Skip to content

Instantly share code, notes, and snippets.

@salrashid123

salrashid123/tpm_remote.md

Last active June 9, 2023 22:05
Show Gist options
  • Save salrashid123/e2c336e26fc7fc06312e9f2c07857e5a to your computer and use it in GitHub Desktop.
Save salrashid123/e2c336e26fc7fc06312e9f2c07857e5a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tpm_remote.md

deploying the Attestor component of https://github.com/salrashid123/go_tpm_remote_attestation on gke....(you're free to reimplement both components using go-tpm-tools and go-attestation (ref)

note, gke pods DO NOT have access to the /dev/tpm0 and is only made available in privleged mode

attestor on gke

gcloud container clusters create cluster-1 \
    --region=us-central1 --machine-type=n2d-standard-2 --enable-confidential-nodes --num-nodes=1

gcloud container clusters get-credentials cluster-1 \
    --region=us-central1

gcloud compute firewall-rules create allow-tpm-verifier  --action allow --direction INGRESS   --source-ranges 0.0.0.0/0    --rules tcp:50051

create app.yaml

apiVersion: v1
kind: Service
metadata:
  name: app-service
spec:
  type: LoadBalancer
  selector:
    app.kubernetes.io/name: app
  ports:
  - name: http-port
    protocol: TCP
    port: 50051
    targetPort: 50051
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    type: app-service
spec:
  replicas: 1
  selector:
    matchLabels:
      type: app-service
  template:
    metadata:
      labels:
        type: app-service
        app.kubernetes.io/name: app
    spec:
      containers:
      - name: service
        image: docker.io/salrashid123/attestor@sha256:374f7d4e34e3d1b4d5645122615659ee19b74b2187e79ea1527a7e56a2971222
        command: [
          "/grpc_attestor",
          "--grpcport=:50051",
          "--unsealPcrs=0,7", 
          "--readEventLog=true",
          "--eventLog=/root/binary_bios_measurements",
          "--useFullAttestation=true",
          "--caCertTLS=certs/CA_crt.pem", 
          "-servercert=certs/attestor_crt.pem", 
          "--serverkey=certs/attestor_key.pem",
          "--platformCertFile=certs/platform_cert.der",
          "--v=20",
          "-alsologtostderr"]      
        imagePullPolicy: Always
        securityContext:
          privileged: true        
        ports:
        - containerPort: 50051
          protocol: TCP 
        volumeMounts:
        - mountPath: /dev/tpm0
          name: tpm
        - mountPath: /root/binary_bios_measurements
          name: eventlog          
      volumes:
      - name: tpm
        hostPath:
          path: /dev/tpm0
      - name: eventlog
        hostPath:
          path: /sys/kernel/security/tpm0/binary_bios_measurements

apply

kubectl apply -f app.yaml

note, we're deploying the attestor code from

docker build -t docker.io/salrashid123/attestor .
docker push docker.io/salrashid123/attestor

which if built deterministically (which it isn't now) would give

docker.io/salrashid123/attestor@sha256:374f7d4e34e3d1b4d5645122615659ee19b74b2187e79ea1527a7e56a2971222

also note a confidential node on gke has the following PCR values (0 i think indicates it confidential and 7, why not, its lucky)

root@app-66855cbbb7-tgltk:/# tpm2_pcrread sha1:0+sha256:0+sha256:7
  sha1:
    0 : 0x2AAB58E23EA5120D70A3EBCE56BD0E6D5E3035B7
  sha256:
    0 : 0xA0B5FF3383A1116BD7DC6DF177C0C2D433B9EE1813EA958FA5D166A202CB2A85
  sha256:
    7 : 0xF7C8A51AAF0D22C438FCAA3B617C2594BCEFFB22782CD8A3B96FCBE5FF4D0A2C

note that the attestor can also acquire the instance_identity which encodes its confidentiality status (instance_confidentiality) and the instance_id. The instance_id is also encoded into the EKCert.

then deploy the app and remember its LB EXTERNAL-IP

$ kubectl get po,svc
NAME                    READY   STATUS    RESTARTS   AGE
pod/app-dc69498-vsnjr   1/1     Running   0          61s

NAME                  TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
service/app-service   LoadBalancer   10.64.11.230   34.67.53.77   50051:31533/TCP   62s
service/kubernetes    ClusterIP      10.64.0.1      <none>        443/TCP           4m58s

Verifier on vm anywhere

gcloud compute instances create verifier-1 \
  --zone=us-central1-a --machine-type=e2-medium --no-service-account --no-scopes \
  --image=debian-11-bullseye-v20211105 --image-project=debian-cloud  \
  --shielded-secure-boot --shielded-vtpm --shielded-integrity-monitoring

gcloud compute ssh verifier-1

apt-get update
apt-get install libtspi-dev wget gcc git -y

wget https://go.dev/dl/go1.19.10.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.10.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin/

git clone  https://github.com/salrashid123/go_tpm_remote_attestation
cd go_tpm_remote_attestation/

# edit the hosts file to point back to the verifier's lb address
vi /etc/hosts 
34.67.53.77 attestor.esodemoapp2.com

finally run using the PCR values we identified earlier

go run src/grpc_verifier.go --importMode=AES  --uid 369c327d-ad1f-401c-aa91-d9b0e69bft67    -aes256Key "G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThW"    --host attestor.esodemoapp2.com:50051    --expectedPCRMapSHA256 0:a0b5ff3383a1116bd7dc6df177c0c2d433b9ee1813ea958fa5d166a202cb2a85,7:f7c8a51aaf0d22c438fcaa3b617c2594bceffb22782cd8a3b96fcbe5ff4d0a2c    --expectedPCRMapSHA1 0:2aab58e23ea5120d70a3ebce56bd0e6d5e3035b7    --caCertTLS certs/CA_crt.pem --caCertIssuer certs/CA_crt.pem --caKeyIssuer certs/CA_key.pem --platformCA certs/CA_crt.pem    --readEventLog=true   --useFullAttestation=true --v=10 -alsologtostderr

the verifier log shows

I0608 16:44:19.178361    8837 grpc_verifier.go:169] RPC HealthChekStatus:SERVING
I0608 16:44:19.178586    8837 grpc_verifier.go:173] =============== GetPlatformCert ===============
I0608 16:44:19.179923    8837 grpc_verifier.go:182] =============== GetPlatformCert Returned from remote ===============
I0608 16:44:19.180048    8837 grpc_verifier.go:183]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.180626    8837 grpc_verifier.go:214]  Verified Platform cert signed by privacyCA
I0608 16:44:19.180737    8837 grpc_verifier.go:219]  Platform Cert's Holder SerialNumber 1b001fe40bf96774751a72e9f5de5333d6b62
I0608 16:44:19.218827    8837 grpc_verifier.go:237] =============== GetEKCert Returned from remote ===============
I0608 16:44:19.218991    8837 grpc_verifier.go:257]      EKCert Encryption Issuer x509 
CN=tpm_ek_v1_cloud_host-signer-0-2021-10-12T04:22:11-07:00 K:1\, 3:nbvaGZFLcuc:0:18,OU=Cloud,O=Google LLC,L=Mountain View,ST=California,C=US
I0608 16:44:19.219081    8837 grpc_verifier.go:258]      EKCert Encryption SerialNumber 
22639091108899683070439034227962464924663297
I0608 16:44:19.219117    8837 grpc_verifier.go:260]     EkCert Public Key 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDTb2nzyrUIQWNxHX/a
ESQo4e+vm++4jotiA2n1rOg8tAKYZTQ2/a/shRIqgMB+9BfMpi3nHooUf6K1EUt5
/eUiPm/GngsPK6wx1IVNga51tHBqdY8rtR+SXFkSbWZF2yHLnn3P3gzF1wYZmhme
cm6/vQ/40i302r6FxGNLiFaKAawx89jdlXhPU4tWMxKJ8f0fzVGHyEI3k0bhgoc3
sbkxARoPvYBHJPMlH5h6Od8TZ+LtPK/PL7SVv9sduXPK+LMVD/PNBMUANY0KotMr
V0PLHU52HT/B6upSNyX80m8YoL676KHdTjAbCNYiJyJRALtigPu4LxhHk6qq4cwT
iQIDAQAB
-----END PUBLIC KEY-----

