Tobin Feldman-Fitzthum
Tobin Feldman-Fitzthum
See [issue in ahash](https://github.com/tkaitchuck/aHash/issues/200) and [fix in metrics](https://github.com/metrics-rs/metrics/commit/f7e979a1b648e0dd8b25ff179c11ce5e15727fcc) that is not picked up here.
Now that we are using the `online_sev_kbc` we can get image signatures from the KBS. Let's test pulling a signed image and retrieving the signature files from the simple-kbs. Let's...
The SEV tests for encrypted images need to be updated to work with the resource URI changes. This is part of https://github.com/kata-containers/tests/issues/5521
Keep existing resources in place so that the CI does not break. This is one part of https://github.com/kata-containers/tests/issues/5521 It isn't as easy to update the encrypted images without breaking the...
The unencrypted test disables pre-attestation. When the test passes, pre-attestation is re-enabled, but when the test fails it is not. This means that if the first test fails, the rest...
https://github.com/kata-containers/kata-containers/pull/5665 changes some configuration flags for SEV and adds support for setting the configuration via annotations. Unfortunately the changes aren't compatible with the current SEV tests. We'll need a few...
Let's make sure we can't find any sensitive data in guest memory. To do this we need to add a second qmp connection to the guest that we can use...
I have not totally isolated this bug, but it seems that `image-rs` does not work with encrypted images stored on quay. Quay seems to expect encrypted images to have a...
Our staged images and our release images use different naming conventions. The following mapping describes them ``` staged-images/kbs:latest -> key-broker-service:built-in-as-v0.8.2 staged-images/kbs-grpc-as:latest -> key-broker-service:v0.8.2 staged-images/rvps:latest -> reference-value-provider-service:v0.8.2 staged-images/coco-as-grpc:latest -> attestation-service:v0.8.2 staged-images/coco-as-restful:latest...
Now that the init_data spec is merged, we should think about how we will evaluate the init data with Trustee. Currently we don't really expose the init_data to either the...