the nonce in the TPM because the `report_data` contains a digest of the `runtime_data` instead of the nonce. This is because the TPM is an additional device. This is a temporary solution.
+The changes in the guest component are also included in [PR#1093](https://github.com/confidential-containers/guest-components/pull/1093), and the changes in Trustee are related to [PR#851](https://github.com/confidential-containers/trustee/pull/851), where the most significant change is the removal of the trusted Attestation Key (AK) list.
 
-
-The changes in the guest component are included in this [PR#1093](https://github.com/confidential-containers/guest-components/pull/1093).
+This uses a modified version of `clevis-pin-trustee` that adds AK before performing attestation. The source code is available here: [clevis-pin-trustee](https://github.com/iroykaufman/clevis-pin-trustee/tree/create-tpm-ak)
 
 ## Attestation Policy
 
@@ -57,7 +61,3 @@ The policy only checks hardware for both SEV-SNP and TPM.
 Verify that both devices are affirming and exist.
 
 
-## Demo
-
-[![asciicast](https://asciinema.org/a/nsdsarO2ZTbXFjbh0wuNlohMt.svg)](https://asciinema.org/a/nsdsarO2ZTbXFjbh0wuNlohMt)
-