diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index 9a23eb38..6f12b198 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -24,9 +24,9 @@ jobs: GO111MODULE: on CI_PIPELINE: true steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: "1.22" + go-version: "1.24.1" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 977bac70..b6c9955b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,9 +10,9 @@ jobs: GO111MODULE: on CI_PIPELINE: true steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: "1.22" + go-version: "1.24.1" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index c223b2ce..85e6709f 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -8,9 +8,9 @@ jobs: env: GO111MODULE: on steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: - go-version: "1.22" + go-version: "1.24.1" - name: Checkout code uses: actions/checkout@v2 - name: Install mockgen @@ -25,7 +25,7 @@ jobs: - name: Install golangci-lint run: | go version - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.54.2 + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.4 - name: Install Protoc uses: arduino/setup-protoc@v1 with: diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker index 235c0abd..f0169792 100644 --- a/deployments/docker/src/builder.docker +++ b/deployments/docker/src/builder.docker @@ -1,6 +1,6 @@ # Go version that will be used to build the project. Due to the use of generics # within the project, it must be at least 1.22. -ARG GO_VERSION=1.22 +ARG GO_VERSION=1.24.1 FROM golang:${GO_VERSION} AS veraison-builder diff --git a/go.mod b/go.mod index 6ade9f83..14f13b45 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/veraison/services -go 1.22 +go 1.24.1 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 @@ -11,42 +11,42 @@ require ( github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.1 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 github.com/denisbrodbeck/machineid v1.0.1 - github.com/fatih/color v1.13.0 + github.com/fatih/color v1.14.1 github.com/gin-gonic/gin v1.9.1 github.com/go-playground/assert/v2 v2.2.0 github.com/go-sql-driver/mysql v1.8.1 github.com/golang/mock v1.6.0 github.com/google/go-tpm v0.3.3 github.com/google/uuid v1.6.0 - github.com/hashicorp/go-hclog v1.2.0 + github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-plugin v1.4.4 github.com/jackc/pgx/v5 v5.6.0 github.com/jellydator/ttlcache/v3 v3.0.0 github.com/json-iterator/go v1.1.12 // indirect - github.com/lestrrat-go/jwx/v2 v2.0.11 + github.com/lestrrat-go/jwx/v2 v2.1.3 github.com/mattn/go-sqlite3 v1.14.14 github.com/mitchellh/mapstructure v1.5.0 github.com/moogar0880/problems v0.1.1 github.com/open-policy-agent/opa v0.43.1 github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 - github.com/spf13/afero v1.9.2 + github.com/spf13/afero v1.12.0 github.com/spf13/jwalterweatherman v1.1.0 github.com/spf13/pflag v1.0.5 - github.com/spf13/viper v1.13.0 - github.com/stretchr/testify v1.9.0 + github.com/spf13/viper v1.19.0 + github.com/stretchr/testify v1.10.0 github.com/tbaehler/gin-keycloak v1.6.1 github.com/veraison/ccatoken v1.3.1 github.com/veraison/cmw v0.1.0 - github.com/veraison/corim v1.1.3-0.20241003171039-fe09de9f3764 + github.com/veraison/corim v1.1.3-0.20250307044607-0bbdd6c78526 github.com/veraison/dice v0.0.1 github.com/veraison/ear v1.1.2 github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 github.com/veraison/parsec v0.2.1-0.20240912163334-0368b9c16228 github.com/veraison/psatoken v1.2.1-0.20240912124429-aec3ece7886e go.uber.org/zap v1.23.0 - golang.org/x/text v0.14.0 - google.golang.org/grpc v1.64.0 - google.golang.org/protobuf v1.33.0 + golang.org/x/text v0.21.0 + google.golang.org/grpc v1.67.3 + google.golang.org/protobuf v1.36.4 gopkg.in/go-jose/go-jose.v2 v2.6.3 ) @@ -68,10 +68,10 @@ require ( github.com/bytedance/sonic v1.11.3 // indirect github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect github.com/chenzhuoyu/iasm v0.9.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect - github.com/fsnotify/fsnotify v1.5.4 // indirect - github.com/fxamacker/cbor/v2 v2.5.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/gin-contrib/sse v0.1.0 // indirect @@ -79,8 +79,8 @@ require ( github.com/go-playground/universal-translator v0.18.1 // indirect github.com/go-playground/validator/v10 v10.19.0 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-json v0.10.2 // indirect - github.com/golang/glog v1.2.1 // indirect + github.com/goccy/go-json v0.10.4 // indirect + github.com/golang/glog v1.2.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect @@ -92,46 +92,62 @@ require ( github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/leodido/go-urn v1.4.0 // indirect - github.com/lestrrat-go/blackmagic v1.0.1 // indirect + github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.4 // indirect + github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect - github.com/magiconair/properties v1.8.6 // indirect - github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/magiconair/properties v1.8.9 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-testing-interface v1.0.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/oklog/run v1.0.0 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect - github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.2.0 // indirect + github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect github.com/segmentio/asm v1.2.0 // indirect - github.com/spf13/cast v1.5.0 // indirect - github.com/subosito/gotenv v1.4.1 // indirect + github.com/spf13/cast v1.7.1 // indirect + github.com/subosito/gotenv v1.6.0 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect github.com/vektah/gqlparser/v2 v2.4.6 // indirect - github.com/veraison/go-cose v1.3.0-rc.1 + github.com/veraison/go-cose v1.3.0 github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.1.0 // indirect go.uber.org/atomic v1.10.0 // indirect - go.uber.org/multierr v1.8.0 // indirect + go.uber.org/multierr v1.11.0 // indirect golang.org/x/arch v0.7.0 // indirect - golang.org/x/crypto v0.21.0 - golang.org/x/net v0.22.0 // indirect - golang.org/x/oauth2 v0.19.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.18.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect + golang.org/x/crypto v0.32.0 + golang.org/x/net v0.33.0 // indirect + golang.org/x/oauth2 v0.25.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.29.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +require ( + github.com/google/go-sev-guest v0.12.1 + github.com/jraman567/go-gen-ref v0.0.0-20250307151627-97b7e781d801 + github.com/veraison/ratsd v0.0.0-20250307122325-c7ba61655b40 +) + +require ( + github.com/google/logger v1.1.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/sagikazarmark/locafero v0.7.0 // indirect + github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/sourcegraph/conc v0.3.0 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/virtee/sev-snp-measure-go v0.0.0-20241128091219-920346c42ecb // indirect + golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 // indirect +) diff --git a/go.sum b/go.sum index 986bd101..dddabb9c 100644 --- a/go.sum +++ b/go.sum @@ -766,8 +766,9 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= @@ -929,6 +930,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -940,11 +942,11 @@ github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/ github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMSRhl4D7AQ= github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= @@ -1001,8 +1003,9 @@ github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6Ni github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= +github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -1014,17 +1017,18 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897 h1:E52jfcE64UG42SwLmrW0QByONfGynWuzBvm86BoB9z8= github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= -github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/fxamacker/cbor/v2 v2.3.