Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use resizable integrity-fs with in-memory tags #412

Merged
merged 2 commits into from
Feb 16, 2024
Merged

Conversation

alexmwu
Copy link
Contributor

@alexmwu alexmwu commented Feb 14, 2024

The Confidential Space image now uses dm-crypt with a backing dm-integrity where the integrity tags are stored in memory vs getting interleaved on the actual disk.

This changes comes with support for boot-time integrity tag initialization speed up and automatically resizing of the stateful partition on the boot disk.

@alexmwu
Copy link
Contributor Author

alexmwu commented Feb 14, 2024

/gcbrun

launcher/image/preload.sh Show resolved Hide resolved
The Confidential Space image now uses dm-crypt with a backing
dm-integrity where the integrity tags are stored in memory vs getting
interleaved on the actual disk.
This changes comes with support for boot-time integrity tag
initialization speed up and a resizable boot disk size.
This will ensure the image can start with variable-sized disks.
@alexmwu
Copy link
Contributor Author

alexmwu commented Feb 15, 2024

/gcbrun

@alexmwu alexmwu merged commit 5e32c9f into google:main Feb 16, 2024
11 checks passed
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Feb 22, 2024
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
@alexmwu alexmwu mentioned this pull request Feb 22, 2024
alexmwu added a commit that referenced this pull request Feb 22, 2024
New Features:
[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412

Bug Fixes:
[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413

Other Changes:
Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414

New Contributors:
@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Mar 29, 2024
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants