feat: add example attestation policies

butler54 · butler54 · commit 17c99483fdcd · 2025-06-28T11:37:00.000+09:00
Signed-off-by: Chris Butler &lt;chris.butler@redhat.com&gt;
diff --git a/attestation-notes.md b/attestation-notes.md
@@ -0,0 +1,3 @@
+
+
+# curl http://127.0.0.1:8006/aa/token?token_type=kbs
diff --git a/charts/hub/trustee/templates/attestation-policy.yaml b/charts/hub/trustee/templates/attestation-policy.yaml
@@ -0,0 +1,85 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: attestation-policy
+  namespace: trustee-operator-system
+data:
+  default.rego: |
+    package policy
+
+    import rego.v1
+
+    # This policy validates multiple TEE platforms
+    # The policy is meant to capture the TCB requirements
+    # for confidential containers.
+
+    # This policy is used to generate an EAR Appraisal.
+    # Specifically it generates an AR4SI result.
+    # More informatino on AR4SI can be found at
+    # <https://datatracker.ietf.org/doc/draft-ietf-rats-ar4si/>
+
+    # For the `executables` trust claim, the value 33 stands for
+    # "Runtime memory includes executables, scripts, files, and/or
+    #  objects which are not recognized."
+    default executables := 33
+
+    # For the `hardware` trust claim, the value 97 stands for
+    # "A Verifier does not recognize an Attester's hardware or
+    #  firmware, but it should be recognized."
+    default hardware := 97
+
+    # For the `configuration` trust claim the value 36 stands for
+    # "Elements of the configuration relevant to security are
+    #  unavailable to the Verifier."
+    default configuration := 36
+
+
+    ##### Azure vTPM SNP
+    executables := 3 if {
+      input.azsnpvtpm.measurement in data.reference.measurement
+      input.azsnpvtpm.tpm.pcr11 in data.reference.snp_pcr11
+      input.azsnpvtpm.tpm.pcr12 in data.reference.snp_pcr12
+    }
+
+    hardware := 2 if {
+      # Check the reported TCB to validate the ASP FW
+      input.azsnpvtpm.reported_tcb_bootloader in data.reference.tcb_bootloader
+      input.azsnpvtpm.reported_tcb_microcode in data.reference.tcb_microcode
+      input.azsnpvtpm.reported_tcb_snp in data.reference.tcb_snp
+      input.azsnpvtpm.reported_tcb_tee in data.reference.tcb_tee
+    }
+
+    # For the 'configuration' trust claim 2 stands for
+    # "The configuration is a known and approved config."
+    #
+    # For this, we compare all the configuration fields.
+    configuration := 2 if {
+      input.azsnpvtpm.platform_smt_enabled in data.reference.smt_enabled
+      input.azsnpvtpm.platform_tsme_enabled in data.reference.tsme_enabled
+      input.azsnpvtpm.policy_abi_major in data.reference.abi_major
+      input.azsnpvtpm.policy_abi_minor in data.reference.abi_minor
+      input.azsnpvtpm.policy_single_socket in data.reference.single_socket
+      input.azsnpvtpm.policy_smt_allowed in data.reference.smt_allowed
+    }
+
+    ##### Azure vTPM TDX
+    executables := 3 if {
+      input.aztdxvtpm.tpm.pcr11 in data.reference.tdx_pcr11
+      input.aztdxvtpm.tpm.pcr12 in data.reference.tdx_pcr12
+
+    }
+
+    hardware := 2 if {
+      # Check the quote is a TDX quote signed by Intel SGX Quoting Enclave
+      input.aztdxvtpm.quote.header.tee_type == "81000000"
+      input.aztdxvtpm.quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607"
+
+      # Check TDX Module version and its hash. Also check OVMF code hash.
+      input.aztdxvtpm.quote.body.mr_seam in data.reference.mr_seam
+      input.aztdxvtpm.quote.body.tcb_svn in data.reference.tcb_svn
+      input.aztdxvtpm.quote.body.mr_td in data.reference.mr_td
+    }
+
+    configuration := 2 if {
+      input.aztdxvtpm.quote.body.xfam in data.reference.xfam
+    }
diff --git a/charts/hub/trustee/templates/kbs.yaml b/charts/hub/trustee/templates/kbs.yaml
@@ -22,7 +22,7 @@ spec:
   #   certStorePvc: <persistent-volume-claim>
 
   # Override attestation policy (optional)
-  # kbsAttestationPolicyConfigMapName: attestation-policy 
+  kbsAttestationPolicyConfigMapName: attestation-policy 
 