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= -github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= @@ -1096,8 +1100,9 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM= +github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= @@ -1120,8 +1125,9 @@ github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGw github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= -github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1186,7 +1192,11 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= +github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= +github.com/google/go-sev-guest v0.12.1 h1:H4rFYnPIn8HtqEsNTmh56Zxcf9BI9n48ZSYCnpYLYvc= +github.com/google/go-sev-guest v0.12.1/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI= github.com/google/go-tpm v0.3.0/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw= github.com/google/go-tpm v0.3.3 h1:P/ZFNBZYXRxc+z7i5uyd8VP7MaDteuLZInzrH2idRGo= @@ -1196,6 +1206,8 @@ github.com/google/go-tpm-tools v0.2.0/go.mod h1:npUd03rQ60lxN7tzeBJreG38RvWwme2N github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= +github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -1277,8 +1289,8 @@ github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FK github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= -github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= +github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= @@ -1314,6 +1326,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= @@ -1338,6 +1352,8 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= +github.com/jraman567/go-gen-ref v0.0.0-20250307151627-97b7e781d801 h1:NDaCg9H2ddlozI79sZl782vV4lIlIeR6xM6B7S26Oxs= +github.com/jraman567/go-gen-ref v0.0.0-20250307151627-97b7e781d801/go.mod h1:DVSqVJrSyAq2lKaGTnlbQSDRLscJMvGAIAnPc/3uIEk= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -1361,8 +1377,9 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= +github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM= @@ -1376,8 +1393,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -1390,17 +1408,16 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6Fm github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80= -github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k= +github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8= -github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k= +github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.11 h1:ViHMnaMeaO0qV16RZWBHM7GTrAnX2aFLVKofc7FuKLQ= -github.com/lestrrat-go/jwx/v2 v2.0.11/go.mod h1:ZtPtMFlrfDrH2Y0iwfa3dRFn8VzwBrB+cyrm3IBWdDg= -github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= +github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5/Jo= +github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= @@ -1409,8 +1426,8 @@ github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuz github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo= -github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= +github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM= +github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1418,19 +1435,18 @@ github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -1561,11 +1577,10 @@ github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTK github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= -github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= -github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo= github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -1583,8 +1598,9 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= @@ -1647,6 +1663,10 @@ github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= +github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo= +github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k= +github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= +github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= @@ -1673,17 +1693,20 @@ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:s github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= +github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= -github.com/spf13/afero v1.9.2 h1:j49Hj62F0n+DaZ1dDCvhABaPNSGNkt32oRFxI33IEMw= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= +github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs= +github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= -github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= @@ -1691,6 +1714,8 @@ github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHN github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -1703,8 +1728,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU= -github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= +github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= +github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1728,11 +1753,12 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/subosito/gotenv v1.4.1 h1:jyEFiXpy21Wm81FBN71l9VoMMV8H8jG+qIK3GCpY6Qs= -github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= +github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= +github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -1759,22 +1785,26 @@ github.com/veraison/ccatoken v1.3.1 h1:zUHXr2mPprxMYv5Mm2mumxzQZ3I9wy7QGayXqa9Rv github.com/veraison/ccatoken v1.3.1/go.mod h1:vMqdbW4H/8A3oT+24qssuIK3Aefy06XqzTELGg+gWAg= github.com/veraison/cmw v0.1.0 h1:vD6tBlGPROCW/HlDcG1jh+XUJi5ihrjXatKZBjrv8mU= github.com/veraison/cmw v0.1.0/go.mod h1:WoBrlgByc6C1FeHhdze1/bQx1kv5d1sWKO5ezEf4Hs4= -github.com/veraison/corim v1.1.3-0.20241003171039-fe09de9f3764 h1:48GvCJSVsBDaqIiK0m+h4D9rhAwLlzias+F5oLId/Fg= -github.com/veraison/corim v1.1.3-0.20241003171039-fe09de9f3764/go.mod h1:Wj3a6bSo7+3peVGjwGayHDALILh4PHMngDhgBYUbVLk= +github.com/veraison/corim v1.1.3-0.20250307044607-0bbdd6c78526 h1:SEMbaI+cPmtUZvutz8T1EgPYkBM+5iwOEhCAJioDqLI= +github.com/veraison/corim v1.1.3-0.20250307044607-0bbdd6c78526/go.mod h1:ih8kOpsI3+2iy8IvHkD6xSNryfK3oe9c05nlBE78BV0= github.com/veraison/dice v0.0.1 h1:dOm7ByDN/r4WlDsGkEUXzdPMXgTvAPTAksQ8+BwBrD4= github.com/veraison/dice v0.0.1/go.mod h1:QPMLc5LVMj08VZ+HNMYk4XxWoVYGAUBVm8Rd5V1hzxs= github.com/veraison/ear v1.1.2 h1:Xs41FqAG8IyJaceqNFcX2+nf51Et1uyhmCJV8SZqw/8= github.com/veraison/ear v1.1.2/go.mod h1:O3yKgZR04DWKHHiNxfXCMX9ky0cLVoC67TFks6JwEhI= github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53 h1:5gnX2TrGd/Xz8DOp2OaLtg/jLoIubSUTrgz6iZ58pJ4= github.com/veraison/eat v0.0.0-20220117140849-ddaf59d69f53/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= -github.com/veraison/go-cose v1.3.0-rc.1 h1:j7mMBdwkbq4c+pgEZVbbWG8UwVIgGHPp6+TAAYJj+UY= -github.com/veraison/go-cose v1.3.0-rc.1/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc= +github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk= +github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc= github.com/veraison/parsec v0.2.1-0.20240912163334-0368b9c16228 h1:oMCBfNZ8yxeMHelMg/H8uLrBLRvipjAwBL0d5/F9bvY= github.com/veraison/parsec v0.2.1-0.20240912163334-0368b9c16228/go.mod h1:hobpAGxGmjCyluLHTNMdgJYficPXno4HZWKJSuUwZ7w= github.com/veraison/psatoken v1.2.1-0.20240912124429-aec3ece7886e h1:W1OWcrRvfN0EWyldcpFgwl9xdKBbZUlk5pnbLTcR8Ec= github.com/veraison/psatoken v1.2.1-0.20240912124429-aec3ece7886e/go.mod h1:bXUwdYAGcRoclxe73JmO8Z9ngV9KDHqW20afM9Q0FKo= +github.com/veraison/ratsd v0.0.0-20250307122325-c7ba61655b40 h1:Npnsk7RPJf3EnW9bWujDB4CoKtmFxtMAWAlGu9G9zYs= +github.com/veraison/ratsd v0.0.0-20250307122325-c7ba61655b40/go.mod h1:wVXT8sN+hT1Cwq5jQt1r3/8H3B8KdELi8KD/YXKKn6k= github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca h1:osmCKwWO/xM68Kz+rIXio1DNzEY2NdJOpGpoy5r8NlE= github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= +github.com/virtee/sev-snp-measure-go v0.0.0-20241128091219-920346c42ecb h1:iBPEloogBk7uK2Ygtz1l6gJabikXs8ASZCmormbn2lM= +github.com/virtee/sev-snp-measure-go v0.0.0-20241128091219-920346c42ecb/go.mod h1:dEkBe8JnxU5itNjZDEQINFd7f7l4DtjfqRuzPQcit4w= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= @@ -1874,8 +1904,8 @@ go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= -go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= @@ -1914,8 +1944,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1931,6 +1961,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= +golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -2057,8 +2089,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2089,8 +2121,9 @@ golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2108,8 +2141,8 @@ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2119,7 +2152,6 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2143,7 +2175,6 @@ golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2256,8 +2287,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2290,8 +2321,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2617,8 +2649,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489 h1:5bKytslY8ViY0Cj/ewmRtrWHW64bNF03cAatUUFCdFI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250204164813-702378808489/go.mod h1:8BS3B93F/U1juMFq9+EDk+qOT5CO1R9IzXxG3PTqiRk= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -2665,8 +2697,8 @@ google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.67.3 h1:OgPcDAFKHnH8X3O4WcO4XUc8GRDeKsKReqbQtiCj7N8= +google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2686,8 +2718,8 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/log/hclogger.go b/log/hclogger.go index d74bed47..ff831509 100644 --- a/log/hclogger.go +++ b/log/hclogger.go @@ -169,6 +169,24 @@ func (o *HCLogger) SetLevel(level hclog.Level) { // We do not want to allow plugins to change logging level. } +func (o *HCLogger) GetLevel() hclog.Level { + var hcLogLevel hclog.Level + + zapLevel := GetLevel() + switch zapLevel { + case zap.DebugLevel: + hcLogLevel = hclog.Debug + case zap.InfoLevel: + hcLogLevel = hclog.Info + case zap.WarnLevel: + hcLogLevel = hclog.Warn + case zap.ErrorLevel: + hcLogLevel = hclog.Error + } + + return hcLogLevel +} + // Return a value that conforms to the stdlib log.Logger interface func (o *HCLogger) StandardLogger(opts *hclog.StandardLoggerOptions) *stdlog.Logger { return zap.NewStdLog(o.logger.Desugar()) diff --git a/mk/cmd.mk b/mk/cmd.mk index 12b3ba03..d6844912 100644 --- a/mk/cmd.mk +++ b/mk/cmd.mk @@ -17,7 +17,7 @@ endif SCHEME_LOADER ?= plugins -_MIN_GO_VERSION = 1.22 +_MIN_GO_VERSION = 1.24.1 _GO_VERSION = $(shell go version | sed 's/^[^0-9]*\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/') .PHONY: _check_version diff --git a/scheme/Makefile b/scheme/Makefile index c3336e19..abe41662 100644 --- a/scheme/Makefile +++ b/scheme/Makefile @@ -8,6 +8,7 @@ SUBDIR += psa-iot SUBDIR += tpm-enacttrust SUBDIR += parsec-tpm SUBDIR += parsec-cca +SUBDIR += sevsnp clean: ; $(RM) -rf ./bin diff --git a/scheme/sevsnp/Makefile b/scheme/sevsnp/Makefile new file mode 100644 index 00000000..68ba5f08 --- /dev/null +++ b/scheme/sevsnp/Makefile @@ -0,0 +1,14 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 +.DEFAULT_GOAL := test + +GOPKG := github.com/veraison/services/scheme/sevsnp +SRCS := $(wildcard *.go) + +SUBDIR += plugin + +include ../../mk/common.mk +include ../../mk/lint.mk +include ../../mk/pkg.mk +include ../../mk/subdir.mk +include ../../mk/test.mk diff --git a/scheme/sevsnp/README.md b/scheme/sevsnp/README.md new file mode 100644 index 00000000..9bc7c481 --- /dev/null +++ b/scheme/sevsnp/README.md @@ -0,0 +1,58 @@ +# SEV-SNP scheme + +This scheme supports the provisioning of reference values and appraisal of evidence. It is suitable for anyone performing verification of simple SEV-SNP evidence. + +## Installation + +It doesn't need any specific install instructions, it gets deployed along with other schemes. +``` +make really-clean; make native-deploy +``` + +## Usage example + +Following is an example of how to interface with this scheme/plugin. The workflow involves using cocli to submit reference values and ratsd to submit the evidence. + +Since ratsd is under construction, please use the following instance of evcli to submit evidence. +https://github.com/jraman567/evcli + +Generating reference values and evidence is beyond this project's scope. Please see go-gen-ref for creating reference values for SEV-SNP; RATSd generates evidence. +go-gen-ref: https://github.com/jraman567/go-gen-ref +ratsd: https://github.com/veraison/ratsd + +### Provisioning Trust Anchor +``` +cocli comid create --template scheme/sevsnp/test/ta-prov.json +cocli corim create -m ta-prov.cbor -t corimMini.json -o ta.cbor +cocli corim submit --corim-file=ta.cbor --api-server="https://localhost:9443/endorsement-provisioning/v1/submit" --media-type="application/corim-unsigned+cbor; profile=\"https://amd.com/ark\"" +``` + +### Provisioning Reference Values +``` +cocli corim submit --corim-file=scheme/sevsnp/test/refval-prov.cbor --api-server="https://localhost:9443/endorsement-provisioning/v1/submit" --media-type="application/corim-unsigned+cbor; profile=\"https://amd.com/ark\"" +``` + +### Submitting evidence +``` +git clone https://github.com/jraman567/evcli.git +cd evcli; go build +./evcli sev-snp verify-as relying-party --api-server=https://localhost:8443/challenge-response/v1/newSession --token=cmd/sevsnp/sample/SNP-EAT.json +``` + +## Result +The result is in JWT format. Decoding it using an online tool like https://jwt.io/ reveals formatted results. The trustworthiness vector, as shown below, summarizes the result of verification. +``` + "SEVSNP": { + "ear.appraisal-policy-id": "policy:SEVSNP", + "ear.status": "affirming", + "ear.trustworthiness-vector": { + "configuration": 0, + "executables": 0, + "file-system": 0, + "hardware": 2, + "instance-identity": 0, + "runtime-opaque": 2, + "sourced-data": 0, + "storage-opaque": 0 + }, +``` \ No newline at end of file diff --git a/scheme/sevsnp/common.go b/scheme/sevsnp/common.go new file mode 100644 index 00000000..14941d1a --- /dev/null +++ b/scheme/sevsnp/common.go @@ -0,0 +1,119 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package sevsnp + +import ( + "bytes" + "encoding/binary" + "errors" + "fmt" + + "github.com/veraison/corim/comid" + "github.com/veraison/corim/corim" +) + +// Variables that contain GUIDs of AMD keys. See Section 4.1.8.1 +// MSG_REPORT_REQ in the following: +// https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf +var ( + arkGuid = []byte{0xc0, 0xb4, 0x06, 0xa4, 0xa8, 0x03, 0x49, 0x52, 0x97, 0x43, 0x3f, 0xb6, 0x01, 0x4c, 0xd0, 0xae} + askGuid = []byte{0x4a, 0xb7, 0xb3, 0x79, 0xbb, 0xac, 0x4f, 0xe4, 0xa0, 0x2f, 0x05, 0xae, 0xf3, 0x27, 0xc7, 0x82} + vcekGuid = []byte{0x63, 0xda, 0x75, 0x8d, 0xe6, 0x64, 0x45, 0x64, 0xad, 0xc5, 0xf4, 0xb9, 0x3b, 0xe8, 0xac, 0xcd} +) + +// measurementByUintKey looks up comid.Measurement in a CoMID by its MKey. +// +// If no measurements are found, returns nil and no error. Otherwise, +// returns the error encountered. +func measurementByUintKey(refVal comid.ValueTriple, + key uint64) (*comid.Measurement, error) { + for _, m := range refVal.Measurements.Values { + if m.Key == nil || !m.Key.IsSet() || + m.Key.Type() != comid.UintType { + continue + } + + k, err := m.Key.GetKeyUint() + if err != nil { + return nil, err + } + + if k == key { + return &m, nil + } + } + + return nil, nil +} + +// comidFromJson accepts a CoRIM in JSON format and returns its first CoMID +// +// Returns error if there are more than a single CoMID, or passes on +// error from corim routine. +func comidFromJson(buf []byte) (*comid.Comid, error) { + extractedCorim, err := corim.UnmarshalUnsignedCorimFromJSON(buf) + if err != nil { + return nil, err + } + + if len(extractedCorim.Tags) > 1 { + return nil, errors.New("too many tags") + } + + extractedComid, err := corim.UnmarshalComidFromCBOR( + extractedCorim.Tags[0], + extractedCorim.Profile, + ) + + if err != nil { + return nil, err + } + + return extractedComid, nil +} + +// certTableEntry is an entry in the Certificate Table header in TSM report's auxblob +type certTableEntry struct { + Guid [16]byte + Offset uint32 + Length uint32 +} + +// getKey helper to extract a particular key from the auxblob +func getKey(auxblob []byte, guid []byte) ([]byte, error) { + for i := 0; i < len(auxblob); i += 24 { + var entry certTableEntry + b := auxblob[i : i+24] + buf := bytes.NewReader(b) + err := binary.Read(buf, binary.LittleEndian, &entry) + if err != nil { + return nil, err + } + + if entry.Guid[0] == 0x0 { + break + } + + if bytes.Equal(guid, entry.Guid[:]) { + return auxblob[entry.Offset : entry.Offset+entry.Length], nil + } + } + + return nil, fmt.Errorf("key not found: %v", guid) +} + +// getARK helper function to extract ARK from auxblob +func getARK(auxblob []byte) ([]byte, error) { + return getKey(auxblob, arkGuid) +} + +// getASK helper function to extract ASK from auxblob +func getASK(auxblob []byte) ([]byte, error) { + return getKey(auxblob, askGuid) +} + +// getVCEK helper function to extract VCEK from auxblob +func getVCEK(auxblob []byte) ([]byte, error) { + return getKey(auxblob, vcekGuid) +} diff --git a/scheme/sevsnp/endorsement_handler.go b/scheme/sevsnp/endorsement_handler.go new file mode 100644 index 00000000..0ed6bd88 --- /dev/null +++ b/scheme/sevsnp/endorsement_handler.go @@ -0,0 +1,42 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +import ( + "github.com/veraison/services/handler" + "github.com/veraison/services/scheme/common" +) + +// EndorsementHandler implements the IEndorsementHandler interface for SEVSNP scheme +type EndorsementHandler struct{} + +// Init initializes the endorsement handler instance. no-op for SEVSNP +func (o EndorsementHandler) Init(params handler.EndorsementHandlerParams) error { + return nil // no-op +} + +// Close closes the endorsement handler instance. no-op for SEVSNP +func (o EndorsementHandler) Close() error { + return nil // no-op +} + +// GetName returns the name of the endorsement handler +func (o EndorsementHandler) GetName() string { + return SchemeName +} + +// GetAttestationScheme returns the scheme name +func (o EndorsementHandler) GetAttestationScheme() string { + return SchemeName +} + +// GetSupportedMediaTypes returns the media types supported for SEVSNP endorsements +func (o EndorsementHandler) GetSupportedMediaTypes() []string { + return EndorsementMediaTypes +} + +// Decode decodes the supplied endorsement as an unsigned CoRIM +// ToDo: Add support for signed CoRIMs +func (o EndorsementHandler) Decode(data []byte) (*handler.EndorsementHandlerResponse, error) { + return common.UnsignedCorimDecoder(data, &Extractor{}) +} diff --git a/scheme/sevsnp/endorsement_handler_test.go b/scheme/sevsnp/endorsement_handler_test.go new file mode 100644 index 00000000..3f123b20 --- /dev/null +++ b/scheme/sevsnp/endorsement_handler_test.go @@ -0,0 +1,46 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestDecoder_GetName(t *testing.T) { + d := &EndorsementHandler{} + + expected := SchemeName + + actual := d.GetName() + + assert.Equal(t, expected, actual) +} + +func TestDecoder_GetAttestationScheme(t *testing.T) { + d := &EndorsementHandler{} + + expected := SchemeName + + actual := d.GetAttestationScheme() + + assert.Equal(t, expected, actual) +} + +func TestDecoder_GetSupportedMediaTypes(t *testing.T) { + d := &EndorsementHandler{} + + expected := EndorsementMediaTypes + + actual := d.GetSupportedMediaTypes() + + assert.Equal(t, expected, actual) +} + +func TestDecoder_Decode_OK(t *testing.T) { + d := &EndorsementHandler{} + + _, err := d.Decode(unsignedCorimSevSnp) + assert.NoError(t, err) +} diff --git a/scheme/sevsnp/evidence_handler.go b/scheme/sevsnp/evidence_handler.go new file mode 100644 index 00000000..92617123 --- /dev/null +++ b/scheme/sevsnp/evidence_handler.go @@ -0,0 +1,434 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package sevsnp + +import ( + "crypto/x509" + "encoding/json" + "encoding/pem" + "fmt" + "time" + + "github.com/google/go-sev-guest/abi" + "github.com/google/go-sev-guest/proto/sevsnp" + "github.com/google/go-sev-guest/verify" + "github.com/google/go-sev-guest/verify/trust" + sevsnpParser "github.com/jraman567/go-gen-ref/cmd/sevsnp" + "github.com/veraison/corim/comid" + "github.com/veraison/corim/corim" + "github.com/veraison/ear" + "github.com/veraison/ratsd/tokens" + "github.com/veraison/services/handler" + "github.com/veraison/services/log" + "github.com/veraison/services/proto" +) + +// EvidenceHandler implements the IEvidenceHandler interface for SEVSNP +type EvidenceHandler struct { +} + +// GetName returns the name of this evidence handler instance +func (o EvidenceHandler) GetName() string { + return "sevsnp-evidence-handler" +} + +// GetAttestationScheme returns the attestation scheme +func (o EvidenceHandler) GetAttestationScheme() string { + return SchemeName +} + +// GetSupportedMediaTypes returns the supported media types for the SEVSNP scheme +func (o EvidenceHandler) GetSupportedMediaTypes() []string { + return EvidenceMediaTypes +} + +// ExtractClaims converts evidence in tsm-report format to our +// "internal representation", which is in CoRIM format. +func (o EvidenceHandler) ExtractClaims( + token *proto.AttestationToken, + _ []string, +) (map[string]interface{}, error) { + var claimsSet map[string]interface{} + var tsm tokens.TSMReport + + err := tsm.FromCBOR(token.Data) + if err != nil { + return nil, err + } + + reportProto, err := abi.ReportToProto(tsm.OutBlob) + if err != nil { + return nil, err + } + + refValComid, err := sevsnpParser.ReportToComid(reportProto, 0) + if err != nil { + return nil, err + } + + err = refValComid.Valid() + if err != nil { + return nil, err + } + + refValCorim := corim.UnsignedCorim{} + refValCorim.SetProfile("http://amd.com/2024/snp-corim-profile") + refValCorim.AddComid(refValComid) + + refValJson, err := refValCorim.ToJSON() + if err != nil { + return nil, err + } + + err = json.Unmarshal(refValJson, &claimsSet) + if err != nil { + return nil, err + } + + return claimsSet, nil +} + +// snpAttestationOptions parameter for verifying certificate chain +func snpAttestationOptions() *verify.Options { + return &verify.Options{ + Getter: trust.DefaultHTTPSGetter(), + Now: time.Now(), + DisableCertFetching: true, + } +} + +// readCert helper function to read a certificate from a blob +func readCert(cert []byte) ([]byte, error) { + block, _ := pem.Decode(cert) + if block == nil || block.Type != "CERTIFICATE" { + return nil, fmt.Errorf("failed to read certificate") + } + return block.Bytes, nil +} + +// compareTAs compares two X509 certificates for equality +func compareTAs(provisionedArk []byte, evidenceArk []byte) (bool, error) { + pArk, err := readCert(provisionedArk) + if err != nil { + return false, err + } + + pCert, err := x509.ParseCertificate(pArk) + if err != nil { + return false, err + } + + eArk, err := readCert(evidenceArk) + if err != nil { + return false, err + } + + eCert, err := x509.ParseCertificate(eArk) + if err != nil { + return false, err + } + + return pCert.Equal(eCert), nil +} + +// ValidateEvidenceIntegrity verifies that the ARK in the +// evidence matches the provisioned ARK, confirms the +// integrity of the certificate chain, and validates +// the signature of the evidence. +// +// The "auxblob" in the evidence contains a certificate chain. +// The Trust Anchor in this chain is AMD Root Key (ARK). +func (o EvidenceHandler) ValidateEvidenceIntegrity( + token *proto.AttestationToken, + trustAnchors []string, + endorsementsStrings []string, +) error { + var ( + taEndorsement handler.Endorsement + avk comid.KeyTriple + tsm tokens.TSMReport + ) + + // Get the ARK TA + for i, t := range trustAnchors { + var endorsement handler.Endorsement + + if err := json.Unmarshal([]byte(t), &endorsement); err != nil { + return fmt.Errorf("could not decode endorsement at index %d: %w", i, err) + } + + if endorsement.Type == handler.EndorsementType_VERIFICATION_KEY { + taEndorsement = endorsement + break + } + } + + if taEndorsement.Type != handler.EndorsementType_VERIFICATION_KEY { + return fmt.Errorf("trust anchors unavailable") + } + + err := json.Unmarshal(taEndorsement.Attributes, &avk) + if err != nil { + return err + } + + provisionedArk := avk.VerifKeys[0] + + // Parse certificate chain in evidence (auxblob) + err = tsm.FromCBOR(token.Data) + if err != nil { + return err + } + + protoReport, err := abi.ReportToProto(tsm.OutBlob) + if err != nil { + return err + } + + ark, err := getARK(tsm.AuxBlob) + if err != nil { + return err + } + + arkBlock, err := readCert(ark) + if err != nil { + return err + } + + ask, err := getASK(tsm.AuxBlob) + if err != nil { + return err + } + + askBlock, err := readCert(ask) + if err != nil { + return err + } + + vcek, err := getVCEK(tsm.AuxBlob) + if err != nil { + return err + } + + vcekBlock, err := readCert(vcek) + if err != nil { + return err + } + + // Test if TA matches with the one supplied in evidence + match, err := compareTAs([]byte(provisionedArk.String()), ark) + if err != nil { + return err + } + if !match { + return fmt.Errorf("ARK in evidence does not match provisioned ARK") + } + + // Validate the integrity of evidence by ensuring the + // certificate chain is intact, and the signature is valid + var attestation sevsnp.Attestation + attestation.Report = protoReport + attestation.CertificateChain = &sevsnp.CertificateChain{VcekCert: vcekBlock, AskCert: askBlock, ArkCert: arkBlock} + err = verify.SnpAttestation(&attestation, snpAttestationOptions()) + + if err != nil { + log.Errorf("failed to validate certificate chain: %+v\n", err) + } + + return err +} + +// refvalToComidTriple converts extracted reference values to CoMID value triple +func refvalToComidTriple(endorsementsStrings []string) (*comid.ValueTriple, error) { + var ( + refValEndorsement handler.Endorsement + rv comid.ValueTriple + ) + + for i, e := range endorsementsStrings { + var endorsement handler.Endorsement + + if err := json.Unmarshal([]byte(e), &endorsement); err != nil { + return nil, fmt.Errorf("could not decode endorsement at index %d: %w", i, err) + } + + if endorsement.Type == handler.EndorsementType_REFERENCE_VALUE { + refValEndorsement = endorsement + break + } + } + + if refValEndorsement.Type != handler.EndorsementType_REFERENCE_VALUE { + return nil, fmt.Errorf("reference values unavailable") + } + + err := json.Unmarshal(refValEndorsement.Attributes, &rv) + if err != nil { + return nil, err + } + + return &rv, nil +} + +// evidenceToComidTriple converts claim set to CoMID value triple +func evidenceToComidTriple(ec *proto.EvidenceContext) (*comid.ValueTriple, error) { + evCorimJson, err := json.Marshal(ec.Evidence.AsMap()) + if err != nil { + return nil, err + } + + evComid, err := comidFromJson(evCorimJson) + if err != nil { + return nil, err + } + + return &evComid.Triples.ReferenceValues.Values[0], nil +} + +// compareMeasurements checks if two given comid.Measurement variables are the same. +func compareMeasurements(refM comid.Measurement, evM comid.Measurement) bool { + // RawValue comparison + if refM.Val.RawValue != nil { + if evM.Val.RawValue == nil { + return false + } + + refDigest, _ := refM.Val.RawValue.GetBytes() + return evM.Val.RawValue.CompareAgainstReference(refDigest, nil) + } + + // Digests comparison + if refM.Val.Digests != nil { + if evM.Val.Digests == nil { + return false + } + + return evM.Val.Digests.CompareAgainstReference(*refM.Val.Digests) + } + + // SVN comparison + if refM.Val.SVN != nil { + if evM.Val.SVN == nil { + log.Debugf("evidence doesn't have SVN") + return false + } + + if c, ok := evM.Val.SVN.Value.(*comid.TaggedSVN); ok { + if r, ok := refM.Val.SVN.Value.(*comid.TaggedSVN); ok { + return c.CompareAgainstRefSVN(*r) + } else if r, ok := refM.Val.SVN.Value.(*comid.TaggedMinSVN); ok { + return c.CompareAgainstRefMinSVN(*r) + } else { + log.Debugf("unknown refVal SVN type") + return false + } + } else if c, ok := evM.Val.SVN.Value.(*comid.TaggedMinSVN); ok { + if r, ok := refM.Val.SVN.Value.(*comid.TaggedMinSVN); ok { + return c.Equal(*r) + } + log.Debugf("can't compare TaggedMinSVN against TaggedSVN") + return false + } else { + log.Debugf("unknown evidence SVN type") + return false + } + } + + return true +} + +// AppraiseEvidence confirms if the claims in the evidence match with the provisioned +// reference values. +// +// Appraisal can confirm if the evidence is genuinely generated by AMD +// hardware and if SEV-SNP enables memory encryption. As such, set the +// "Hardware" and "RuntimeOpaque" values in the trustworthiness vector; +// we can't infer other aspects of the vector from SEV-SNP evidence alone. +func (o EvidenceHandler) AppraiseEvidence( + ec *proto.EvidenceContext, + endorsementsStrings []string, +) (*ear.AttestationResult, error) { + var ( + err error + evidenceMap map[string]interface{} + ) + + refVal, err := refvalToComidTriple(endorsementsStrings) + if err != nil { + return nil, err + } + + evidence, err := evidenceToComidTriple(ec) + if err != nil { + return nil, err + } + + result := handler.CreateAttestationResult(SchemeName) + + appraisal := result.Submods[SchemeName] + + appraisal.TrustVector.InstanceIdentity = ear.NoClaim + appraisal.TrustVector.Executables = ear.NoClaim + appraisal.TrustVector.Configuration = ear.NoClaim + appraisal.TrustVector.FileSystem = ear.NoClaim + appraisal.TrustVector.StorageOpaque = ear.NoClaim + appraisal.TrustVector.SourcedData = ear.NoClaim + appraisal.TrustVector.Hardware = ear.UnsafeHardwareClaim + appraisal.TrustVector.RuntimeOpaque = ear.VisibleMemoryRuntimeClaim + + for _, m := range refVal.Measurements.Values { + var ( + k uint64 + em *comid.Measurement + ) + + k, err = m.Key.GetKeyUint() + if err != nil { + break + } + + // REPORT_ID is ephemeral, so we can't use it for verification. + // REPORT_DATA is client-supplied , which we aren't using for + // verification in this scheme. + if k == mKeyReportData || k == mKeyReportID { + continue + } + + em, err = measurementByUintKey(*evidence, k) + if err != nil { + break + } + + if em == nil { + err = fmt.Errorf("MKey %d not found in Evidence", k) + break + } + + if !compareMeasurements(m, *em) { + err = fmt.Errorf("MKey %d in reference value doesn't match with evidence", k) + break + } + } + + if err == nil { + appraisal.TrustVector.Hardware = ear.GenuineHardwareClaim + appraisal.TrustVector.RuntimeOpaque = ear.EncryptedMemoryRuntimeClaim + } + + appraisal.UpdateStatusFromTrustVector() + + evidenceJson, err := json.Marshal(evidence) + if err != nil { + return nil, err + } + + err = json.Unmarshal(evidenceJson, &evidenceMap) + if err != nil { + return nil, err + } + + appraisal.VeraisonAnnotatedEvidence = &evidenceMap + + return result, err +} diff --git a/scheme/sevsnp/evidence_handler_test.go b/scheme/sevsnp/evidence_handler_test.go new file mode 100644 index 00000000..9314f7a2 --- /dev/null +++ b/scheme/sevsnp/evidence_handler_test.go @@ -0,0 +1,105 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +import ( + "encoding/json" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/veraison/ear" + "github.com/veraison/services/proto" +) + +var testNonce = []byte{ + 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, + 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, + 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, + 0x1f, 0x1e, 0x1d, 0x1c, 0x1b, 0x1a, 0x19, 0x18, +} + +func Test_ExtractClaims_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/sevsnp-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/ta-endorsement.json") + require.NoError(t, err) + + handler := &EvidenceHandler{} + + token := proto.AttestationToken{ + TenantId: "0", + Data: tokenBytes, + Nonce: testNonce, + } + ta := string(taEndValBytes) + claims, err := handler.ExtractClaims(&token, []string{ta}) + + require.NoError(t, err) + assert.Equal(t, "http://amd.com/2024/snp-corim-profile", claims["profile"].(string)) +} + +func Test_ValidateEvidenceIntegrity_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/sevsnp-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/ta-endorsement.json") + require.NoError(t, err) + + handler := &EvidenceHandler{} + + token := proto.AttestationToken{ + TenantId: "0", + Data: tokenBytes, + Nonce: testNonce, + } + + ta := string(taEndValBytes) + err = handler.ValidateEvidenceIntegrity(&token, []string{ta}, nil) + + assert.NoError(t, err) +} + +func Test_ValidateEvidenceIntegrity_BadTA(t *testing.T) { + tokenBytes, err := os.ReadFile("test/sevsnp-token.cbor") + require.NoError(t, err) + + taEndValBytes, err := os.ReadFile("test/ta-endorsement-bad.json") + require.NoError(t, err) + + handler := &EvidenceHandler{} + + token := proto.AttestationToken{ + TenantId: "0", + Data: tokenBytes, + Nonce: testNonce, + } + + ta := string(taEndValBytes) + err = handler.ValidateEvidenceIntegrity(&token, []string{ta}, nil) + + assert.EqualError(t, err, "ARK in evidence does not match provisioned ARK") +} + +func Test_AppraiseEvidence_ok(t *testing.T) { + extractedBytes, err := os.ReadFile("test/extracted.json") + require.NoError(t, err) + + var ec proto.EvidenceContext + err = json.Unmarshal(extractedBytes, &ec) + require.NoError(t, err) + + endorsementsBytes, err := os.ReadFile("test/refval-endorsement.json") + require.NoError(t, err) + + handler := &EvidenceHandler{} + + result, err := handler.AppraiseEvidence(&ec, []string{string(endorsementsBytes)}) + require.NoError(t, err) + + attestation := result.Submods["SEVSNP"] + + assert.Equal(t, ear.TrustTierAffirming, *attestation.Status) +} diff --git a/scheme/sevsnp/extractor.go b/scheme/sevsnp/extractor.go new file mode 100644 index 00000000..a3d73900 --- /dev/null +++ b/scheme/sevsnp/extractor.go @@ -0,0 +1,66 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package sevsnp + +import ( + "encoding/json" + "fmt" + + "github.com/veraison/corim/comid" + "github.com/veraison/services/handler" +) + +type Extractor struct { + Profile string +} + +// RefValExtractor stores the CoMID values triples in the database as-is. +func (o Extractor) RefValExtractor(rvs comid.ValueTriples) ([]*handler.Endorsement, error) { + refVals := make([]*handler.Endorsement, 