I0608 16:44:19.223489    8837 grpc_verifier.go:273]      Read (eK) from request with name: 000b353cffa59d481b898b8bd848ec5befc4755eb81d0ea0e67f51e1d96812638332
I0608 16:44:19.223552    8837 grpc_verifier.go:276]      EK Default parameter match template
I0608 16:44:19.223580    8837 grpc_verifier.go:283] =============== GetAKCert ===============
I0608 16:44:19.627825    8837 grpc_verifier.go:295] =============== MakeCredential ===============
I0608 16:44:19.627921    8837 grpc_verifier.go:317]      Decoded EkPublic Key: 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDTb2nzyrUIQWNxHX/a
ESQo4e+vm++4jotiA2n1rOg8tAKYZTQ2/a/shRIqgMB+9BfMpi3nHooUf6K1EUt5
/eUiPm/GngsPK6wx1IVNga51tHBqdY8rtR+SXFkSbWZF2yHLnn3P3gzF1wYZmhme
cm6/vQ/40i302r6FxGNLiFaKAawx89jdlXhPU4tWMxKJ8f0fzVGHyEI3k0bhgoc3
sbkxARoPvYBHJPMlH5h6Od8TZ+LtPK/PL7SVv9sduXPK+LMVD/PNBMUANY0KotMr
V0PLHU52HT/B6upSNyX80m8YoL676KHdTjAbCNYiJyJRALtigPu4LxhHk6qq4cwT
iQIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.632270    8837 grpc_verifier.go:345]      Decoded AkPub: 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEQv5c+L4fBGy4OrraB/
lpNEMnw6qmpE5enKiudsRxtqzchccmBRoY3Ggtp6rJ2vFBzUzO1uOV7wLTu1iWyE
2AgJ6UDoH36Epd3ke3zFQp6CFprvOD+qb9n5X0tVBa30Ol3yoLy4GJ2skV1CgYLW
NOrFrk3YJtf0hFeocbQDoYoxUatVUfkX40elymf9gcCwoZYyXyQPwMr1ajVRCOuY
3bgHhjad6+Lp67TdIB1+3Kxs2F5Syvtdejf3qAClzUNVqsuI0xuVGQli4Kb827r+
fJQbXyd1TqdxItApQ3AfwzAmkqWdl2ECQ74RmSNkA/s6ZK0OSlARoXtAfkbGqwTG
4QIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.632327    8837 grpc_verifier.go:348]      AK Default parameter match template
I0608 16:44:19.635879    8837 grpc_verifier.go:357]      Loaded AK KeyName 000b2d0ec438a3e1cb164946caba8da92785dfe11f35e5da821e5dd03abd73f87d5f
I0608 16:44:19.635924    8837 grpc_verifier.go:359]      MakeCredential Start
I0608 16:44:19.635956    8837 grpc_verifier.go:365]      Sending Nonce: RbXqubuDWJBbQfYgmqBhNbtfTPHMKopK
I0608 16:44:19.639907    8837 grpc_verifier.go:370]      <-- End makeCredential()
I0608 16:44:19.639958    8837 grpc_verifier.go:375] =============== ActivateCredential ===============
I0608 16:44:19.675010    8837 grpc_verifier.go:386]      Returned Secret: RbXqubuDWJBbQfYgmqBhNbtfTPHMKopK
I0608 16:44:19.675064    8837 grpc_verifier.go:392]      AK Verification Complete
I0608 16:44:19.675099    8837 grpc_verifier.go:398]      Sending Quote with Nonce: DAHOcoxKfaPNBfqTrpuiCVVFYDRAFKjv
I0608 16:44:19.675136    8837 grpc_verifier.go:410] =============== Attestation ===============
I0608 16:44:19.743387    8837 grpc_verifier.go:427]      Verifying Attestation with AK Public Key:
 -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEQv5c+L4fBGy4OrraB/
lpNEMnw6qmpE5enKiudsRxtqzchccmBRoY3Ggtp6rJ2vFBzUzO1uOV7wLTu1iWyE
2AgJ6UDoH36Epd3ke3zFQp6CFprvOD+qb9n5X0tVBa30Ol3yoLy4GJ2skV1CgYLW
NOrFrk3YJtf0hFeocbQDoYoxUatVUfkX40elymf9gcCwoZYyXyQPwMr1ajVRCOuY
3bgHhjad6+Lp67TdIB1+3Kxs2F5Syvtdejf3qAClzUNVqsuI0xuVGQli4Kb827r+
fJQbXyd1TqdxItApQ3AfwzAmkqWdl2ECQ74RmSNkA/s6ZK0OSlARoXtAfkbGqwTG
4QIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.745981    8837 grpc_verifier.go:438] Quotes Hash SHA1
I0608 16:44:19.746060    8837 grpc_verifier.go:438] Quotes Hash SHA256
I0608 16:44:19.746141    8837 grpc_verifier.go:438] Quotes Hash SHA384
I0608 16:44:19.746227    8837 grpc_verifier.go:442]       Event PCRIndex 0: Digest: fa129a8f82b65bcbce8f9e8e5f6de509beff9b1df33714116bf918c5a3bba45d  Data: GCE Virtual Firmware v2
I0608 16:44:19.746303    8837 grpc_verifier.go:442]       Event PCRIndex 0: Digest: 6ac9241348a80c5755a63bcd1865b9f6d5720f6e925dc869bb4694281c1510c5  Data: GCE NonHostInfo
I0608 16:44:19.746394    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 115aa827dbccfb44d216ad9ecfda56bdea620b860a94bed5b7a27bba1c4d02d8  Data: 61dfe48bca93d211aa0d00e098032b8c0a00000000000000010000000000000053006500630075007200650042006f006f00740000
I0608 16:44:19.746489    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 62d1c555dbf3521db5d9e09b4f1f748f231e1bae706ddad7767428a581e394d6  Data: 61dfe48bca93d211aa0d00e098032b8c0200000000000000490400000000000050004b00a159c0a5e494a74a87b5ab155c2bf07249040000000000002d040000d2fa81d2888da44797925baa47bb1b893082041930820301a0030201020210601f02f511fef8ed615e4a69d855525e300d06092a864886f70d01010b0500308191310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53311e301c060355040313155545464920506c6174666f726d204b657920763130301e170d3230303830363139343834345a170d3330303830343139343834345a308191310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53311e301c060355040313155545464920506c6174666f726d204b65792076313030820122300d06092a864886f70d01010105000382010f003082010a0282010100a5490d792d47f5f777897cce9be5eb46833f1abaf748ef609c968ddf1efc17073b26e53d506a6c1802aac24dc4bb3316ae0939269174d2f5e8cce0d36941617a286f369d1f3cbd1c8a3bf32748d2fc64ffabb51bb4a755ff994617c22d3f9cf9323ca2d1d9027d1f610eaf0fd10a15afc27bb6f355ad7d43c262cdadd928c1085fe6833648f28decf303ad2fccbe0e68bd4f46c63b5c185f6a24cf9d4f29b860546400eca25199e7a423112488dec639bff6550a9c74cf5cf38e8e942fbc69bc200efacbdd8a8aaa1c3c0e748cd806cda5922051377552ddd7f8f59754a063dea7718c0c917b3f1d3d6ca65c38e2f820680732ec5849145bced2d5ca2080e0010203010001a36b3069300f0603551d130101ff040530030101ff30290603551d0e04220420c934f8adacc4e8ed4a997eda95e6056c30bd23061084e199d0ec4b1424d97650302b0603551d23042430228020c934f8adacc4e8ed4a997eda95e6056c30bd23061084e199d0ec4b1424d97650300d06092a864886f70d01010b050003820101003b3e66a2c5bd05b83b697ac346bda0644c659630eedb0edc78ad0a26ef3a6b12796214966e9e0d3c152debef7a1bd6eac7d25cd99bdd36da7469f31a9c486937c03904f71429a5686f8e17fa48e1ddc0cf7f3b156aea7a3f04fcf53e4458b20e15d3b72060f0ada7b0a4ed9048ee6dcc6cb53283c106d78fedbe3297f578768741521ae1a0f3f8e31980860ed6923e45c1a405aead9e660b6a3d0b319a0494787ffe752390b601f1cc1b41f94f429e86ec9bfc8cd7f6603002b1a6b7ad9ee13f52c5d3fb2d950d3cc1333ab856d51cd7bec0fa568778b80f61da7fe56d91e20411313363ccc2ea286dbfa2a3e5b40112f83823798da8746bbab56b1e946092be
I0608 16:44:19.746595    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 894d6d776d896b92dd65860e93ea5570ea029d8f418ff583b3f078ae55516450  Data: 61dfe48bca93d211aa0d00e098032b8c030000000000000052040000000000004b0045004b00a159c0a5e494a74a87b5ab155c2bf072520400000000000036040000d2fa81d2888da44797925baa47bb1b89308204223082030aa003020102021100ac55796927e5ad291750b4a3f1d433aa300d06092a864886f70d01010b0500308195310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53312230200603550403131955454649204b65792045786368616e6765204b657920763130301e170d3230303830363139343835305a170d3330303830343139343835305a308195310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53312230200603550403131955454649204b65792045786368616e6765204b65792076313030820122300d06092a864886f70d01010105000382010f003082010a0282010100ba6422783a5766d73de0c300235aa88744c16b5cfc2ad1799598b5a8686501cde2f8d55c072bbea2413c65d751d886a680affd2799540033733ab28e9c9b275dee5d513d82696774a1cb7a8ee31c60cb7d24a78cd6d349bd11511d92687dfbdce2fc6f3dbaeb73ef039bdf83365abc9bc1aec3e54d74d83992a09028ab9cf662bbe98d9a062d11aa0413fa03597efe044630081432a29b843d4717554a5d99c81aaf5425ca47851bd0c4e1b79e555693acfc747f919e9ffd61f10f44e440505e4f52750be7e237c2be5d7ab208a1e63173b1b666e4f2456b05f5657267b3aab98c31018e25e3190326902f4a898791b7cd82d099c939b6a4c224468bb4ba9e650203010001a36b3069300f0603551d130101ff040530030101ff30290603551d0e04220420d0e4595e47c20222e9aa2019051b670582e44b3f571f525f9906f22d71897c4a302b0603551d23042430228020d0e4595e47c20222e9aa2019051b670582e44b3f571f525f9906f22d71897c4a300d06092a864886f70d01010b050003820101008e4e6b8aed0438b0fffca98236f9b92f6d0835569ab45bf696b66d00403c368845607c8abc271347bbad5986498188486c75a6a3edb62dffca30a6fc5f4679b330f850ea2079d6f904c635a2a43f6ca6049bf2d7e9d2d7ba32a4d3de89b2608f71e0bd77c27f6e7d9b658595e55606e350dd50c9ebc7c0db7b2a6b3c35df496e4f49095f49a0e223901a548e90960837dd1830fe88620fcc6752f8a8eb362038b9d9f391d90ef3774530cbeeebd6b5b2709152c84dbc704d3db3d1c1b45857d952fd04f07dfb7b1206cd174e39e606e565b7a3bc6260475561c9e9f48c83e8b955b15ded17ec09c62bc31cdc351004f5464f8651d160a16dcc2239abe1dadd97
I0608 16:44:19.746704    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 0b564e1cd0758127323b6c5b1271d85b916845e6a0373a70d869fb00426bc064  Data: cbb219d73a3d9645a3bcdad00e67656f02000000000000003d0400000000000064006200a159c0a5e494a74a87b5ab155c2bf0723d0400000000000021040000d2fa81d2888da44797925baa47bb1b893082040d308202f5a003020102021046d11bbb1e23d960e362298132420162300d06092a864886f70d01010b050030818b310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53311830160603550403130f55454649204442204b657920763130301e170d3230303830363139343835355a170d3330303830343139343835355a30818b310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e311f301d060355040b1316436f6e7461696e6572204f7074696d697a6564204f53311830160603550403130f55454649204442204b65792076313030820122300d06092a864886f70d01010105000382010f003082010a0282010100d0cc91eee40eb5b81354e945146793225e35f0cbc0eee38047862b0d0698ba71354765d749f3988d95d13970f2fb8591493fd9fbecac8544208bc53d82543364c0cc84da3bc9913cf6c76a96bc9fae22e2f6e40b1f81baefeedd61d899fbf7464bc1bf54dea42fa8c2ef221fdc4ed34b6add0369926c767268d4c4e71405ab619675f4a0788fa249a46fd006743eb3c5e26de492a1afdb3044139f638440578472e99edc27ae64acd7cb2b4c2ca915ff3e33f8261d77247090e162bd65075aada755e7104207720cd598c469d8e0c36c4cc6057effa6872473330871045330300684c214c55ac20fe95370af022041a0f0de8d5f504bb36af4df74d8542da24b0203010001a36b3069300f0603551d130101ff040530030101ff30290603551d0e042204204b4eb27158d8dd4a5bb760f5677f184708c15fdaf94d830a7e59c94b065a2724302b0603551d230424302280204b4eb27158d8dd4a5bb760f5677f184708c15fdaf94d830a7e59c94b065a2724300d06092a864886f70d01010b050003820101008e77d577598bf9f3d755a2fe59398a38cd2b393d7a6db35ffcb18bccc2fccb06be3a2da7a37c6eca8e3218ebae429e293ffd9cbd377652f7e7c47862ab04f13c0a5c02d3a4212db58348522a8f6cbdaaae45c815b49359e8d944019efc780a72f0fc1814dde69ed308efd65a4321b330c5edc4fdab9c566cda217dcef37730d892fd94b9b53ecba6d0bd951c36520933f6e2fceb5a85d7a385121cefed06dfcd918add9101f90aa18962dc73291c071ca11aaf7bf3b225b80cfce55bc9148d1b9a97578138a4f960a19bace03f3c95d5f71ffbbf57f6b8022baa1dc7ca9a434da189ecbbb1d4c0dffe12aec00148e50253cbd344a236ee524d6dcc1e32b3f5bc
I0608 16:44:19.746861    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 39beff4f43000748a10fb697a3998447058e8743ecf2644a32dbd12726e6e202  Data: cbb219d73a3d9645a3bcdad00e67656f03000000000000006d11000000000000640062007800a159c0a5e494a74a87b5ab155c2bf07298040000000000007c040000d2fa81d2888da44797925baa47bb1b893082046830820350a003020102020900aa9fb2b09d8f20a8300d06092a864886f70d01010b0500307f310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f53311730150603550403130e55454649204442204b6579207631301e170d3138313230383031313934315a170d3238313230353031313934315a307f310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f53311730150603550403130e55454649204442204b657920763130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad67d5383f9696941c224e87269148ce9f65e9bc752550e9ec9e1bec9bdf788406f430d9367777d76bc373d78bfd26205349fef4294d998716ff6d237728022ff9fec5d80b97b5eed4f529f3674d940e62b84d4d5b1505baed8dc6736856a6b0876048e24500f827758f5a1b999c05eacd7424dee0d654f1138be1bd28033547ec8dc597e81237c82a12da6c3b16a83b67312a2f39b2e855fc137679b4582b984c5b58fc228dc6ec5e2aecc3b02e52bbd37775215ba46857263c146973cb598e4c148a8840d05f8665b30dde0f22d5da5d5dd5e3822a5935dc944d9a494aa4c0dac4675711a471b83d83356875668dc3bf75696fb6171ea5320c2043005e0d8b0203010001a381e63081e3301d0603551d0e04160414d5db9a6764334688b0f332108bf6e4945a38f03e3081b30603551d230481ab3081a88014d5db9a6764334688b0f332108bf6e4945a38f03ea18184a48181307f310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f53311730150603550403130e55454649204442204b6579207631820900aa9fb2b09d8f20a8300c0603551d13040530030101ff300d06092a864886f70d01010b05000382010100276bdb37298029351b46fc67028847a33554072aca1c2ab5a3c6fe6caae0bfb0a1d17e22b5f1bc530bedd311bb093a65fc39e8f7632da4ea45bf8c9daa8c7ea4fd644ec45c9c5360827757763a4620b201f782a6162609bc1e91ce8709b17b1705ad2d50b391db8aa207d7fdde47c84d2ec473ad168c57e98182849ee120715d3206e6730196f1a35b85e27d618665549cab4423da57fbc81e60822a2188b0c13da39e1168816c383de4b283e1cc47508bc3025e1f65c36bddb82e980716e47e01b8a48a9004daf204d32a89ce8d28e2d9fdfac46e31a41c678550a88ccc8a7896e