mirror of
				https://github.com/matter-labs/teepot.git
				synced 2025-10-25 04:24:05 +02:00 
			
		
		
		
	feat(tdx_google): add support for attestation in container
- Mount `/sys/kernel/config` to enable attestation for TDX containers. - Ensures compatibility with TDX guest measurements during runtime.
This commit is contained in:
		
							parent
							
								
									e936f5079d
								
							
						
					
					
						commit
						a5cf220c57
					
				
					 1 changed files with 2 additions and 0 deletions
				
			
		|  | @ -23,12 +23,14 @@ | |||
|       echo "Measuring $DIGEST" >&2 | ||||
|       test -c /dev/tdx_guest && tdx-extend --digest "$DIGEST" --rtmr 3 | ||||
| 
 | ||||
|       # /sys/kernel/config is needed for attestation | ||||
|       docker run -d --rm \ | ||||
|         --name tdx_container \ | ||||
|         --env "GOOGLE_METADATA=1" \ | ||||
|         --network=host \ | ||||
|         --init \ | ||||
|         --privileged \ | ||||
|         -v /sys/kernel/config:/sys/kernel/config \ | ||||
|         "sha256:$DIGEST" | ||||
|       exec docker wait tdx_container | ||||
|     ''; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Harald Hoyer
						Harald Hoyer