From 7b7f7df6ba436e22b4e8837d21366d6f25ba09da Mon Sep 17 00:00:00 2001 From: Qi Feng Huo Date: Mon, 12 Aug 2024 15:31:59 +0800 Subject: [PATCH] initdata: use digest hash directly Use initdata.digest directly rather than HEX in attestation policy Signed-off-by: Qi Feng Huo --- src/cloud-api-adaptor/docs/initdata.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/cloud-api-adaptor/docs/initdata.md b/src/cloud-api-adaptor/docs/initdata.md index 484fd990a..883595a1e 100644 --- a/src/cloud-api-adaptor/docs/initdata.md +++ b/src/cloud-api-adaptor/docs/initdata.md @@ -170,12 +170,10 @@ For example, for [IBM SE](https://github.com/confidential-containers/trustee/blo ``` allow if { ... - input["se.user_data"] == "353261663331373864643761643462663535316536323962383462343562666431666265313433346239383031323032363731383161653335373565613230636139303133623865616466333164323765656437666632353532643530306566" + input["se.user_data"] == "52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef" ... } ``` -`se.user_data` is the HEX of the initdata digest string `52af3178dd7ad4bf551e629b84b45bfd1fbe1434b980120267181ae3575ea20ca9013b8eadf31d27eed7ff2552d500ef`. - ## TODO A large policy bodies that cannot be provisioned via IMDS user-data, the limitation depends on providers IMDS limitation. We need add checking and limitations according to test result future.