47ee719ea1063792d1d7e5eabac7ee2316f74b9f3ceafc3e2c4be5161f338a159c0a5e494a74a87b5ab155c2bf072b9040000000000009d040000d2fa81d2888da44797925baa47bb1b893082048930820371a003020102020900ece6df1cfbd55bba300d06092a864886f70d01010b0500308189310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f533121301f0603550403131855454649204b65792045786368616e6765204b6579207631301e170d3138313230383031313934305a170d3238313230353031313934305a308189310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f533121301f0603550403131855454649204b65792045786368616e6765204b657920763130820122300d06092a864886f70d01010105000382010f003082010a0282010100c20e61bd51fa7c94813638bbca7065d5243359c78be4fdee97a45c07ed6ce705eacd79481e2c91a81763e218f6a4bce92891a65d69deac8c093a476c160ec8c19a40e311c4d45f8cf17969bae527fd775f71c79fdfa75d644507e902f0366f7a4fcf45e2e8edd28989fb4195dfbbc1b31118fa1c11dcef17060cb1f13bef6313675724e08b5f6a41d6f6112f3ec9626479b77382e81c98d7fd2bee797e7122cb15adaef1106f6b28c16212dfe6f523f04ff39a56da995d87dc9059f6f7398d8d2611926d04a72e2dc9d088515d1384b405c253830b4ead9c1cea465f40ed24ffe0fe30f5a670b53ba08266057270ae038195de0f3386ff65229a1af4cb5adc7b0203010001a381f13081ee301d0603551d0e0416041404aa5a64ad8582cc97baf5e314745d5bcb3b419b3081be0603551d230481b63081b3801404aa5a64ad8582cc97baf5e314745d5bcb3b419ba1818fa4818c308189310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c65204c4c432e31143012060355040b130b4368726f6d69756d204f533121301f0603550403131855454649204b65792045786368616e6765204b6579207631820900ece6df1cfbd55bba300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101005ac7779aad1d0034c3ed3c76b987037897091ced31f7584edbaa7672a512a31e303e0738ff1939ca2b5e3200c1e4258bc2072e9de0c061830ed4f9a4b6912f2eef5af368021b11a2c30fb0efc3894ceaecebc54cd730748ea0375f9132552c1526a8bc89d82b9e71ac240712068b27508f29362f520c2dcc44f135ab51148ee0cd8ec13bb7f22d05ef8c48c5821f68691bcba767bbb058245f015dc591d9eafd2e47cc3cbafa42b219d8feae9ae155e0f3db14b230e94d2098a0e2ebaa535eba0d37e8400d93c67306fd3b87b7af59e2e65c570c7f1f03ecdbebd408262a643c2eb8728d2049bc9082bcb123d2b29db6b02f21fbb2a56fcc23fddd25cd286092a159c0a5e494a74a87b5ab155c2bf0720304000000000000e7030000d2fa81d2888da44797925baa47bb1b89308203d3308202bba003020102020900db97b0d1bfd471f1300d06092a864886f70d01010b0500307f310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731143012060355040a0c0b476f6f676c65204c4c432e31143012060355040b0c0b4368726f6d69756d204f533117301506035504030c0e55454649204442204b65792076313020170d3138303432373135303633375a180f32323138303331303135303633375a307f310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731143012060355040a0c0b476f6f676c65204c4c432e31143012060355040b0c0b4368726f6d69756d204f533117301506035504030c0e55454649204442204b657920763130820122300d06092a864886f70d01010105000382010f003082010a0282010100b5b3160f286f2b0a5c28e76c14e900cf1d3050b6a475fb1a9c0448d1be158408db5f18d40a35a7906db46a8fa14e6518d798517c60c48a9f375f002c71f5d2044245fa9b0b9e1f68f53594caf47b48ef8baec6806cedc8b97896d0202bb1c74c79ad67082160d4b8e692b3fcb1469be4e52a0f873d90454fd1ad6e34597b9212db174a91633fb0f03ca97c33bea98b3773907247f429c852510981dfec21e2f6055764c48f3d74a11d0564ef0b14538e7a8a2e91c443632db5f57add336d403e77eccc799f2a1cc015d74e7187702b038bfb0f5329553008833bd062ff60eb72c00d7b9909049b438defda3243475a0e56749e00f10bcc54200498b1144f3a490203010001a350304e301d0603551d0e0416041453ba318806f42bd8a7aa80aa7fc99be300346a6f301f0603551d2304183016801453ba318806f42bd8a7aa80aa7fc99be300346a6f300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010081b2381ff7a05a3a7f75a816b741ce299bff0787f217a3b42820a5c2fef1675ec7d55197930a8bfd469466e27ad303b2bd5a97075a6a06a6f5169fb884299688534819d0ad4faef8b6ed465085f42db918343bd12d109710109ade3549cee44854cf9ba0476ae1776ff45a7fd017df431a9a9b685e802180c9c7022b429fac823ac449fddd6dd3896ab22a9e7e17f6eb122dbd19e4bb11bbf884276f21850863dc8c5340135b612e92ffeb2fdda6b5704cbb2f667b16623fb51a0d725243a708df0a97743744356aa3df2639151cd1b281f81f3f150b1bb66cdb6fedbd9d74095b5149c747a3a89c8318604f1c01a9c04253541de6c165f3054e8dcbb4f77659a159c0a5e494a74a87b5ab155c2bf0721904000000000000fd030000d2fa81d2888da44797925baa47bb1b89308203e9308202d1a003020102020900a81d719e39ac6303300d06092a864886f70d01010b0500308189310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731143012060355040a0c0b476f6f676c65204c4c432e31143012060355040b0c0b4368726f6d69756d204f533121301f06035504030c1855454649204b65792045786368616e6765204b65792076313020170d3138303432373135303633375a180f32323138303331303135303633375a308189310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731143012060355040a0c0b476f6f676c65204c4c432e31143012060355040b0c0b4368726f6d69756d204f533121301f06035504030c1855454649204b65792045786368616e6765204b657920763130820122300d06092a864886f70d01010105000382010f003082010a02820101009b21d1cf31065953af23239933e6b9b0be8f83419649e5a9919c052706936596135007a4da2d44bf0fd4c8a3fd17d5ef13db55e4e0f7f70f97246ee431b09cd0e4e54439be7db09f40863554a31431b955be881cc3d2659bc4a7f67004b2d9844811c680008e504f64b03bc819cbf1bc2f0024faf3b4bc86f29cdd16b852e5d43a7670c4370b12d23c7f903d267219dea8e9ec1453d2736e8a69ba35e9938dc4407e59244ff025bfee8d4156705cca1dbfc4915d612354e6049d7ebd1da46a8e3fd6140eea4d732d447e332047634491536390c41a527b3faab7ba08b4c05cd446a75efabdb6ac749dd093997418429953e70b643db13db1de73c1b0edf1bb470203010001a350304e301d0603551d0e04160414b94e69afdc933cc3599f3fd579c4021d8c185bed301f0603551d23041830168014b94e69afdc933cc3599f3fd579c4021d8c185bed300c0603551d13040530030101ff300d06092a864886f70d01010b050003820101007d0514cfdfb8a4e23176066249b29300e8d1d2ee6c4872414260a97e4cef331857779a503a767130e5663eb54701349a4068734957faf36a018fa56308a32fa701a2d24a99f28445d84e742fcde8d84628cddcdd15f6d98cd2a815887341a93c5d7dcc25b2de4e51eb061cfaa004eb79451bb9386274ae4bb2996c311ce288c38de1cf9156eef86e99bb49de2cbc1d2150223498324af4b0ecc9866be71e5a59e293a83cdc8d03d0cceac9ab887fb6f8c9c914cf70f1b83acec5795fee8a2f8eb8fc5b972ff5ff216980b006e2f067bc64c26311a0eb175aa40f868bbeed0cb21cc476faef40efb71a7dcb9a2fd160a4741ca669ee35d3c928fbeacc6df502b8