0, len(rvs.Values)) + + for _, rv := range rvs.Values { + rvAttrs, err := json.Marshal(&rv) + if err != nil { + return nil, err + } + + refVal := &handler.Endorsement{ + Scheme: SchemeName, + Type: handler.EndorsementType_REFERENCE_VALUE, + SubType: "measurements", + Attributes: rvAttrs, + } + + refVals = append(refVals, refVal) + } + + return refVals, nil +} + +// TaExtractor Processes the verification keys supplied in the Endorsement +// +// The trust anchor for SEV-SNP is AMD Root Key (ARK). Stores the key triple in the database as-is. +func (o Extractor) TaExtractor(avk comid.KeyTriple) (*handler.Endorsement, error) { + if len(avk.VerifKeys) > 1 { + return nil, fmt.Errorf("expecting at most one key, got %d keys", len(avk.VerifKeys)) + } + + taAttrs, err := json.Marshal(&avk) + if err != nil { + return nil, err + } + + ta := &handler.Endorsement{ + Scheme: SchemeName, + Type: handler.EndorsementType_VERIFICATION_KEY, + Attributes: taAttrs, + } + + return ta, nil +} + +// SetProfile sets the extractor profile +func (o Extractor) SetProfile(profile string) { + o.Profile = profile //nolint:staticcheck +} diff --git a/scheme/sevsnp/plugin/Makefile b/scheme/sevsnp/plugin/Makefile new file mode 100644 index 00000000..c4428d4f --- /dev/null +++ b/scheme/sevsnp/plugin/Makefile @@ -0,0 +1,13 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +ifndef COMBINED_PLUGINS + SUBDIR += endorsement-handler + SUBDIR += evidence-handler + SUBDIR += store-handler +else + SUBDIR += combined +endif + +include ../../../mk/common.mk +include ../../../mk/subdir.mk diff --git a/scheme/sevsnp/plugin/combined/Makefile b/scheme/sevsnp/plugin/combined/Makefile new file mode 100644 index 00000000..eb99b10a --- /dev/null +++ b/scheme/sevsnp/plugin/combined/Makefile @@ -0,0 +1,11 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +PLUGIN := ../../../bin/sevsnp.plugin +GOPKG := github.com/veraison/services/scheme/sevsnp +SRCS := main.go + +include ../../../../mk/common.mk +include ../../../../mk/plugin.mk +include ../../../../mk/lint.mk +include ../../../../mk/test.mk diff --git a/scheme/sevsnp/plugin/combined/main.go b/scheme/sevsnp/plugin/combined/main.go new file mode 100644 index 00000000..17329190 --- /dev/null +++ b/scheme/sevsnp/plugin/combined/main.go @@ -0,0 +1,16 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "github.com/veraison/services/handler" + "github.com/veraison/services/plugin" + scheme "github.com/veraison/services/scheme/sevsnp" +) + +func main() { + handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{}) + handler.RegisterEvidenceHandler(&scheme.EvidenceHandler{}) + handler.RegisterStoreHandler(&scheme.StoreHandler{}) + plugin.Serve() +} diff --git a/scheme/sevsnp/plugin/endorsement-handler/Makefile b/scheme/sevsnp/plugin/endorsement-handler/Makefile new file mode 100644 index 00000000..fc2cf8da --- /dev/null +++ b/scheme/sevsnp/plugin/endorsement-handler/Makefile @@ -0,0 +1,11 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +PLUGIN := ../../../bin/sevsnp-endorsement-handler.plugin +GOPKG := github.com/veraison/services/scheme/sevsnp +SRCS := main.go + +include ../../../../mk/common.mk +include ../../../../mk/plugin.mk +include ../../../../mk/lint.mk +include ../../../../mk/test.mk diff --git a/scheme/sevsnp/plugin/endorsement-handler/main.go b/scheme/sevsnp/plugin/endorsement-handler/main.go new file mode 100644 index 00000000..d8349094 --- /dev/null +++ b/scheme/sevsnp/plugin/endorsement-handler/main.go @@ -0,0 +1,14 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "github.com/veraison/services/handler" + "github.com/veraison/services/plugin" + scheme "github.com/veraison/services/scheme/sevsnp" +) + +func main() { + handler.RegisterEndorsementHandler(&scheme.EndorsementHandler{}) + plugin.Serve() +} diff --git a/scheme/sevsnp/plugin/evidence-handler/Makefile b/scheme/sevsnp/plugin/evidence-handler/Makefile new file mode 100644 index 00000000..67e4a5ff --- /dev/null +++ b/scheme/sevsnp/plugin/evidence-handler/Makefile @@ -0,0 +1,11 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +PLUGIN := ../../../bin/sevsnp-evidence-handler.plugin +GOPKG := github.com/veraison/services/scheme/sevsnp +SRCS := main.go + +include ../../../../mk/common.mk +include ../../../../mk/plugin.mk +include ../../../../mk/lint.mk +include ../../../../mk/test.mk diff --git a/scheme/sevsnp/plugin/evidence-handler/main.go b/scheme/sevsnp/plugin/evidence-handler/main.go new file mode 100644 index 00000000..9ed8f5c4 --- /dev/null +++ b/scheme/sevsnp/plugin/evidence-handler/main.go @@ -0,0 +1,14 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "github.com/veraison/services/handler" + "github.com/veraison/services/plugin" + scheme "github.com/veraison/services/scheme/sevsnp" +) + +func main() { + handler.RegisterEvidenceHandler(&scheme.EvidenceHandler{}) + plugin.Serve() +} diff --git a/scheme/sevsnp/plugin/store-handler/Makefile b/scheme/sevsnp/plugin/store-handler/Makefile new file mode 100644 index 00000000..c309f787 --- /dev/null +++ b/scheme/sevsnp/plugin/store-handler/Makefile @@ -0,0 +1,11 @@ +# Copyright 2025 Contributors to the Veraison project. +# SPDX-License-Identifier: Apache-2.0 + +PLUGIN := ../../../bin/sevsnp-store-handler.plugin +GOPKG := github.com/veraison/services/scheme/sevsnp +SRCS := main.go + +include ../../../../mk/common.mk +include ../../../../mk/plugin.mk +include ../../../../mk/lint.mk +include ../../../../mk/test.mk diff --git a/scheme/sevsnp/plugin/store-handler/main.go b/scheme/sevsnp/plugin/store-handler/main.go new file mode 100644 index 00000000..63d58c94 --- /dev/null +++ b/scheme/sevsnp/plugin/store-handler/main.go @@ -0,0 +1,14 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package main + +import ( + "github.com/veraison/services/handler" + "github.com/veraison/services/plugin" + scheme "github.com/veraison/services/scheme/sevsnp" +) + +func main() { + handler.RegisterStoreHandler(&scheme.StoreHandler{}) + plugin.Serve() +} diff --git a/scheme/sevsnp/scheme.go b/scheme/sevsnp/scheme.go new file mode 100644 index 00000000..e60acbdd --- /dev/null +++ b/scheme/sevsnp/scheme.go @@ -0,0 +1,28 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +const ( + SchemeName = "SEVSNP" + EndorsementMediaTypeRV = `application/corim-unsigned+cbor; profile="tag:amd.com,2024:snp-corim-profile"` + // ToDo: check media type for AMD ARK + EndorsementMediaTypeTA = `application/corim-unsigned+cbor; profile="https://amd.com/ark"` + EvidenceMediaType = "application/vnd.veraison.tsm-report+cbor" +) + +var ( + EndorsementMediaTypes = []string{ + EndorsementMediaTypeRV, + EndorsementMediaTypeTA, + } + + EvidenceMediaTypes = []string{ + EvidenceMediaType, + } +) + +const ( + mKeyReportData = 640 + mKeyMeasurement = 641 + mKeyReportID = 645 +) diff --git a/scheme/sevsnp/store_handler.go b/scheme/sevsnp/store_handler.go new file mode 100644 index 00000000..2a9550c1 --- /dev/null +++ b/scheme/sevsnp/store_handler.go @@ -0,0 +1,193 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package sevsnp + +import ( + "crypto/x509" + "encoding/hex" + "encoding/json" + "encoding/pem" + "fmt" + "net/url" + + "github.com/veraison/corim/comid" + "github.com/veraison/ratsd/tokens" + "github.com/veraison/services/handler" + "github.com/veraison/services/proto" +) + +// StoreHandler implements the IStoreHandler interface handler for SEVSNP scheme +type StoreHandler struct{} + +// GetName returns the name of this StoreHandler instance +func (s StoreHandler) GetName() string { + return fmt.Sprintf("%s-store-handler", SchemeName) +} + +// GetAttestationScheme returns the attestation scheme +func (s StoreHandler) GetAttestationScheme() string { + return SchemeName +} + +// GetSupportedMediaTypes returns the supported media types; no-op for SEVSNP +func (s StoreHandler) GetSupportedMediaTypes() []string { + return nil +} + +// getRefValKey helper to compute RefVal key from CoMID value triple +func getRefValKey(rv comid.ValueTriple, tenantID string) (string, error) { + m, err := measurementByUintKey(rv, mKeyMeasurement) + if err != nil { + return "", err + } + + if m == nil { + return "", fmt.Errorf("measurement not found") + } + + d := m.Val.Digests + + u := url.URL{ + Scheme: SchemeName, + Host: tenantID, + Path: hex.EncodeToString((*d)[0].HashValue), + } + + return u.String(), nil +} + +// SynthKeysFromRefValue constructs SEV-SNP reference value of the form +// "SEVSNP:///". The measurement +// is unique to an attester instance and, as such, is +// the best candidate to use as the key. +func (s StoreHandler) SynthKeysFromRefValue( + tenantID string, + refValue *handler.Endorsement, +) ([]string, error) { + var rv comid.ValueTriple + + err := json.Unmarshal(refValue.Attributes, &rv) + if err != nil { + return nil, err + } + + refValKey, err := getRefValKey(rv, tenantID) + if err != nil { + return nil, err + } + + return []string{refValKey}, nil +} + +// SynthKeysFromTrustAnchor constructs the SEV-SNP Trust Anchor key. The +// key format is "SEVSNP://". For example, "SEV-SNP://ARK-Milan" +// +// AMD's Root Key (ARK) is the only Trust Anchor for SEV-SNP. +// +// The attester supplies all the keys in the certificate chain +// for verification. During verification, the scheme must ensure that +// the ARK in the evidence chains back to the provisioned Trust Anchor. +func (s StoreHandler) SynthKeysFromTrustAnchor(_ string, ta *handler.Endorsement) ([]string, error) { + var avk comid.KeyTriple + + err := json.Unmarshal(ta.Attributes, &avk) + if err != nil { + return nil, err + } + + ark := avk.VerifKeys[0] + + keyBlock, _ := pem.Decode([]byte(ark.String())) + if keyBlock == nil || keyBlock.Type != "CERTIFICATE" { + return nil, fmt.Errorf("failed to decode ARK") + } + + cert, err := x509.ParseCertificate(keyBlock.Bytes) + if err != nil { + return nil, err + } + + u := url.URL{ + Scheme: SchemeName, + Path: cert.Issuer.CommonName, + } + + return []string{u.String()}, nil +} + +// GetTrustAnchorIDs gets the TA ID from evidence +// +// "auxblob" in the TSM report contains a certificate +// table. Extract ARK from it and construct the TA key. +func (s StoreHandler) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) { + var tsm tokens.TSMReport + + err := tsm.FromCBOR(token.Data) + if err != nil { + return nil, err + } + + ark, err := getARK(tsm.AuxBlob) + if err != nil { + return nil, err + } + + keyBlock, _ := pem.Decode(ark) + if keyBlock == nil || keyBlock.Type != "CERTIFICATE" { + return nil, fmt.Errorf("failed to decode ARK") + } + + cert, err := x509.ParseCertificate(keyBlock.Bytes) + if err != nil { + return nil, err + } + + u := url.URL{ + Scheme: SchemeName, + Path: cert.Issuer.CommonName, + } + + return []string{u.String()}, nil +} + +// GetRefValueIDs gets the refval key from the claims set. Looks up +// "measurement" using its MKey (641) and construct the refval key. +// +// Reference value key for SEV-SNP is of the form +// "SEVSNP:///", as explained +// in SynthKeysFromRefValue. +func (s StoreHandler) GetRefValueIDs( + tenantID string, + _ []string, + claims map[string]interface{}, +) ([]string, error) { + claimsJson, err := json.Marshal(claims) + if err != nil { + return nil, err + } + + extractedComid, err := comidFromJson(claimsJson) + if err != nil { + return nil, err + } + + if len(extractedComid.Triples.ReferenceValues.Values) > 1 { + return nil, fmt.Errorf("unable to process multiple claims in evidence") + } + + m, err := measurementByUintKey(extractedComid.Triples.ReferenceValues.Values[0], mKeyMeasurement) + if err != nil { + return nil, err + } + + digest := hex.EncodeToString((*m.Val.Digests)[0].HashValue) + + u := url.URL{ + Scheme: SchemeName, + Host: tenantID, + Path: digest, + } + + return []string{u.String()}, nil +} diff --git a/scheme/sevsnp/store_handler_test.go b/scheme/sevsnp/store_handler_test.go new file mode 100644 index 00000000..d184a9f0 --- /dev/null +++ b/scheme/sevsnp/store_handler_test.go @@ -0,0 +1,85 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +import ( + "encoding/json" + "github.com/veraison/services/proto" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/veraison/services/handler" +) + +func Test_SynthKeysFromRefValue_ok(t *testing.T) { + var e handler.Endorsement + + endorsementsBytes, err := os.ReadFile("test/refval-endorsement.json") + require.NoError(t, err) + + err = json.Unmarshal(endorsementsBytes, &e) + require.NoError(t, err) + expectedKey := "SEVSNP://0/7a505b428ce2feddb2453f19c5a6d3b4b6e6cd079eacccd4de2400924cdee86b7a9285c62327536448048b977dccc4a8" + + scheme := &StoreHandler{} + keys, err := scheme.SynthKeysFromRefValue("0", &e) + require.NoError(t, err) + assert.Equal(t, expectedKey, keys[0]) + +} + +func Test_SynthKeysFromTrustAnchor_ok(t *testing.T) { + var e handler.Endorsement + + endorsementsBytes, err := os.ReadFile("test/ta-endorsement.json") + require.NoError(t, err) + + err = json.Unmarshal(endorsementsBytes, &e) + require.NoError(t, err) + + expectedKey := "SEVSNP://ARK-Milan" + + scheme := &StoreHandler{} + keys, err := scheme.SynthKeysFromTrustAnchor("0", &e) + require.NoError(t, err) + assert.Equal(t, expectedKey, keys[0]) + +} + +func Test_GetTrustAnchorIDs_ok(t *testing.T) { + tokenBytes, err := os.ReadFile("test/sevsnp-token.cbor") + require.NoError(t, err) + + token := proto.AttestationToken{ + TenantId: "0", + Data: tokenBytes, + Nonce: testNonce, + } + + expectedTaID := "SEVSNP://ARK-Milan" + + handler := &StoreHandler{} + + taIDs, err := handler.GetTrustAnchorIDs(&token) + require.NoError(t, err) + assert.Equal(t, 1, len(taIDs)) + assert.Equal(t, expectedTaID, taIDs[0]) +} + +func Test_GetRefValueIDs_ok(t *testing.T) { + rawToken, err := os.ReadFile("test/sevsnp-token.json") + require.NoError(t, err) + + claims := make(map[string]interface{}) + err = json.Unmarshal(rawToken, &claims) + require.NoError(t, err) + + expectedRefvalIDs := []string{"SEVSNP://0/7a505b428ce2feddb2453f19c5a6d3b4b6e6cd079eacccd4de2400924cdee86b7a9285c62327536448048b977dccc4a8"} + + scheme := &StoreHandler{} + refvalIDs, err := scheme.GetRefValueIDs("0", nil, claims) + require.NoError(t, err) + assert.Equal(t, expectedRefvalIDs, refvalIDs) +} diff --git a/scheme/sevsnp/test/corim/unsignedCorimSevSnp.cbor b/scheme/sevsnp/test/corim/unsignedCorimSevSnp.cbor new file mode 100644 index 00000000..61bb0388 Binary files /dev/null and b/scheme/sevsnp/test/corim/unsignedCorimSevSnp.cbor differ diff --git a/scheme/sevsnp/test/extracted.json b/scheme/sevsnp/test/extracted.json new file mode 100644 index 00000000..ee19271a --- /dev/null +++ b/scheme/sevsnp/test/extracted.json @@ -0,0 +1,16 @@ +{ + "tenant-id": "0", + "trust-anchor-ids": [ + "SEVSNP://ARK-Milan" + ], + "reference-ids": [ + "SEVSNP://0/7a505b428ce2feddb2453f19c5a6d3b4b6e6cd079eacccd4de2400924cdee86b7a9285c62327536448048b977dccc4a8" + ], + "evidence": { + "corim-id": "unknown type for tag-id", + "profile": "http://amd.com/2024/snp-corim-profile", + "tags": [ + "2QH6owBlZW4tR0IBoQBQID5rEAv7TbOnMFdvpjTnDAShAIGCogChANhvSSsGAQQBnHgDAQHZAjBYQMKmUotzZOB+n1xlOrOqDb1zhPmoDf3lTMZD3buJ2JNkJf+KMlaMpu13ECDcOcM8z/s7Q8rAxQGgCTytYBLf0+2VogAAAaEAogBhMwEEogABAaEB2QIpAKIAAgGhBNkCMEgAAAAAAAMAAKIAAwGhBNkCMFAAAAAAAAAAAAAAAAAAAAAAogAEAaEE2QIwUAAAAAAAAAAAAAAAAAAAAACiAAUBoQTZAjBEAAAAAKIABgGhAdkCKBvbGAAAAAAABKIABwGhBNkCMEgAAAAAAAAAJaIAGQKAAaEE2QIwWEB1GEqFFca9sVESgVS/smsUbXNIigXFjWwRffBdyN5+s1gXYPHYA5nvNf1j4pAgYY4CR5YdjjZHeo9aObAp7qB1ogAZAoEBoQKBggdYMHpQW0KM4v7dskU/GcWm07S25s0HnqzM1N4kAJJM3uhrepKFxiMnU2RIBIuXfczEqKIAGQKFAaEE2QIwWCD/5zoLo3n7Jeq7bC+3UBuZpm6s+Sv3raCnVqOxZCtc5KIAGQKGAaEE2QIwWCD//////////////////////////////////////////6IAGQKHAaEB2QIoG9sYAAAAAAAEogAZAogBoQTZAjBBGaIAGQKJAaEE2QIwQQGiABkCigGhBNkCMEEBogAZDQABoQTZAjBYQMKmUotzZOB+n1xlOrOqDb1zhPmoDf3lTMZD3buJ2JNkJf+KMlaMpu13ECDcOcM8z/s7Q8rAxQGgCTytYBLf0+2iABkNAQGhAdkCKBvbGAAAAAAABKIAGQ0CAaEAogBnMS41NS4yOQEZQACiABkPYAGhAKIAZzEuNTUuMjkBGUAAogAZD4ABoQHZAigb2xgAAAAAAAQ=" + ] + } +} \ No newline at end of file diff --git a/scheme/sevsnp/test/refval-endorsement.json b/scheme/sevsnp/test/refval-endorsement.json new file mode 100644 index 00000000..279da255 --- /dev/null +++ b/scheme/sevsnp/test/refval-endorsement.json @@ -0,0 +1,272 @@ +{ + "scheme": "SEVSNP", + "type": "reference value", + "subType": "measurements", + "attributes": { + "environment": { + "class": { + "id": { + "type": "oid", + "value": "1.3.6.1.4.1.3704.3.1" + } + }, + "instance": { + "type": "bytes", + "value": "wqZSi3Nk4H6fXGU6s6oNvXOE+agN/eVMxkPdu4nYk2Ql/4oyVoym7XcQINw5wzzP+ztDysDFAaAJPK1gEt/T7Q==" + } + }, + "measurements": [ + { + "key": { + "type": "uint", + "value": 0 + }, + "value": { + "version": { + "value": "3", + "scheme": "decimal" + } + } + }, + { + "key": { + "type": "uint", + "value": 1 + }, + "value": { + "svn": { + "type": "min-value", + "value": 0 + } + } + }, + { + "key": { + "type": "uint", + "value": 2 