feat: support ga release of trustee including sensible policies (#14)

* feat: update trustee to support 1.0.0 best practice defaults

* fix: move tls ESOs to sync-wave 6 after PushSecret

* fix: remove empty data field from pcrs-eso template

* feat: force version bump for GA release

Signed-off-by: Chris Butler <chris.butler@redhat.com>

---------

Signed-off-by: Chris Butler <chris.butler@redhat.com>
Co-authored-by: Beraldo Leal <bleal@redhat.com>

Author: butler54

Chart.yaml

@@ -7,4 +7,4 @@ keywords:
 - confidential-containers
 name: trustee
 # DO NOT EDIT VERSION HERE, IT IS AUTO-GENERATED BY SEMANTIC-RELEASE
-version: 0.1.0
+version: 0.2.0

README.md

@@ -1,6 +1,6 @@
 # trustee
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square)
 
 A Helm chart to provide an opinionated deployment of Trustee in a validated pattern
 
@@ -24,12 +24,23 @@ In order to use this chart, you will need to:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| attestation.commonName | string | `"kbs-trustee-operator-system"` |  |
+| attestation.organization | string | `"Red Hat"` |  |
+| global.coco.attestationStatus | string | `"secret/data/hub/attestationStatus"` |  |
+| global.coco.secured | bool | `false` |  |
+| global.coco.securityPolicy | string | `"secret/data/hub/securityPolicyConfig"` |  |
+| global.coco.securityPolicyFlavour | string | `"insecure"` |  |
 | global.secretStore.backend | string | `""` |  |
+| kbs.cosignKeys | string | `"secret/data/hub/coSignKeys"` |  |
 | kbs.publicKey | string | `"secret/data/hub/kbsPublicKey"` |  |
-| kbs.secretResources | list | `[]` |  |
-| kbs.securityPolicy | string | `"secret/data/hub/securityPolicyConfig"` |  |
-| secretStore.kind | string | `""` |  |
-| secretStore.name | string | `""` |  |
+| kbs.secretResources[0].key | string | `"secret/data/hub/kbsres1"` |  |
+| kbs.secretResources[0].name | string | `"kbsres1"` |  |
+| kbs.secretResources[1].key | string | `"secret/data/hub/passphrase"` |  |
+| kbs.secretResources[1].name | string | `"passphrase"` |  |
+| kbs.tdx.collateralService | string | `"https://api.trustedservices.intel.com/sgx/certification/v4/"` |  |
+| kbs.tdx.enabled | bool | `false` |  |
+| secretStore.kind | string | `"ClusterSecretStore"` |  |
+| secretStore.name | string | `"vault-backend"` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

templates/attestation-certificate.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: attestation-token
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "3"
+spec:
+  secretName: attestation-cert
+  duration: 8760h # 1 year
+  renewBefore: 720h # 30 days
+  commonName: {{ .Values.attestation.commonName | default "kbs-trustee-operator-system" }}
+  subject:
+    organizations:
+      - {{ .Values.attestation.organization | default "Red Hat" }}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: attestation-self-signed-issuer
+    kind: Issuer

templates/attestation-issuer.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: attestation-self-signed-issuer
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  selfSigned: {}

