From d580c4bb0b2f01596acd91f9e9771dd793c63b47 Mon Sep 17 00:00:00 2001 From: Chris Butler Date: Thu, 28 May 2026 13:44:46 +0900 Subject: [PATCH] feat: add firmware reference values ESO and RVPS integration Enable bare metal attestation policy enforcement using firmware measurements (Intel TDX / AMD SEV-SNP) collected via veritas and stored in Vault. **New template:** - templates/firmware-refvals-eso.yaml: ExternalSecret (gated on kbs.baremetal.enabled) Pulls from secret/data/hub/firmwareReferenceValues into firmware-reference-values secret in trustee-operator-system namespace **Modified template:** - templates/rvps-values-policies.yaml: Add firmware reference value block Reads firmware-reference-values secret and appends to RVPS ConfigMap: - mr_td: TDX initial TD measurement (SHA-384) - rtmr_1: TDX firmware + bootloader (SHA-384) - rtmr_2: TDX kernel + initrd (SHA-384) - snp_launch_measurement: SNP initial memory measurement (SHA-384) - xfam: TDX extended feature mask (hex) Each value is an array (supports multi-version via merged values) Conditionally appends only if key exists in secret **New value:** - kbs.baremetal.enabled: false (default off, enabled per-profile) Controls firmware ESO creation and enables bare metal-specific features **Integration:** - Firmware values pushed to Vault via coco-pattern scripts/collect-firmware-refvals.sh - ESO syncs from Vault to firmware-reference-values secret (sync-wave 1) - RVPS policy reads secret and builds ConfigMap (sync-wave 6) - Attestation policy (PR 2C) will enforce firmware checks using RVPS values **Backwards compatible:** - ESO only created when kbs.baremetal.enabled=true - RVPS block conditionally appends if secret exists - No functional change when disabled Part of Wave 2 (firmware hardening) from bare metal attestation plan. This is PR 2B - requires PR 2A (coco-pattern workflow) for value collection. --- templates/firmware-refvals-eso.yaml | 22 ++++++++++++++++++++++ templates/rvps-values-policies.yaml | 24 ++++++++++++++++++++++++ values.yaml | 10 ++++++++++ 3 files changed, 56 insertions(+) create mode 100644 templates/firmware-refvals-eso.yaml diff --git a/templates/firmware-refvals-eso.yaml b/templates/firmware-refvals-eso.yaml new file mode 100644 index 0000000..03aaec7 --- /dev/null +++ b/templates/firmware-refvals-eso.yaml @@ -0,0 +1,22 @@ +{{- if .Values.kbs.baremetal.enabled }} +--- +apiVersion: "external-secrets.io/v1beta1" +kind: ExternalSecret +metadata: + annotations: + argocd.argoproj.io/sync-wave: "1" + name: firmware-refvals-eso + namespace: trustee-operator-system +spec: + refreshInterval: 15s + secretStoreRef: + name: {{ .Values.secretStore.name }} + kind: {{ .Values.secretStore.kind }} + target: + name: firmware-reference-values + template: + type: generic + dataFrom: + - extract: + key: 'secret/data/hub/firmwareReferenceValues' +{{- end }} diff --git a/templates/rvps-values-policies.yaml b/templates/rvps-values-policies.yaml index 33e11aa..db67af7 100644 --- a/templates/rvps-values-policies.yaml +++ b/templates/rvps-values-policies.yaml @@ -44,6 +44,30 @@ spec: {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) -}}`}} {{`{{- $referenceValues = append $referenceValues (dict "name" "tdx_pcr12" "expiration" "2027-12-12T00:00:00Z" "value" (list $pcr12)) -}}`}} {{`{{- end -}}`}} + {{`{{- $firmwareStash := (lookup "v1" "Secret" "trustee-operator-system" "firmware-reference-values") -}}`}} + {{`{{- if $firmwareStash -}}`}} + {{`{{- $firmwareData := $firmwareStash.data -}}`}} + {{`{{- if $firmwareData.mr_td -}}`}} + {{`{{- $mrTdValues := ($firmwareData.mr_td | base64dec | fromJson) -}}`}} + {{`{{- $referenceValues = append $referenceValues (dict "name" "mr_td" "expiration" "2027-12-12T00:00:00Z" "value" $mrTdValues) -}}`}} + {{`{{- end -}}`}} + {{`{{- if $firmwareData.rtmr_1 -}}`}} + {{`{{- $rtmr1Values := ($firmwareData.rtmr_1 | base64dec | fromJson) -}}`}} + {{`{{- $referenceValues = append $referenceValues (dict "name" "rtmr_1" "expiration" "2027-12-12T00:00:00Z" "value" $rtmr1Values) -}}`}} + {{`{{- end -}}`}} + {{`{{- if $firmwareData.rtmr_2 -}}`}} + {{`{{- $rtmr2Values := ($firmwareData.rtmr_2 | base64dec | fromJson) -}}`}} + {{`{{- $referenceValues = append $referenceValues (dict "name" "rtmr_2" "expiration" "2027-12-12T00:00:00Z" "value" $rtmr2Values) -}}`}} + {{`{{- end -}}`}} + {{`{{- if $firmwareData.snp_launch_measurement -}}`}} + {{`{{- $snpLaunchValues := ($firmwareData.snp_launch_measurement | base64dec | fromJson) -}}`}} + {{`{{- $referenceValues = append $referenceValues (dict "name" "snp_launch_measurement" "expiration" "2027-12-12T00:00:00Z" "value" $snpLaunchValues) -}}`}} + {{`{{- end -}}`}} + {{`{{- if $firmwareData.xfam -}}`}} + {{`{{- $xfamValues := ($firmwareData.xfam | base64dec | fromJson) -}}`}} + {{`{{- $referenceValues = append $referenceValues (dict "name" "xfam" "expiration" "2027-12-12T00:00:00Z" "value" $xfamValues) -}}`}} + {{`{{- end -}}`}} + {{`{{- end -}}`}} - complianceType: mustonlyhave objectDefinition: apiVersion: v1 diff --git a/values.yaml b/values.yaml index 03f9bca..bb40e6c 100644 --- a/values.yaml +++ b/values.yaml @@ -67,6 +67,16 @@ kbs: # For Azure: Use https://global.acccache.azure.net/sgx/certification/v4/ # For bare metal/Intel: Use https://api.trustedservices.intel.com/sgx/certification/v4/ collateralService: "https://api.trustedservices.intel.com/sgx/certification/v4/" + + # Bare metal attestation configuration + # Enables firmware reference value collection and enforcement + baremetal: + # Enable bare metal firmware reference values (Intel TDX / AMD SEV-SNP) + # When enabled, creates ExternalSecret to pull firmware measurements from Vault + # Requires firmware values pushed to secret/data/hub/firmwareReferenceValues + # See docs/firmware-reference-values.md in coco-pattern for collection workflow + enabled: false + # Attestation token certificate configuration # Used when secretStore.backend is "none" (cert-manager generates certs) attestation: