From f7df59e068a00af9ff73891b6d3552659419fe0d Mon Sep 17 00:00:00 2001 From: ghe0 Date: Fri, 4 Jul 2025 20:13:36 +0300 Subject: [PATCH] fix injector based on new version of snpguest --- scripts/detee-cli_injector.sh | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/scripts/detee-cli_injector.sh b/scripts/detee-cli_injector.sh index 146eb5f..0ee6891 100755 --- a/scripts/detee-cli_injector.sh +++ b/scripts/detee-cli_injector.sh @@ -31,6 +31,17 @@ if [[ -z "${VM_HOSTNAME}" ]]; then VM_HOSTNAME="detee-vm" fi +if [[ "$LOG_LEVEL" == "DEBUG" ]]; then + echo Environment variables: + env | grep \ + -e SERVER_ADDR \ + -e SSH_KEY_FILE \ + -e DETEE_INSTALL_URL \ + -e DETEE_INSTALL_SHA \ + -e MEASUREMENT \ + -e VM_HOSTNAME +fi + server="$SERVER_ADDR" ssh_pubkey_dir="${HOME}/.detee/cli/vms/ssh" cert_dir="${HOME}/.detee/cli/vms/certs" @@ -95,7 +106,7 @@ report_crt_hash=$( snpguest display report "$server_report" \ echo_blue "The hash in the report is $report_crt_hash" -if [[ "$crt_hash" != "$report_crt_hash" ]]; then +if [[ "${crt_hash,,}" != "${report_crt_hash,,}" ]]; then echo The hash of the certificate does not match the hash from the report. Exiting. exit 2 fi @@ -122,19 +133,20 @@ mkdir -p "$amd_certs_dir" ln -fs "${cert_dir}/ask-milan.pem" "${amd_certs_dir}/ask.pem" ln -fs "${cert_dir}/ark-milan.pem" "${amd_certs_dir}/ark.pem" [[ -f "${vcek_path}" ]] || { - snpguest fetch vcek pem milan "$amd_certs_dir" "$server_report" || { + snpguest fetch vcek --processor-model milan pem "$amd_certs_dir" "$server_report" || { # You are probably wondering what this weird shit is doing here. # The AMD API for VCEK has throttling, and this scripts needs to run in parallel. sleep 10 [[ -f "${vcek_path}" ]] || { - snpguest fetch vcek pem milan "$amd_certs_dir" "$server_report" + snpguest fetch vcek --processor-model milan pem "$amd_certs_dir" "$server_report" } } mv "${amd_certs_dir}/vcek.pem" "${vcek_path}" } ln -fs "${vcek_path}" "${amd_certs_dir}/vcek.pem" snpguest verify certs "$amd_certs_dir" -snpguest verify attestation "$amd_certs_dir" "$server_report" +echo snpguest verify attestation "$amd_certs_dir" "$server_report" +snpguest verify attestation --processor-model milan "$amd_certs_dir" "$server_report" echo_yellow "The attestation got verified based on the CA from AMD for the Milan generation!" echo_blue "Verifying if measurement is $MEASUREMENT..." @@ -144,7 +156,7 @@ guest_measurement=$( snpguest display report "$server_report" \ echo_blue "The guests's measurement is $guest_measurement" -if [[ "$guest_measurement" != "$MEASUREMENT" ]]; then +if [[ "${guest_measurement,,}" != "${MEASUREMENT,,}" ]]; then echo_red "The measurement of the server does not match." echo_yellow "Please use this project to get your measurement: https://github.com/virtee/sev-snp-measure" echo_yellow "After that, please sepcify the measurement ast the MEASUREMENT environment variable."