I0608 16:44:19.747022    8837 grpc_verifier.go:442]       Event PCRIndex 7: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747112    8837 grpc_verifier.go:444]       Event PCRIndex 1: Digest: 6b1e73a0094b7b812d3b9e22cffb4f8239319847522c4fa103753b6950020f93  Data: 61dfe48bca93d211aa0d00e098032b8c0900000000000000040000000000000042006f006f0074004f00720064006500720000000100
I0608 16:44:19.747197    8837 grpc_verifier.go:444]       Event PCRIndex 1: Digest: 3197be1e300fa1600d1884c3a4bd4a90a15405bfb546cf2e6cf6095f8c362a93  Data: 61dfe48bca93d211aa0d00e098032b8c08000000000000003e0000000000000042006f006f0074003000300030003000090100002c0055006900410070007000000004071400c9bdb87cebf8344faaea3ee4af6516a10406140021aa2c4614760345836e8ab6f46623317fff0400
I0608 16:44:19.747279    8837 grpc_verifier.go:444]       Event PCRIndex 1: Digest: 2be7a459e309c7bb7888fb58283987fe1c0bd1d3c1be276bc9e97693e65c8d49  Data: 61dfe48bca93d211aa0d00e098032b8c0800000000000000600000000000000042006f006f0074003000300030003100010000002600550045004600490020006e0076006d0065005f0063006100720064002d0070006400000002010c00d041030a00000000010106000004031710000100000000000000000000007fff04004eac0881119f594d850ee21a522c59b2
I0608 16:44:19.747361    8837 grpc_verifier.go:442]       Event PCRIndex 4: Digest: 3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba  Data: Calling EFI Application from Boot Option
I0608 16:44:19.747450    8837 grpc_verifier.go:442]       Event PCRIndex 0: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747527    8837 grpc_verifier.go:442]       Event PCRIndex 1: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747606    8837 grpc_verifier.go:442]       Event PCRIndex 2: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747682    8837 grpc_verifier.go:442]       Event PCRIndex 3: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747761    8837 grpc_verifier.go:442]       Event PCRIndex 4: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747837    8837 grpc_verifier.go:442]       Event PCRIndex 5: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.747913    8837 grpc_verifier.go:442]       Event PCRIndex 6: Digest: df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119  Data: 
I0608 16:44:19.748003    8837 grpc_verifier.go:444]       Event PCRIndex 5: Digest: 14f6f858d89ebfd4777c589334f8c3032f2c3c7f18b8816a1d794d68a2675646  Data: 4546492050415254000001005c00000009d4ee07000000000100000000000000ffff3f01000000002200000000000000deff3f010000000029ace2b149ab4232a41bee93cc1c306d02000000000000008000000080000000de7fad780c00000000000000af3dc60f838472478e793d69d8477de45560c75df54f442cbce9dfb000ef3cad00d0840000000000deff3f010000000000000000000000005300540041005400450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005d2a3afe324fa741b725accc3285a30905b870cf88c544d1a02538598800ac710050000000000000ffcf000000000000000000000000ff014b00450052004e002d00410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e2b83c7e3bdd478a3c7ff2a13cfcec45dd72e2ce1b401489d9829872063f5900d0440000000000ffcf840000000000000000000000000052004f004f0054002d0041000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005d2a3afe324fa741b725accc3285a3095c223b9666924b4c9a29943bd63e883700d0000000000000ff4f01000000000000000000000000004b00450052004e002d00420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e2b83c7e3bdd478a3c7ff2a13cfcec4c8c425e830c4dc784edf6450da03fe500d0040000000000ffcf440000000000000000000000000052004f004f0054002d0042000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005d2a3afe324fa741b725accc3285a309fb94a3d6242f47f0a63791288dc17af94040000000000000404000000000000000000000000000004b00450052004e002d00430000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e2b83c7e3bdd478a3c7ff2a13cfcecce4c60e278d748fc8d2038a9473178db41400000000000004140000000000000000000000000000052004f004f0054002d004300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af3dc60f838472478e793d69d8477de4d4a774e999ca47ec866c50e9a7d7e89e0050010000000000ffcf01000000000000000000000000004f0045004d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003d750a2e489eb0438337b15192cb1b5e7fd92fe92c884a869a79217152359d674240000000000000424000000000000000000000000000007200650073006500720076006500640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003d750a2e489eb0438337b15192cb1b5ecf5d4c2e634a4db7b9506b5ef77d55464340000000000000434000000000000000000000000000007200650073006500720076006500640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004861682149646f6e744e6565644546498ab37ea620a74e2898c398b4fb5504c140000000000000003f40000000000000000000000000000052005700460057000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000028732ac11ff8d211ba4b00a0c93ec93b34b4ee8d6a284ffc9e3b787e92b0e77300d0030000000000ffcf04000000000004000000000000004500460049002d00530059005300540045004d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
I0608 16:44:19.748101    8837 grpc_verifier.go:444]       Event PCRIndex 4: Digest: c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff  Data: 180072bd00000000f0f20d00000000000000000000000000800000000000000002010c00d041030a000000000101060000040317100001000000000000000000000004012a000c00000000d0030000000000000001000000000034b4ee8d6a284ffc9e3b787e92b0e7730202040430005c004500460049005c0042004f004f0054005c0042004f004f0054005800360034002e0045004600490000007fff0400
I0608 16:44:19.748190    8837 grpc_verifier.go:442]       Event PCRIndex 14: Digest: 8d8a3aae50d5d25838c95c034aadce7b548c9a952eb7925e366eda537c59c3b0  Data: MokList
I0608 16:44:19.748268    8837 grpc_verifier.go:442]       Event PCRIndex 14: Digest: 8d8a3aae50d5d25838c95c034aadce7b548c9a952eb7925e366eda537c59c3b0  Data: MokListX
I0608 16:44:19.748346    8837 grpc_verifier.go:444]       Event PCRIndex 7: Digest: 922e939a5565798a5ef12fe09d8b49bf951a8e7f89a0cca7a51636693d41a34d  Data: 50ab5d6046e00043abb63dd810dd8b230900000000000000120000000000000053006200610074004c006500760065006c00736261742c312c323032313033303231380a
I0608 16:44:19.748434    8837 grpc_verifier.go:444]       Event PCRIndex 4: Digest: a7ca206c847415be7b2f9106408ea9bec4c19d7e3c5f23a9562cbe7525dd618a  Data: 180075bd0000000000f70a000000000000000000000000003c00000000000000040438005c004500460049005c0042004f004f0054005c0067007200750062002d006c0061006b006900740075002e0065006600690000007fff0400
I0608 16:44:19.748512    8837 grpc_verifier.go:442]       Event PCRIndex 9: Digest: 1dbb631516f50d735b1a42258d656017ff0090263fb6a6aa478a24053fa9e772  Data: /efi/boot/grub.cfg
I0608 16:44:19.748590    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: e52f9e073da78c4182540820451daee9c309f5fb70b2ce1b840693c75388d3b9  Data: grub_cmd: defaultA=2
I0608 16:44:19.748667    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 3fa7f74d2032b522477ad29781c748842ace9ae3e1cdcb4d5bb5a759b64c0c67  Data: grub_cmd: defaultB=3
I0608 16:44:19.748744    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 9661d8af32fd2d6d07c7bf601489f074eb332e1de5d97352b613c55ca6cdcaaa  Data: grub_cmd: gptpriority hd0 2 prioA
I0608 16:44:19.748819    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: c1c71a15b68ddc817a36d0bc751fc004bef69bdc277d74ca38d0ec2844b2af3f  Data: grub_cmd: gptpriority hd0 4 prioB
I0608 16:44:19.748895    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 6fd8deacc183061fb3ad90f6b13935516179929577d26094a7f68e7b8b44e434  Data: grub_cmd: [ 15 -lt 0 ]
I0608 16:44:19.748985    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 49fdfaac5d8e2402382a617d0aa0c0ce5ab5e8335492fdda735d7a78d439bff1  Data: grub_cmd: set default=2
I0608 16:44:19.749064    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: d3a793f471b6bfe8d783f5e629314cad4763d48986a8cd4df25475334b40f49b  Data: grub_cmd: set timeout=0
I0608 16:44:19.749142    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: d1a7377bc15fe94a909df7aa56469a9861968b6aa672ef0a4fe2e011c61c8e60  Data: grub_cmd: menuentry local image A {
  linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume  loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware  firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0  i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt       root=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
}
I0608 16:44:19.749233    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 6ed7dbddf0a8274463581e32ee4fe3b4248ae07fdef86b7ab35dc6a0fa0c878a  Data: grub_cmd: menuentry local image B {
  linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume  loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware  firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0  i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt       root=PARTUUID=5E428C4C-0C83-C74D-84ED-F6450DA03FE5 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
}
I0608 16:44:19.749321    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: c9f8ce9199a4c74e6c2c6720e22716919ef5ad2622301cc0a50738f53e7d5cbd  Data: grub_cmd: menuentry verified image A {
  linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume  loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware  firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0  dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1       i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashtree=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashstart=4077568 alg=sha256 root_hexdigest=fd1ebf2daa9525bace1cc25c7b681623ce5c0cab492af1bb3ca1899987b0b6e9 salt=7e8298a1f66b2af9d3040556b9e0c32e01a8faec4bfe4e117cb34120756c20ba" systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
}
I0608 16:44:19.749420    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 4e100271bf50ef93be77a4259570727a257a93ed5a47b89c59e57e370d2eb49f  Data: grub_cmd: menuentry verified image B {
  linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume  loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware  firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0  dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1       i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=5E428C4C-0C83-C74D-84ED-F6450DA03FE5 hashtree=PARTUUID=5E428C4C-0C83-C74D-84ED-F6450DA03FE5 hashstart=4077568 alg=sha256 root_hexdigest=fd1ebf2daa9525bace1cc25c7b681623ce5c0cab492af1bb3ca1899987b0b6e9 salt=7e8298a1f66b2af9d3040556b9e0c32e01a8faec4bfe4e117cb34120756c20ba" systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
}
I0608 16:44:19.749510    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: eae68c27467b70a8208c7a35c755fc2e740e9870f8d2a086458e48d74eb15cfa  Data: grub_cmd: menuentry Alternate USB Boot {
  linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume  loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware  firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0  root=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
}
I0608 16:44:19.749593    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 4096ee611ea23de4dbc6795916381ae9d38caa01619273af4179be5216237abc  Data: grub_cmd: setparams verified image A
I0608 16:44:19.749674    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: b4c5836bfce026caa734738b54c1a11cab47db9277b49ccbb1ff67a3b2c5ac1f  Data: grub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashtree=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashstart=4077568 alg=sha256 root_hexdigest=fd1ebf2daa9525bace1cc25c7b681623ce5c0cab492af1bb3ca1899987b0b6e9 salt=7e8298a1f66b2af9d3040556b9e0c32e01a8faec4bfe4e117cb34120756c20ba systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
I0608 16:44:19.749757    8837 grpc_verifier.go:442]       Event PCRIndex 9: Digest: b12f3f38033e085a55cf9bb73ceb3111f9ad7b2e25446020293590d0892d9126  Data: /syslinux/vmlinuz.A
I0608 16:44:19.749837    8837 grpc_verifier.go:442]       Event PCRIndex 8: Digest: 21b6b23f86278bef015ed8725f74ee8fee6049a6015b295da4981689c6a5f2bf  Data: kernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=0 csm.pipe.enabled=1 csm.config.enabled=1 ,firmware firmware_class.path=/home/kubernetes/bin/nvidia/firmware module.sig_enforce=0 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi cos.disable_systemd_route_mgmt root=/dev/dm-0 "dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashtree=PARTUUID=E272DD45-1BCE-1440-89D9-829872063F59 hashstart=4077568 alg=sha256 root_hexdigest=fd1ebf2daa9525bace1cc25c7b681623ce5c0cab492af1bb3ca1899987b0b6e9 salt=7e8298a1f66b2af9d3040556b9e0c32e01a8faec4bfe4e117cb34120756c20ba" systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false
