Improve attestation setup script #50
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ovision the udev rules will take care of it
with the version 1.18-0ubuntu2 of libsgx-dcap-default-qpl the use_secure_cert is set to false by default
after the setup script run for attestation, we need to reboot to have the right owner & group for /dev/sgx_provision (from udev rule)
hector-cao
added a commit
that referenced
this pull request
Apr 4, 2024
* Add attestation setup script * Check script is run with root privileges * Add trust authority client in setup guest script * Add build-essential to compile tdx-attest * Add remote attestation setup and how to use instruction (#42) Signed-off-by: Bun K Tan <bun.k.tan@intel.com> * Validate and clean up attestation instructions (#48) * Validate and clean up attestation instructions * Use more explicit naming of attestation scripts * Remove sudo from commands in guest * Remove useless script setup-attestation.sh * Use tdx-release PPA that contains released components (#49) * Improve attestation setup script (#50) * setup-attestation-host.sh : do not set user and group for /dev/sgx_provision the udev rules will take care of it * Remove README section on use_secure_cert with the version 1.18-0ubuntu2 of libsgx-dcap-default-qpl the use_secure_cert is set to false by default * Add reboot instruction in README after the setup script run for attestation, we need to reboot to have the right owner & group for /dev/sgx_provision (from udev rule) --------- Signed-off-by: Bun K Tan <bun.k.tan@intel.com> Co-authored-by: Ubuntu <ubuntu@sysid-739457.maas> Co-authored-by: Bun K Tan <bun.k.tan@intel.com> Co-authored-by: Will French <will.french@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add reboot instruction in README
after the setup script run for attestation, we need to reboot
to have the right owner & group for /dev/sgx_provision (from udev rule)
Remove README section on use_secure_cert
with the version 1.18-0ubuntu2 of libsgx-dcap-default-qpl
the use_secure_cert is set to false by default
setup-attestation-host.sh : do not set user and group for /dev/sgx_provision
the udev rules will take care of it