3u13r
commented
11 months ago Hello,
the following points are already verified by Constellation:
We can now assert two statements are true, our agent runs:
On an AWS EC2 machine In a memory encrypted context
This is because AWS is enrolled with AMD to use a VLEK instead of a VCEK (https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf Section 3.6 and https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-attestation.html).
If you create a Constellation on AWS this is verified during constellation apply. To have a look at the VLEK certificate you can execute constellation verify. Sadly, AMD's specification is a bit behind their implementation. If you take the raw X.509 and have a look at the extension with OID 1.3.6.1.4.1.3704.1.5 it states CN=cc-eu-west-1.amazonaws.com.
Therefore, you already can prove that the VM is located in a specific AWS region. You cannot bind the name of the EC2 instance to the attestation but you have a better TCB since you don't have to reply on AWS' IMDS API. Does this already has the security properties you need? It would be great to have a clear picture of your requirements.
Also, with Constellation being a Kubernetes distribution pinning against concrete VM names sounds counter intuitive at first since e.g. on a Constellation upgrade all the nodes are replaced.
hpvd
Use case
Originally it is about things running within kubernetes, but I think it's worth to share - maybe this idea can somehow be adapted for hardening constellation:
https://control-plane.io/posts/spiffe-confidential-computing-august-2023/
spiffe intros: https://spiffe.io/ https://github.com/spiffe/spire https://control-plane.io/posts/spiffe-keystone-of-cloud-native/
and the spiffe plugin: RFC: SEV SNP Node Attestation Plugin https://github.com/spiffe/spire/issues/4469
Describe your solution
No response
Would you be willing to implement this feature?