I0608 16:44:19.749924    8837 grpc_verifier.go:442]       Event PCRIndex 5: Digest: d8043d6b7b85ad358eb3b6ae6a873ab7ef23a26352c5dc4faa5aeedacf5eb41b  Data: Exit Boot Services Invocation
I0608 16:44:19.750002    8837 grpc_verifier.go:442]       Event PCRIndex 5: Digest: b54f7542cbd872a81a9d9dea839b2b8d747c7ebd5ea6615c40f42f44a6dbeba0  Data: Exit Boot Services Returned with Success
I0608 16:44:19.750079    8837 grpc_verifier.go:447]      Attestation verified
I0608 16:44:19.750131    8837 grpc_verifier.go:551]      <-- End verifyQuote()
I0608 16:44:19.750185    8837 grpc_verifier.go:553] =============== PushSecret ===============
I0608 16:44:19.750239    8837 grpc_verifier.go:559]      Generate Test Certificate for AK 
I0608 16:44:19.750304    8837 grpc_verifier.go:571]      Issuing certificate with serialNumber 521262
I0608 16:44:19.752814    8837 grpc_verifier.go:629]      X509 issued by Verifier for Ak: 
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIDB/QuMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVT
MQ8wDQYDVQQKDAZHb29nbGUxEzARBgNVBAsMCkVudGVycHJpc2UxIjAgBgNVBAMM
GUVudGVycHJpc2UgU3Vib3JkaW5hdGUgQ0EwHhcNMjMwNjA4MTY0NDE5WhcNMjMw
NjA5MTY0NDE5WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEDAOBgNVBAoTB0FjbWUgQ28xEzARBgNV
BAsTCkVudGVycHJpc2UxHzAdBgNVBAMTFnZlcmlmeS5lc29kZW1vYXBwMi5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMRC/lz4vh8EbLg6utoH+W
k0QyfDqqakTl6cqK52xHG2rNyFxyYFGhjcaC2nqsna8UHNTM7W45XvAtO7WJbITY
CAnpQOgffoSl3eR7fMVCnoIWmu84P6pv2flfS1UFrfQ6XfKgvLgYnayRXUKBgtY0
6sWuTdgm1/SEV6hxtAOhijFRq1VR+RfjR6XKZ/2BwLChljJfJA/AyvVqNVEI65jd
uAeGNp3r4unrtN0gHX7crGzYXlLK+116N/eoAKXNQ1Wqy4jTG5UZCWLgpvzbuv58
lBtfJ3VOp3Ei0ClDcB/DMCaSpZ2XYQJDvhGZI2QD+zpkrQ5KUBGhe0B+RsarBMbh
AgMBAAGjeTB3MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAM
BgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFLe6sAKh5740xsEFXGZ45btTXaFUMCEG
A1UdEQQaMBiCFnZlcmlmeS5lc29kZW1vYXBwMi5jb20wDQYJKoZIhvcNAQELBQAD
ggEBACdxamQls0UHsd2+aWBxzHmWoLIw178M3XgWEIjhdHWQ8e4pCi0B2vD27uqp
kHCwqYBTjWslxbBk4yPFmZNfDd8xvVUXJey5UAPPZPIIJFoSd6wObOWc35ons4Dt
iaammE6kuMWjPgpCPDPsNRbP9qDmqOlHtLJQJHJnFBO8vuoEEehvWZ1vaB2LnbII
BE+z4Q24H1+eYfg6s2FVybueu+TvRWEuDgkjhsTjypOGLnBLOHXZUSy33MPo5osu
ZQ5jvne73rFnonGpEqfxuPbFYB0ie0/KJmbQ+ipb7UisPl8FYvTgao2v//ud5S7E
q4idZUxmfqJEzERBH+qtM8G429s=
-----END CERTIFICATE-----
I0608 16:44:19.752927    8837 grpc_verifier.go:631]      Pushing AES
I0608 16:44:19.753204    8837 grpc_verifier.go:660]      Hash of AES Key:  bZeQ9G0KuKpHVwfZuobcMf7tL/ViU1maVaJCAY+QjfU
I0608 16:44:19.791307    8837 grpc_verifier.go:728]      Verification bZeQ9G0KuKpHVwfZuobcMf7tL/ViU1maVaJCAY+QjfU
I0608 16:44:19.791388    8837 grpc_verifier.go:733] =============== PullRSAKey ===============
I0608 16:44:19.943022    8837 grpc_verifier.go:763]      Attestation of Unrestricted Signing Key Verified
I0608 16:44:19.943121    8837 grpc_verifier.go:781]      Unrestricted key parameter matches template
I0608 16:44:19.943239    8837 grpc_verifier.go:798]      uakPub PEM 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOF1zpPuuew531MM0jY+
o+bk2S2woqQDBqnOS/y2dltgyNSxQUCKcg1ITi9Cuhgxey+fWdd4TmF6mzg0b8uw
6toCfQYgJn1X5wpkmWKDiWWgybe/9d3jxpdn78hQ96YOFdkWDPBW2xnH9Yq0Hxah
y2N3rTnWJZ/RYKhQc9cfi9p8Zyhi1IRyOdsysIKkzi1gwkMDNLwCa9tt+qUfgUJL
4CxtDHEUP4ZwitoNdfvk+x+47sQTP/QLN7MA2+vQ62RZ33SjG2raTtAYl1QYz27Y
Iuaqxrt1e0/iegj9bll7KNK5jGwzxt19yBq21xcU+8ycChjsFDf/947C1XITyfXz
PQIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.943330    8837 grpc_verifier.go:803]      SigningKey Test Signature PFaCe+Ly2/T5ySzAZRzoDNDMndsqO4N6XvCTypwLawIiJtpal8qtELzK+H4YbDeewal9XtlBnYcYMNfYzRU8NgdtiGYEGcLsghpqjss9yVX740gCVjc4ChmIjn6Gf9eJyXspS/5Cj604pEi166DZBn+lSLSeQ443Tr/Vt+gXzdx6+u+bN8LRTXss9p9rU3KtGuRgO4964nPowBINg8H2jtbg2L5hvQ6NGsP3HIEVfgzMSfgwYQ6ch5uujMdeytyYh0+HZNHAz/Q/ke233EXB6xyL0FaFaE3PriDxVILz4b3W7YmbV7uSHs6m/9x1BTwZaGVjUGf0vMCaD9ZDrEEbow==
I0608 16:44:19.943529    8837 grpc_verifier.go:804]      Data to verify signature with: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.943695    8837 grpc_verifier.go:811]      Test Signature Verified
I0608 16:44:19.943793    8837 grpc_verifier.go:832]      Unrestricted RSA Public key parameters matches AttestedCertifyInfo  true
I0608 16:44:19.943882    8837 grpc_verifier.go:847]      Issuing certificate with serialNumber 499932
I0608 16:44:19.947984    8837 grpc_verifier.go:882]      X509 issued by Verifier for unrestricted Key: 
-----BEGIN CERTIFICATE-----
MIID2jCCAsKgAwIBAgIDB6DcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVT
MQ8wDQYDVQQKDAZHb29nbGUxEzARBgNVBAsMCkVudGVycHJpc2UxIjAgBgNVBAMM
GUVudGVycHJpc2UgU3Vib3JkaW5hdGUgQ0EwHhcNMjMwNjA4MTY0NDE5WhcNMjMw
NjA5MTY0NDE5WjCBiTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx
FjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEDAOBgNVBAoTB0FjbWUgQ28xEzARBgNV
BAsTCkVudGVycHJpc2UxJjAkBgNVBAMTHW10bHMsc2VydmVyLmFub3RoZXJkb21h
aW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOF1zpPuuew5
31MM0jY+o+bk2S2woqQDBqnOS/y2dltgyNSxQUCKcg1ITi9Cuhgxey+fWdd4TmF6
mzg0b8uw6toCfQYgJn1X5wpkmWKDiWWgybe/9d3jxpdn78hQ96YOFdkWDPBW2xnH
9Yq0Hxahy2N3rTnWJZ/RYKhQc9cfi9p8Zyhi1IRyOdsysIKkzi1gwkMDNLwCa9tt
+qUfgUJL4CxtDHEUP4ZwitoNdfvk+x+47sQTP/QLN7MA2+vQ62RZ33SjG2raTtAY
l1QYz27YIuaqxrt1e0/iegj9bll7KNK5jGwzxt19yBq21xcU+8ycChjsFDf/947C
1XITyfXzPQIDAQABo3wwejAOBgNVHQ8BAf8EBAMCB4AwDwYDVR0lBAgwBgYEVR0l
ADAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFLe6sAKh5740xsEFXGZ45btTXaFU
MCgGA1UdEQQhMB+CHW10bHMsc2VydmVyLmFub3RoZXJkb21haW4uY29tMA0GCSqG
SIb3DQEBCwUAA4IBAQAE0vTZqCSNxy1o2SUB3z2bBX0fX3831m99xjkhyePzOlsH
1rzdQjEM/YAwOLJBftgcFd20Rv15QFdpp/gyk4BWn9SZhlByzhgKcUlJPQiQY8wS
QJVYZk+xXuMGHaoUEkfJar7CEDRHiB8Nhkx8+Vnb5wVjDRbOnJHrljLKgrvMTBO7
lzQMvjZKp1+Z90KLdOdI0NOo8xAnduxmX6JQyL5O0wamY+XmR++Lb0VZiTj8iMh6
sZR/ZRQiCHEP6qGIwxkxkQZXNAIAI/57XJbUwIIkDnyj/nWu2Hf5PoZ038PLp4UR
XW4tI9le5kQF8/ytGsKrWb1iEckR4bVCvx8Ufc8Z
-----END CERTIFICATE-----
I0608 16:44:19.948084    8837 grpc_verifier.go:884]      Pulled Signing Key  complete 369c327d-ad1f-401c-aa91-d9b0e69bft67

