From 4709f0ed239febd74ef8a902a651425f175ce9f5 Mon Sep 17 00:00:00 2001 From: Xynnn007 Date: Thu, 28 Nov 2024 11:05:45 +0800 Subject: [PATCH] kbs_protocol: update kbs config for test_client Due to the EAR PR, the configuration file format has been changed a little. This patch updates the KBS configuration file to include the latest EAR checking logic. Signed-off-by: Xynnn007 --- attestation-agent/kbs_protocol/test/kbs-config.toml | 13 ++++++------- attestation-agent/kbs_protocol/test/policy.rego | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/attestation-agent/kbs_protocol/test/kbs-config.toml b/attestation-agent/kbs_protocol/test/kbs-config.toml index 823c3eff8..0542baf5a 100644 --- a/attestation-agent/kbs_protocol/test/kbs-config.toml +++ b/attestation-agent/kbs_protocol/test/kbs-config.toml @@ -11,15 +11,14 @@ policy_path = "/opa/confidential-containers/kbs/policy.rego" [attestation_service] type = "coco_as_builtin" work_dir = "/opt/confidential-containers/attestation-service" -policy_engine = "opa" -attestation_token_broker = "Simple" - [attestation_service.attestation_token_config] - duration_min = 5 +[attestation_service.attestation_token_config] +type = "Ear" +duration_min = 5 - [attestation_service.rvps_config] - type = "BuiltIn" - store_type = "LocalFs" +[attestation_service.rvps_config] +type = "BuiltIn" +store_type = "LocalFs" [admin] insecure_api = true diff --git a/attestation-agent/kbs_protocol/test/policy.rego b/attestation-agent/kbs_protocol/test/policy.rego index 747c5fe82..163e10f85 100644 --- a/attestation-agent/kbs_protocol/test/policy.rego +++ b/attestation-agent/kbs_protocol/test/policy.rego @@ -3,5 +3,5 @@ package policy default allow = false allow { - input["tee"] == "sample" + input["submods"]["cpu"]["ear.veraison.annotated-evidence"]["sample"] }