attestation: enable Azure TDX CRL checking

edgelesssys / constellation

Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing.

GNU Affero General Public License v3.0

903 stars 47 forks source link

attestation: enable Azure TDX CRL checking #3160

Closed daniel-weisse closed 3 weeks ago

daniel-weisse commented 3 weeks ago

Context

Azure updated their Intel TDX firmware, so its now actually compatible with the TCB info returned by Intel's PCS. This means we can use the PCS to perform CRL checks on the TDX certificates.

Proposed change(s)

Enable collateral retrieval and CRL checking for Azure TDX

Checklist

[x] Run the E2E tests that are relevant to this PR's changes
- Azure TDX e2e test

netlify[bot] commented 3 weeks ago

Deploy Preview for constellation-docs canceled.

Name	Link
Latest commit	4f46d12db894f1056eec68120d03c41f1114e74b
Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/6668128bb5817b00084bca24

github-actions[bot] commented 3 weeks ago

Coverage report

Package	Old	New	Trend
internal/attestation/azure/tdx	8.80%	8.80%	:construction: