Skip to content

attested-get: add support for dcap-tdx, and use auto detection mode by default #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

attested-get: add support for dcap-tdx, and use auto detection mode by default #45

wants to merge 3 commits into from
+34 −15

Conversation

@metachris
Copy link
Contributor

@metachris metachris commented Nov 12, 2025

No description provided.

Copilot AI reviewed Nov 12, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR extends the attested-get command-line tool to support DCAP TDX attestation in addition to the existing Azure TDX attestation support.

Key Changes:

  • Added DCAP TDX as a supported attestation type alongside Azure TDX
  • Implemented DCAP TDX validator configuration for the client
  • Updated measurement extraction to recognize both Azure TDX and QEMU TDX OIDs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@metachris metachris changed the title attested-get dcap-tdx support attested-get: add support for dcap-tdx, and use auto detection mode by default Nov 12, 2025
@metachris metachris changed the title attested-get: add support for dcap-tdx, and use auto detection mode by default attested-get: add support for dcap-tdx, and use auto detection mode by default Nov 12, 2025
MoeMahhouk
MoeMahhouk approved these changes Nov 13, 2025
View reviewed changes
Copy link
Member

@MoeMahhouk MoeMahhouk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!
I left some nit suggestion and a question

cmd/attested-get/main.go
Comment on lines +112 to +113
attConfig := config.DefaultForAzureTDX()
attConfig.SetMeasurements(measurements.M{})
Copy link
Member

@MoeMahhouk MoeMahhouk Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would this also work as you did below for QEMUTDX? something like config.AzureTDX{Measurements: measurements.M{}}

cmd/attested-get/main.go
Comment on lines +162 to +166
case proxy.AttestationAuto:
// In auto mode, add all validators to support any attestation type
log.Info("Auto mode: creating validators for all supported attestation types")
validators = append(validators, createAzureTDXValidator(log, overrideAzurev6Tcbinfo))
validators = append(validators, createDCAPTDXValidator(log))
Copy link
Member

@MoeMahhouk MoeMahhouk Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would this mean that it would try to verify with all validators and see which ones passes?
Would it errors if any of the validators returns an error? or would it just continue with the next one until one passes?
Just checking in case it would result in the same error one would encounter when it is not validating for the correct platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MoeMahhouk MoeMahhouk MoeMahhouk approved these changes

@Ruteri Ruteri Ruteri approved these changes

@ameba23 ameba23 Awaiting requested review from ameba23

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@metachris @MoeMahhouk @Ruteri