Skip to content

feat: amd-sev-snp draft and feature flags for confidential computing#352

Draft
bredamatt wants to merge 23 commits intomainfrom
feat/sev-snp-support
Draft

feat: amd-sev-snp draft and feature flags for confidential computing#352
bredamatt wants to merge 23 commits intomainfrom
feat/sev-snp-support

Conversation

@bredamatt
Copy link
Collaborator

@bredamatt bredamatt commented Jan 24, 2025
edited
Loading

TODO:

  • : Add AMD SEV-SNP module
  • : Add AMD SEV-SNP mock tests

@bredamatt bredamatt self-assigned this Jan 24, 2025
jorgeantonio21
jorgeantonio21 reviewed Jan 24, 2025
View reviewed changes
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good.

Left a few comments

jorgeantonio21
jorgeantonio21 reviewed Feb 1, 2025
View reviewed changes
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great,

Left a few more comments in the current logic

atoma-confidential/src/sev_snp.rs
/// Err(e) => eprintln!("Attestation failed: {}", e),
/// }
/// ```
pub fn get_compute_data_attestation(attested_data: &[u8]) -> Result<SNPAttestationReport> {
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 Feb 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me, we do need to look further how to incorporate NVIDIA cc into these remote attestation generation.

Copy link
Collaborator Author

@bredamatt bredamatt Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, nvtrust port in progress.

@bredamatt bredamatt mentioned this pull request Feb 3, 2025
Draft
@bredamatt
fix: Add Dockerfile modifications for sev-snp support
3f781e8
@bredamatt
fix: feature-gate behind linux os, add p384 dependency as optional in…
870fef2 
… cc service
@bredamatt
fix: change from Vec<u8> to u16. Must be u16 due to supported types b…
2a0a2ac 
…y the db
@bredamatt
fix: change tee_provider attribute to u16 in stead of Vec<u8>
8e6477f
@bredamatt
fix: trait implementations, rename error, remove dup Error
cd5ff4a
@bredamatt
fix: revert migration change and add new migration in stead
214c6b7
@bredamatt
nit: move file
4902d57
@bredamatt
Merge branch 'main' of https://github.com/atoma-network/atoma-node in…
34bd00f 
…to feat/sev-snp-support
@bredamatt
fix: u16 issues in state_manager
8fb44c1
@bredamatt
fix: from and to bytes functions for TEEProvider
8d0f3da
@bredamatt
fix: cargo fmt, relabelling of function, add SevSnpDeviceError to Ato…
879c923 
…maConfidentialComputeError
jorgeantonio21
jorgeantonio21 reviewed Feb 6, 2025
View reviewed changes
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great overall. Let's wait until we have it tested and then we can merge :)

jorgeantonio21
jorgeantonio21 reviewed Feb 6, 2025
View reviewed changes
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments, which hopefully will help with the tests.

atoma-state/src/migrations/20250206184237_node_public_key_rotation.sql Outdated
@@ -0,0 +1,8 @@
-- Create tasks table
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is not within context.

atoma-state/src/migrations/20250206184237_node_public_key_rotation.sql Outdated
@@ -0,0 +1,8 @@
-- Create tasks table
CREATE TABLE IF NOT EXISTS node_public_key_rotations (
Copy link
Contributor

@jorgeantonio21 jorgeantonio21 Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest instead of re-creating the node_public_key_rotations table, that was already created in a previous migrations, to instead alter it (in place).

Notice that you are creating the table if not exists, which already does, so your changes are not applied and you get a bunch of missing column related errors in the tests.

Instead, I would change the code to something along the lines:

ALTER TABLE node_public_key_rotations
    DROP COLUMN tdx_quote_bytes,
    ADD COLUMN tee_quote_bytes BYTEA NOT NULL,
    ADD COLUMN tee_provider BYTEA NOT NULL;

Copy link
Collaborator Author

@bredamatt bredamatt Feb 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, will make this change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorgeantonio21 jorgeantonio21 jorgeantonio21 left review comments

Assignees

@bredamatt bredamatt

Labels

confidential-compute

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bredamatt @jorgeantonio21