templates/attestation-policy.yaml

@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: attestation-policy
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
+data:
+  default_cpu.rego: |
+    package policy
+
+    import rego.v1
+    default executables := 33
+    default hardware := 97
+    default configuration := 36
+
+    ## miminimal but reliable attestation policy
+    ## hardware and firmware changes. This is not in our control. It's up to the user to update acceptable measurements
+    ## In conjuction with verification with the service provider.
+    ## currently setup for azure vTPM
+
+
+    ##### Azure vTPM SNP
+    executables := 3 if {
+      # input.azsnpvtpm.measurement in data.reference.measurement
+      input.azsnpvtpm.tpm.pcr03 in data.reference.snp_pcr03
+      input.azsnpvtpm.tpm.pcr08 in data.reference.snp_pcr08
+      input.azsnpvtpm.tpm.pcr09 in data.reference.snp_pcr09
+      input.azsnpvtpm.tpm.pcr11 in data.reference.snp_pcr11
+      input.azsnpvtpm.tpm.pcr12 in data.reference.snp_pcr12
+    }
+
+    hardware := 2 if {
+      # Check the reported TCB to validate the ASP FW
+      # input.azsnpvtpm.reported_tcb_bootloader in data.reference.tcb_bootloader
+      # input.azsnpvtpm.reported_tcb_microcode in data.reference.tcb_microcode
+      # input.azsnpvtpm.reported_tcb_snp in data.reference.tcb_snp
+      # input.azsnpvtpm.reported_tcb_tee in data.reference.tcb_tee
+      input.azsnpvtpm
+    }
+
+    # For the 'configuration' trust claim 2 stands for
+    # "The configuration is a known and approved config."
+    #
+    # For this, we compare all the configuration fields.
+    configuration := 2 if {
+      # input.azsnpvtpm.platform_smt_enabled in data.reference.smt_enabled
+      # input.azsnpvtpm.platform_tsme_enabled in data.reference.tsme_enabled
+      # input.azsnpvtpm.policy_abi_major in data.reference.abi_major
+      # input.azsnpvtpm.policy_abi_minor in data.reference.abi_minor
+      # input.azsnpvtpm.policy_single_socket in data.reference.single_socket
+      # input.azsnpvtpm.policy_smt_allowed in data.reference.smt_allowed
+      input.azsnpvtpm
+    }
+
+    ##### Azure vTPM TDX
+    executables := 3 if {
+      input.aztdxvtpm.tpm.pcr03 in data.reference.tdx_pcr03
+      input.aztdxvtpm.tpm.pcr08 in data.reference.tdx_pcr08
+      input.aztdxvtpm.tpm.pcr09 in data.reference.tdx_pcr09
+      input.aztdxvtpm.tpm.pcr11 in data.reference.tdx_pcr11
+      input.aztdxvtpm.tpm.pcr12 in data.reference.tdx_pcr12
+    }
+
+    hardware := 2 if {
+      # Check the quote is a TDX quote signed by Intel SGX Quoting Enclave
+      input.aztdxvtpm.quote.header.tee_type == "81000000"
+      input.aztdxvtpm.quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607"
+
+      # Check TDX Module version and its hash. Also check OVMF code hash.
+      # input.aztdxvtpm.quote.body.mr_seam in data.reference.mr_seam
+      # input.aztdxvtpm.quote.body.tcb_svn in data.reference.tcb_svn
+      # input.aztdxvtpm.quote.body.mr_td in data.reference.mr_td
+    }
+
+    configuration := 2 if {
+      # input.aztdxvtpm.quote.body.xfam in data.reference.xfam
+      input.aztdxvtpm
+    }

templates/attestation-status-eso.yaml

@@ -0,0 +1,23 @@
+{{- if ne .Values.global.secretStore.backend "none" }}
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: attestation-status-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  data:
+  target:
+    name: attestation-status
+    template:
+      type: generic
+  dataFrom:
+  - extract:
+      key: {{ .Values.global.coco.attestationStatus }}
+{{- end }}

templates/certificate.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: imperative
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "3"
 spec:
   secretName: kbs-tls-self-signed
   duration: 8760h # 1 year

templates/cosign-eso.yaml

@@ -0,0 +1,23 @@
+{{- if and (ne .Values.global.secretStore.backend "none") (eq .Values.global.coco.securityPolicyFlavour "signed") }}
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: cosigned-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  data:
+  target:
+    name: cosign-keys
+    template:
+      type: generic
+  dataFrom:
+  - extract:
+      key: {{ .Values.global.coco.cosignKeys }}
+{{- end }}

templates/issuer.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: imperative
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   selfSigned: {}
 

templates/kbs-config-map.yaml

@@ -3,6 +3,8 @@ kind: ConfigMap
 metadata:
   name: kbs-config
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
 data:
   kbs-config.toml: |
     [http_server]
@@ -11,31 +13,36 @@ data:
     private_key = "/etc/https-key/tls.key"
     certificate = "/etc/https-cert/tls.crt"
     [admin]
-    insecure_api = true
+    insecure_api = false
     auth_public_key = "/etc/auth-secret/publicKey"
 
     [attestation_token]
-    insecure_key = true
+    insecure_key = false
     attestation_token_type = "CoCo"
+    trusted_certs_paths = ["/etc/attestation-cert/tls.crt"] # Check for location in cert (based on key generated)
 
     [attestation_service]
     type = "coco_as_builtin"
     work_dir = "/opt/confidential-containers/attestation-service"
     policy_engine = "opa"
 
-      [attestation_service.attestation_token_broker]
-      type = "Ear"
-      policy_dir = "/opt/confidential-containers/attestation-service/policies"
+    [attestation_service.attestation_token_broker]
+    type = "Ear"
+    policy_dir = "/opt/confidential-containers/attestation-service/policies"
 
-      [attestation_service.attestation_token_config]
-      duration_min = 5
+    [attestation_service.attestation_token_broker.signer]
+    key_path = "/etc/attestation-cert/tls.key"
+    cert_path = "/etc/attestation-cert/tls.crt"
 
-      [attestation_service.rvps_config]
-      type = "BuiltIn"
+    [attestation_service.attestation_token_config]
+    duration_min = 5
 
-        [attestation_service.rvps_config.storage]
-        type = "LocalJson"
-        file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
+    [attestation_service.rvps_config]
+    type = "BuiltIn"
+
+    [attestation_service.rvps_config.storage]
+    type = "LocalJson"
+    file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
 
     [[plugins]]
     name = "resource"