harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(tdx_google): add support for attestation in container

Browse source 
- Mount `/sys/kernel/config` to enable attestation for TDX containers.
- Ensures compatibility with TDX guest measurements during runtime.
This commit is contained in:
Harald Hoyer 2025-02-20 12:12:57 +01:00
parent e936f5079d
commit a5cf220c57
Signed by: harald
GPG key ID: F519A1143B3FBE32
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/tdx_google/container.nix
View file

@ -23,12 +23,14 @@
echo "Measuring $DIGEST" >&2 echo "Measuring $DIGEST" >&2
test -c /dev/tdx_guest && tdx-extend --digest "$DIGEST" --rtmr 3 test -c /dev/tdx_guest && tdx-extend --digest "$DIGEST" --rtmr 3
# /sys/kernel/config is needed for attestation
docker run -d --rm \ docker run -d --rm \
--name tdx_container \ --name tdx_container \
--env "GOOGLE_METADATA=1" \ --env "GOOGLE_METADATA=1" \
--network=host \ --network=host \
--init \ --init \
--privileged \ --privileged \
-v /sys/kernel/config:/sys/kernel/config \
"sha256:$DIGEST" "sha256:$DIGEST"
exec docker wait tdx_container exec docker wait tdx_container
''; '';