Tags: canonical/tdx
Tags
tests reorganization and add main test script (#307) * tests reorganization and add main test script 1 - reorganization of the tests folder tests having same category live in a subfolder 2 - expose pytest capabilities to users currently, tox is masking all pytest features and only expose what we specify in tox.ini file since tox is only here to manage the test environment it should be transparent to the users for tests execution and management. the users should be able to take full advantage of what pytest offers. we introduced a new script tdtest that hides tox and exopose all pytest features to users * Update tests/README.md Co-authored-by: Will French <will.french@canonical.com> * update tdtest param --------- Co-authored-by: Will French <will.french@canonical.com>
add direct boot methods and UKI (#296) * add more methods to boot a TD we have different methods to boot a TD for now, we use the traditional method that consists of passing the ubuntu image to qemu however, we have other ways to boot a TD: - direct boot : by providing the kernel and initrd to qemu - UKI : by providing the Unified Kernel image (that contains the kernel and initrd) each method generates a different event log journal because the boot chain involves less or more components that generate event logs it is important to evaluate which is the best boot method to have a short and consistent event log journal to make sure that remote attestation is reliable
tests : move packages used by TDX test to tdx-testing (#269) until now, the packages (vsock-iperf) are uploaded in the testing PPA this testing PPA is a temporary PPA used for various debugging purposes and can be removed at any time, we created a new PPA dedicated to host test packages for TDX (tdx-testing) this patch make the TDX tests use this new PPA
Merge main-next to main to enable attestation setup (#51) * Add attestation setup script * Check script is run with root privileges * Add trust authority client in setup guest script * Add build-essential to compile tdx-attest * Add remote attestation setup and how to use instruction (#42) Signed-off-by: Bun K Tan <bun.k.tan@intel.com> * Validate and clean up attestation instructions (#48) * Validate and clean up attestation instructions * Use more explicit naming of attestation scripts * Remove sudo from commands in guest * Remove useless script setup-attestation.sh * Use tdx-release PPA that contains released components (#49) * Improve attestation setup script (#50) * setup-attestation-host.sh : do not set user and group for /dev/sgx_provision the udev rules will take care of it * Remove README section on use_secure_cert with the version 1.18-0ubuntu2 of libsgx-dcap-default-qpl the use_secure_cert is set to false by default * Add reboot instruction in README after the setup script run for attestation, we need to reboot to have the right owner & group for /dev/sgx_provision (from udev rule) --------- Signed-off-by: Bun K Tan <bun.k.tan@intel.com> Co-authored-by: Ubuntu <ubuntu@sysid-739457.maas> Co-authored-by: Bun K Tan <bun.k.tan@intel.com> Co-authored-by: Will French <will.french@canonical.com>
Remove useless apt cmd and IMA config in TDX image creation (#36) The TDX setup process is nice and won't break the apt system, so "apt install --fix-broken" is redundant. Also remove IMA parameters from guest kernel cmdline to avoid confusion. Enabling TDX doesn't require kernel IMA at all. Signed-off-by: Feng, Jialei <jialei.feng@intel.com>