   # Inject environment variables (optional)
   # Enable DEBUG logging in trustee pods
diff --git a/charts/hub/trustee/templates/reference-values.yaml b/charts/hub/trustee/templates/reference-values.yaml
@@ -7,19 +7,225 @@ metadata:
   namespace: {{ .Values.kbs.deployNS }}
 data:
   reference-values.json: |
-      [
-      ]
-
-# No reference values yet
-    # [
-    #   {
-    #     "name": "sample.svn",
-    #     "expired": "2025-01-01T00:00:00Z",
-    #     "hash-value": [
-    #       {
-    #         "alg": "sha256",
-    #         "value": "1"
-    #       }
-    #     ]
-    #   }
-    # ]
+    [
+     {
+        "name": "tdx_pcr11",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "25f988b8b92a8394ee6c2413fe7bde77929ec143151df0a582f52d6c7ccba94c"
+          }
+        ]
+     },
+     {
+        "name": "tdx_pcr12",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "ab45624dae8e56a3b7835ece6d95d764ff675806778a1a716004cdff886f8f30"
+          }
+        ]
+     },
+     {
+        "name": "init_data",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "f754f893653bb36dafbb2b5c12de2a88f1725374ad59df818e84622c7f7bead1"
+          }
+        ]
+     },
+     {
+        "name": "rtmr_1",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+          }
+        ]
+     },
+     {
+        "name": "rtmr_2",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+          }
+        ]
+     },
+     {
+        "name": "mr_seam",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "9790d89a10210ec6968a773cee2ca05b5aa97309f36727a968527be4606fc19e6f73acce350946c9d46a9bf7a63f8430"
+          }
+        ]
+     },
+     {
+        "name": "tcb_svn",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "04010700000000000000000000000000"
+          }
+        ]
+     },
+     {
+        "name": "mr_td",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "a6c9a329848900230bc81678b81d0d64ae88e20be8f73c848da7e2bd025558ef38b5319096e6d78633a3f2a3a804f729"
+          }
+        ]
+     },
+     {
+        "name": "xfam",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "e718060000000000"
+          }
+        ]
+     },
+     {
+        "name": "measurement",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "Cwa8qBJimP2freTTrrpvAZVbEQEyAhPY4fZGgSn9z4qtt0CAGmcS+Otz96qQZ92k"
+          }
+        ]
+     },
+     {
+        "name": "tcb_bootloader",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "4"
+          }
+        ]
+     },
+     {
+        "name": "tcb_microcode",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "219"
+          }
+        ]
+     },
+     {
+        "name": "tcb_snp",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "24"
+          }
+        ]
+     },
+     {
+        "name": "tcb_tee",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "0"
+          }
+        ]
+     },
+     {
+        "name": "smt_enabled",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "1"
+          }
+        ]
+     },
+     {
+        "name": "tsme_enabled",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "0"
+          }
+        ]
+     },
+     {
+        "name": "abi_major",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "0"
+          }
+        ]
+     },
+     {
+        "name": "abi_minor",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "31"
+          }
+        ]
+     },
+     {
+        "name": "single_socket",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "0"
+          }
+        ]
+     },
+     {
+        "name": "smt_allowed",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "1"
+          }
+        ]
+     },
+     {
+        "name": "snp_pcr11",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "25f988b8b92a8394ee6c2413fe7bde77929ec143151df0a582f52d6c7ccba94c"
+          }
+        ]
+     },
+     {
+        "name": "snp_pcr12",
+        "expiration": "2025-09-09T00:00:00Z",
+        "hash-value": [
+          {
+                "alg": "sha256",
+                "value": "ab45624dae8e56a3b7835ece6d95d764ff675806778a1a716004cdff886f8f30"
+          }
+        ]
+     }
+    ]
diff --git a/charts/hub/trustee/templates/resource-policy.yaml b/charts/hub/trustee/templates/resource-policy.yaml
@@ -6,4 +6,11 @@ metadata:
 data:
   policy.rego: |
     package policy
-    default allow = true
+    import rego.v1
+    default allow = false
+    allow if {
+      input["submods"]["cpu"]["ear.status"] != "contraindicated"
+      input["submods"]["cpu"]["ear.trustworthiness-vector"]["configuration"] == 2
+      input["submods"]["cpu"]["ear.trustworthiness-vector"]["hardware"] == 2
+      input["submods"]["cpu"]["ear.trustworthiness-vector"]["executables"] == 3
+    }
diff --git a/charts/hub/trustee/templates/securitypolicy-eso.yaml b/charts/hub/trustee/templates/securitypolicy-eso.yaml
diff --git a/values-simple.yaml b/values-simple.yaml
@@ -95,7 +95,7 @@ clusterGroup:
       # Default to 'safe' for ARO
       overrides:
       - name: letsencrypt.enabled
-        value: false
+        value: true
     hello-openshift:
       name: hello-openshift
       namespace: hello-openshift

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+`
	`2`	`+`
	`3`	`+# curl http://127.0.0.1:8006/aa/token?token_type=kbs`