Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update measurements.json to v2 format, and add a helper to load and compare #26

Merged
merged 11 commits into from
Nov 20, 2024

Conversation

metachris
Copy link
Contributor

Summary:

  • Upgrade measurements.json to v2 data schema, which allows additional data fields besides the raw measurements (i.e. attestation_type. The v2 data schema is used at https://measurements.builder.flashbots.net
  • Add MultiMeasurements - a helper to load a list of measurements, and compare provided measurements against them. Can load both new and previous data schema.
  • Extends get-measurements with the capability to load a reference list of mesaurements and compare the current one to the known ones.
  • Added a bunch of tests

Data schema v2
[
    {
        "measurement_id": "cvm-image-azure-tdx.rootfs-20241107200854.wic.vhd",
        "attestation_type": "azure-tdx",
        "measurements": {
            "4": {
                "expected": "1b8cd655f5ebdf50bedabfb5db6b896a0a7c56de54f318103a2de1e7cea57b6b"
            },
        }
    },
]
Data schema v1
{
    "azure-tdx-example": {
        "15": {
            "expected": "0000000000000000000000000000000000000000000000000000000000000000"
        },
    },
    "dcap-tdx-example": {
        "4": {
            "expected": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
        },
    }
}

Usage with get-measurements

# Load from URL
$ go run cmd/get-measurements/main.go \
    --addr https://redacted_instance_ip:7936 \
    --expected-measurements https://measurements.builder.flashbots.net

# Load from file
$ go run cmd/get-measurements/main.go \
    --addr https://redacted_instance_ip:7936 \
    --expected-measurements measurements.json

cmd/get-measurements/main.go Outdated Show resolved Hide resolved
multimeasurements/multimeasurements.go Outdated Show resolved Hide resolved
multimeasurements/multimeasurements.go Outdated Show resolved Hide resolved
log.Info("Loading expected measurements from " + expectedMeasurementsPath + " ...")
expectedMeasurements, err = multimeasurements.New(expectedMeasurementsPath)
if err != nil {
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a log.Error message here for better understanding what went wrong while debugging.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

an error returned in the main function is still printed to the console. but still a valid point 👍

multimeasurements/multimeasurements.go Show resolved Hide resolved
multimeasurements/multimeasurements.go Show resolved Hide resolved
@metachris metachris force-pushed the get-measurements branch 2 times, most recently from a9e8d32 to d01c6a5 Compare November 18, 2024 13:13
@metachris metachris force-pushed the compare-measurements2 branch from 99238f6 to fdfc6ce Compare November 18, 2024 13:38
"github.com/flashbots/cvm-reverse-proxy/internal/attestation/measurements"
)

// MultiMeasurements is holds several known measurements, and can check if a
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd remove the is

@metachris metachris force-pushed the compare-measurements2 branch from fdfc6ce to 2794c9e Compare November 19, 2024 16:40
@metachris metachris force-pushed the get-measurements branch 2 times, most recently from 1c36ebb to 5f466b8 Compare November 19, 2024 19:21
Base automatically changed from get-measurements to main November 19, 2024 19:21
@metachris metachris force-pushed the compare-measurements2 branch from 2794c9e to 4dec509 Compare November 20, 2024 11:23
@metachris metachris force-pushed the compare-measurements2 branch from 4dec509 to 16f88b4 Compare November 20, 2024 11:24
@metachris metachris merged commit 4bc1e67 into main Nov 20, 2024
2 checks passed
@metachris metachris deleted the compare-measurements2 branch November 20, 2024 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants