Skip to content

Commit

Permalink
initdata: use digest hash directly
Browse files Browse the repository at this point in the history
Use initdata.digest directly rather than HEX in attestation policy

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
  • Loading branch information
Qi Feng Huo committed Aug 13, 2024
1 parent a090c01 commit 7b7f7df
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions src/cloud-api-adaptor/docs/initdata.md
Original file line number Diff line number Diff line change
Expand Up @@ -170,12 +170,10 @@ For example, for [IBM SE](https://github.com/confidential-containers/trustee/blo
```
allow if {
...
input["se.user_data"] == "353261663331373864643761643462663535316536323962383462343562666431666265313433346239383031323032363731383161653335373565613230636139303133623865616466333164323765656437666632353532643530306566"
input["se.user_data"] == "52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef"
...
}
```
`se.user_data` is the HEX of the initdata digest string `52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef`.
## TODO
A large policy bodies that cannot be provisioned via IMDS user-data, the limitation depends on providers IMDS limitation. We need add checking and limitations according to test result future.

0 comments on commit 7b7f7df

Please sign in to comment.