Closed flihp closed 2 months ago
This is the output of my testing the fix for a recent hubris bug: https://github.com/oxidecomputer/hubris/issues/1777. It seems as though the fix works since hiffy commands that don't take any arguments work again:
$ HUMILITY_TARGET=gimletlet HUMILITY_ARCHIVE=../hubris/target/gimletlet/dist/default/build-gimletlet-image-default.zip verifier-cli --verbose --interface sprot log-len [DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "SpRot.log_len" [DEBUG verifier_cli] output: 0x214 [DEBUG verifier_cli] prefix stripped: "214" [DEBUG verifier_cli] output u32: 532 532
and this enables more complicated things like getting the cert chain associated with the alias key:
$ HUMILITY_TARGET=gimletlet HUMILITY_ARCHIVE=../hubris/target/gimletlet/dist/default/build-gimletlet-image-default.zip verifier-cli --interface sprot cert-chain -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
Unfortunately the attest command still seems to be broken but the breakage doesn't look related to hubris#1777. Through the RoT `attest works fine:
attest
$ HUMILITY_TARGET=rot-carrier HUMILITY_ARCHIVE=../hubris/target/rot-carrier/dist/a/build-rot-carrier-image-a.zip verifier-cli --verbose --interface rot attest ./nonce.bin > attest-rot.bin [DEBUG verifier_cli] executing command: "humility" "hiffy" "--call" "Attest.attest_len" [DEBUG verifier_cli] output: 0x41 [DEBUG verifier_cli] prefix stripped: "41" [DEBUG verifier_cli] output u32: 65 [DEBUG verifier_cli] executing command: "humility" "hiffy" "--call=Attest.attest" "--num=65" "--output=/tmp/.tmpaEFUrF" "--input=/tmp/.tmptJTwQT" [DEBUG verifier_cli] output: Attest.attest() => () Wrote 65 bytes to '/tmp/.tmpaEFUrF'
through sprot however we get an error:
The output is 65 bytes of 0's and the exit code indicates success though there is no success :(
this was a bug in hubris that has since been resolved
This is the output of my testing the fix for a recent hubris bug: https://github.com/oxidecomputer/hubris/issues/1777. It seems as though the fix works since hiffy commands that don't take any arguments work again:
and this enables more complicated things like getting the cert chain associated with the alias key:
Unfortunately the
attest
command still seems to be broken but the breakage doesn't look related to hubris#1777. Through the RoT `attest works fine:through sprot however we get an error:
The output is 65 bytes of 0's and the exit code indicates success though there is no success :(