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AAAAAAADAAA=" + } + } + }, + { + "key": { + "type": "uint", + "value": 3 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAA==" + } + } + }, + { + "key": { + "type": "uint", + "value": 4 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AAAAAAAAAAAAAAAAAAAAAA==" + } + } + }, + { + "key": { + "type": "uint", + "value": 5 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AAAAAA==" + } + } + }, + { + "key": { + "type": "uint", + "value": 6 + }, + "value": { + "svn": { + "type": "exact-value", + "value": 15787368493747273732 + } + } + }, + { + "key": { + "type": "uint", + "value": 7 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AAAAAAAAACU=" + } + } + }, + { + "key": { + "type": "uint", + "value": 640 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "dRhKhRXGvbFREoFUv7JrFG1zSIoFxY1sEX3wXcjefrNYF2Dx2AOZ7zX9Y+KQIGGOAkeWHY42R3qPWjmwKe6gdQ==" + } + } + }, + { + "key": { + "type": "uint", + "value": 641 + }, + "value": { + "digests": [ + "sha-384;elBbQozi/t2yRT8ZxabTtLbmzQeerMzU3iQAkkze6Gt6koXGIydTZEgEi5d9zMSo" + ] + } + }, + { + "key": { + "type": "uint", + "value": 645 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "/+c6C6N5+yXqu2wvt1AbmaZurPkr962gp1ajsWQrXOQ=" + } + } + }, + { + "key": { + "type": "uint", + "value": 646 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "//////////////////////////////////////////8=" + } + } + }, + { + "key": { + "type": "uint", + "value": 647 + }, + "value": { + "svn": { + "type": "exact-value", + "value": 15787368493747273732 + } + } + }, + { + "key": { + "type": "uint", + "value": 648 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "GQ==" + } + } + }, + { + "key": { + "type": "uint", + "value": 649 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQ==" + } + } + }, + { + "key": { + "type": "uint", + "value": 650 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "AQ==" + } + } + }, + { + "key": { + "type": "uint", + "value": 3328 + }, + "value": { + "raw-value": { + "type": "bytes", + "value": "wqZSi3Nk4H6fXGU6s6oNvXOE+agN/eVMxkPdu4nYk2Ql/4oyVoym7XcQINw5wzzP+ztDysDFAaAJPK1gEt/T7Q==" + } + } + }, + { + "key": { + "type": "uint", + "value": 3329 + }, + "value": { + "svn": { + "type": "exact-value", + "value": 15787368493747273732 + } + } + }, + { + "key": { + "type": "uint", + "value": 3330 + }, + "value": { + "version": { + "value": "1.55.29", + "scheme": "semver" + } + } + }, + { + "key": { + "type": "uint", + "value": 3936 + }, + "value": { + "version": { + "value": "1.55.29", + "scheme": "semver" + } + } + }, + { + "key": { + "type": "uint", + "value": 3968 + }, + "value": { + "svn": { + "type": "exact-value", + "value": 15787368493747273732 + } + } + } + ] + } +} \ No newline at end of file diff --git a/scheme/sevsnp/test/refval-prov.cbor b/scheme/sevsnp/test/refval-prov.cbor new file mode 100644 index 00000000..4f5ea9c0 Binary files /dev/null and b/scheme/sevsnp/test/refval-prov.cbor differ diff --git a/scheme/sevsnp/test/sevsnp-token.cbor b/scheme/sevsnp/test/sevsnp-token.cbor new file mode 100644 index 00000000..66008fa0 Binary files /dev/null and b/scheme/sevsnp/test/sevsnp-token.cbor differ diff --git a/scheme/sevsnp/test/sevsnp-token.json b/scheme/sevsnp/test/sevsnp-token.json new file mode 100644 index 00000000..44caa4b3 --- /dev/null +++ b/scheme/sevsnp/test/sevsnp-token.json @@ -0,0 +1,7 @@ +{ + "corim-id": "unknown type for tag-id", + "tags": [ + "2QH6owBlZW4tR0IBoQBQFIc3ype7QvKd5zZ8DDkp9AShAIGCogChANhvSSsGAQQBnHgDAQHZAjBYQMKmUotzZOB+n1xlOrOqDb1zhPmoDf3lTMZD3buJ2JNkJf+KMlaMpu13ECDcOcM8z/s7Q8rAxQGgCTytYBLf0+2VogAAAaEAogBhMwEEogABAaEB2QIpAKIAAgGhBNkCMEgAAAAAAAMAAKIAAwGhBNkCMFAAAAAAAAAAAAAAAAAAAAAAogAEAaEE2QIwUAAAAAAAAAAAAAAAAAAAAACiAAUBoQTZAjBEAAAAAKIABgGhAdkCKBvbGAAAAAAABKIABwGhBNkCMEgAAAAAAAAAJaIAGQKAAaEE2QIwWEB1GEqFFca9sVESgVS/smsUbXNIigXFjWwRffBdyN5+s1gXYPHYA5nvNf1j4pAgYY4CR5YdjjZHeo9aObAp7qB1ogAZAoEBoQKBggdYMHpQW0KM4v7dskU/GcWm07S25s0HnqzM1N4kAJJM3uhrepKFxiMnU2RIBIuXfczEqKIAGQKFAaEE2QIwWCD/5zoLo3n7Jeq7bC+3UBuZpm6s+Sv3raCnVqOxZCtc5KIAGQKGAaEE2QIwWCD//////////////////////////////////////////6IAGQKHAaEB2QIoG9sYAAAAAAAEogAZAogBoQTZAjBBGaIAGQKJAaEE2QIwQQGiABkCigGhBNkCMEEBogAZDQABoQTZAjBYQMKmUotzZOB+n1xlOrOqDb1zhPmoDf3lTMZD3buJ2JNkJf+KMlaMpu13ECDcOcM8z/s7Q8rAxQGgCTytYBLf0+2iABkNAQGhAdkCKBvbGAAAAAAABKIAGQ0CAaEAogBnMS41NS4yOQEZQACiABkPYAGhAKIAZzEuNTUuMjkBGUAAogAZD4ABoQHZAigb2xgAAAAAAAQ=" + ], + "profile": "http://amd.com/2024/snp-corim-profile" +} diff --git a/scheme/sevsnp/test/ta-endorsement-bad.json b/scheme/sevsnp/test/ta-endorsement-bad.json new file mode 100644 index 00000000..16f685bb --- /dev/null +++ b/scheme/sevsnp/test/ta-endorsement-bad.json @@ -0,0 +1,19 @@ +{ + "scheme": "SEVSNP", + "type": "trust anchor", + "subType": "", + "attributes": { + "environment": { + "class": { + "vendor": "AMD", + "model": "Milan" + } + }, + "verification-keys": [ + { + "type": "pkix-base64-cert", + "value":"-----BEGIN CERTIFICATE-----\nMIIFQzCCAvegAwIBAgIBADBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAgUA\noRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATAwezEUMBIGA1UECwwL\nRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEL\nMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2VkIE1pY3JvIERldmljZXMxEjAQ\nBgNVBAMMCVNFVi1NaWxhbjAeFw0yNTAxMjcyMzE3MDRaFw0zMjAxMjcyMzE3MDRa\nMHoxFDASBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwL\nU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNy\nbyBEZXZpY2VzMREwDwYDVQQDDAhTRVYtVkNFSzB2MBAGByqGSM49AgEGBSuBBAAi\nA2IABCoUIuBoilHXQKx+9uMHC3j+JjMdzzlVQCshIlhcCQAcpkZb2M9ixLc9ezJg\nrH2u2auDkN4dCDVJXMtrc+4kmK5aZb8GP0EIqbAPv7tFx3ebGdbJWF+d/EH3Yaoi\nlnlFaaOCARcwggETMBAGCSsGAQQBnHgBAQQDAgEAMBcGCSsGAQQBnHgBAgQKFghN\naWxhbi1CMDARBgorBgEEAZx4AQMBBAMCAQQwEQYKKwYBBAGceAEDAgQDAgEAMBEG\nCisGAQQBnHgBAwQEAwIBADARBgorBgEEAZx4AQMFBAMCAQAwEQYKKwYBBAGceAED\nBgQDAgEAMBEGCisGAQQBnHgBAwcEAwIBADARBgorBgEEAZx4AQMDBAMCARgwEgYK\nKwYBBAGceAEDCAQEAgIA2zBNBgkrBgEEAZx4AQQEQMKmUotzZOB+n1xlOrOqDb1z\nhPmoDf3lTMZD3buJ2JNkJf+KMlaMpu13ECDcOcM8z/s7Q8rAxQGgCTytYBLf0+0w\nQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDAN\nBglghkgBZQMEAgIFAKIDAgEwA4ICAQAlLqDsAbNdEYToxSGiuS4hoa66OvHXHla/\nhoeEtwrf91IPPvSdZJwdb6lMfVx7Ez9PXndnRIML0t/N+x5dKlSpjPUea8ETaFvr\nBfCANXO9xAuTZZJQ3KdyjR0p8781CM9Z/YoT0/wiWCqg96xj3WuvC03pJRuQHOhz\n7/KvPOs6YXRU2h/BVd48NkKaQcgv3t4nviTBg6pIYe8omLzCe98MO3OU9bf3iDP3\nYtcLMmojQcV53r+DFGlzxfP5U7n8Qz87GbMhKoVmo+HaACKEDs5gjoMtE85bvuCV\nZw3hNxsqmcZQoFbhE6oZPF9d3/5iz0nTz1WR8QGDsRVA7j04sjYtYnTxqVuTQGbW\n19KB9H52OlT/LWkVy4WBsfeP1PZi/LaneI2bO8muUE0F3fAw85FigzXrJsYYz7gX\nCcsdi5ZZVtKarbpVvKJNgAkJN100WQB4ERQxHu0i5iHsuZKvcGZNBIRneWqcXbtW\nLNa3ME6jV+/Bc8vQFgcGago2bqEmoJo+g81AHD1rqbIya8gVvVC+J0ZbYXtxSZJS\nKyKOEUcKXMcdoow0AsdIF2KVs8/xpiVIgh8MF6Vk1pPxhHx4mIlhgg3t46xKzKKJ\npuyP5wLw1Ji8Ia3VaJvPyP1XFlbzwL71iNEkUI2jkfB6xozmYZsBOVKsJe2PVeNu\nMd3Wy3hVWA==\n-----END CERTIFICATE-----" + } + ] + } +} \ No newline at end of file diff --git a/scheme/sevsnp/test/ta-endorsement.json b/scheme/sevsnp/test/ta-endorsement.json new file mode 100644 index 00000000..c1353ec1 --- /dev/null +++ b/scheme/sevsnp/test/ta-endorsement.json @@ -0,0 +1,19 @@ +{ + "scheme": "SEVSNP", + "type": "trust anchor", + "subType": "", + "attributes": { + "environment": { + "class": { + "vendor": "AMD", + "model": "Milan" + } + }, + "verification-keys": [ + { + "type": "pkix-base64-cert", + "value": "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n" + } + ] + } +} \ No newline at end of file diff --git a/scheme/sevsnp/test/ta-prov.json b/scheme/sevsnp/test/ta-prov.json new file mode 100644 index 00000000..84d59d7b --- /dev/null +++ b/scheme/sevsnp/test/ta-prov.json @@ -0,0 +1,25 @@ +{ + "lang": "en-GB", + "tag-identity": { + "id": "a331c36f-09df-4d2a-9c04-8a64c0805c5d", + "version": 0 + }, + "triples": { + "attester-verification-keys": [ + { + "environment": { + "class": { + "vendor": "AMD", + "model": "Milan" + } + }, + "verification-keys": [ + { + "type": "pkix-base64-cert", + "value": "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----\n" + } + ] + } + ] + } +} diff --git a/scheme/sevsnp/test_vectors.go b/scheme/sevsnp/test_vectors.go new file mode 100644 index 00000000..bd278f2c --- /dev/null +++ b/scheme/sevsnp/test_vectors.go @@ -0,0 +1,11 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 +package sevsnp + +import _ "embed" + +var ( + // nolint:unused + //go:embed test/corim/unsignedCorimSevSnp.cbor + unsignedCorimSevSnp []byte +)