attestor logs

$ kubectl logs pod/app-56f48d865d-pjzm6



I0608 16:43:14.715104       1 grpc_attestor.go:1380] Starting gRPC server on port :50051
I0608 16:44:19.177591       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.177615       1 grpc_attestor.go:158] HealthCheck called for Service [verifier.VerifierServer]
I0608 16:44:19.179302       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.179346       1 grpc_attestor.go:172] ======= GetPlatformCert ========
I0608 16:44:19.179352       1 grpc_attestor.go:173]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.179409       1 grpc_attestor.go:191]      Returning GetPlatformCert ========
I0608 16:44:19.181509       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.181529       1 grpc_attestor.go:303] ======= GetEKCert ========
I0608 16:44:19.181533       1 grpc_attestor.go:304]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.181537       1 grpc_attestor.go:310] =============== Load EncryptionKey and Certifcate from NV ===============
I0608 16:44:19.201880       1 grpc_attestor.go:329]      Encryption PEM 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDTb2nzyrUIQWNxHX/a
ESQo4e+vm++4jotiA2n1rOg8tAKYZTQ2/a/shRIqgMB+9BfMpi3nHooUf6K1EUt5
/eUiPm/GngsPK6wx1IVNga51tHBqdY8rtR+SXFkSbWZF2yHLnn3P3gzF1wYZmhme
cm6/vQ/40i302r6FxGNLiFaKAawx89jdlXhPU4tWMxKJ8f0fzVGHyEI3k0bhgoc3
sbkxARoPvYBHJPMlH5h6Od8TZ+LtPK/PL7SVv9sduXPK+LMVD/PNBMUANY0KotMr
V0PLHU52HT/B6upSNyX80m8YoL676KHdTjAbCNYiJyJRALtigPu4LxhHk6qq4cwT
iQIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.215475       1 grpc_attestor.go:358]      Encryption Issuer x509 tpm_ek_v1_cloud_host-signer-0-2021-10-12T04:22:11-07:00 K:1, 3:nbvaGZFLcuc:0:18
I0608 16:44:19.215502       1 grpc_attestor.go:360]      Returning GetEKCert
I0608 16:44:19.224508       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.224529       1 grpc_attestor.go:369] ======= GetAK ========
I0608 16:44:19.224532       1 grpc_attestor.go:370]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.225227       1 grpc_attestor.go:378]      PCR [0] Value a0b5ff3383a1116bd7dc6df177c0c2d433b9ee1813ea958fa5d166a202cb2a85 
I0608 16:44:19.226867       1 grpc_attestor.go:378]      PCR [7] Value f7c8a51aaf0d22c438fcaa3b617c2594bceffb22782cd8a3b96fcbe5ff4d0a2c 
I0608 16:44:19.226888       1 grpc_attestor.go:384]      createPrimary
I0608 16:44:19.418259       1 grpc_attestor.go:408]      tpmEkPub: 
&{26281644390856465103046433162100739626189299438495286243935926148642067364005401546279467503527858871911343120002759300082873942958927788454562033429052797024085375081865413192790600293325978509692691013691198335593318953237126012271370880177393610578019525059047658485606870577777555623498002881147920156988513178004399414813252888684710146913252863009097702691602385507372545007330902585582021560156530573860071661250579922833339368819467393884429412944125195030904684461797193086069813256079203623603699570462323632808973880664766517033064409151513886078675038990695324820265525358028212467985809970458381022663561 65537}
I0608 16:44:19.418403       1 grpc_attestor.go:421]      ekPub Name: 000b353cffa59d481b898b8bd848ec5befc4755eb81d0ea0e67f51e1d96812638332
I0608 16:44:19.418458       1 grpc_attestor.go:422]      ekPubPEM: 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DDTb2nzyrUIQWNxHX/a
ESQo4e+vm++4jotiA2n1rOg8tAKYZTQ2/a/shRIqgMB+9BfMpi3nHooUf6K1EUt5
/eUiPm/GngsPK6wx1IVNga51tHBqdY8rtR+SXFkSbWZF2yHLnn3P3gzF1wYZmhme
cm6/vQ/40i302r6FxGNLiFaKAawx89jdlXhPU4tWMxKJ8f0fzVGHyEI3k0bhgoc3
sbkxARoPvYBHJPMlH5h6Od8TZ+LtPK/PL7SVv9sduXPK+LMVD/PNBMUANY0KotMr
V0PLHU52HT/B6upSNyX80m8YoL676KHdTjAbCNYiJyJRALtigPu4LxhHk6qq4cwT
iQIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.418467       1 grpc_attestor.go:428]      tpmEkPub: 
&{26281644390856465103046433162100739626189299438495286243935926148642067364005401546279467503527858871911343120002759300082873942958927788454562033429052797024085375081865413192790600293325978509692691013691198335593318953237126012271370880177393610578019525059047658485606870577777555623498002881147920156988513178004399414813252888684710146913252863009097702691602385507372545007330902585582021560156530573860071661250579922833339368819467393884429412944125195030904684461797193086069813256079203623603699570462323632808973880664766517033064409151513886078675038990695324820265525358028212467985809970458381022663561 65537}
I0608 16:44:19.418531       1 grpc_attestor.go:436]      CreateKeyUsingAuth
I0608 16:44:19.592663       1 grpc_attestor.go:474]      akPub: 0001000b00050072000000100014000b0800000000000100cc442fe5cf8be1f046cb83abada07f969344327c3aaa6a44e5e9ca8ae76c471b6acdc85c726051a18dc682da7aac9daf141cd4cced6e395ef02d3bb5896c84d80809e940e81f7e84a5dde47b7cc5429e82169aef383faa6fd9f95f4b5505adf43a5df2a0bcb8189dac915d428182d634eac5ae4dd826d7f48457a871b403a18a3151ab5551f917e347a5ca67fd81c0b0a196325f240fc0caf56a355108eb98ddb80786369debe2e9ebb4dd201d7edcac6cd85e52cafb5d7a37f7a800a5cd4355aacb88d31b95190962e0a6fcdbbafe7c941b5f27754ea77122d02943701fc3302692a59d97610243be1199236403fb3a64ad0e4a5011a17b407e46c6ab04c6e1,
I0608 16:44:19.592718       1 grpc_attestor.go:475]      akPriv: 00206cf9b8098859b783f98aa57faee31aef3e55418096996cdccd7479eae41c4c7d00102da7f290703eaac2704bf22c978de36ccd503d01dbd400394685b6ef83efc5a0724668742b014e4a6dad79df334d1ffed35ba1b8559f2a64ee6c36bb28def0c842659b1b15d7a2ee7d3dca9e527af38186b1f43a96e0aad88edc1367c0dbfc6ffddbc59fac567b7698e849cd74ffd6fab6c31cab9b9bcbd4474f6edc779c8f09fac9ae755ea9c9f00495c576e226dd415f98a46fd9aa149d711412dfc7eebbeb3210e1d462bee14aac3073689daf63d9331878aea4e186508f0e,
I0608 16:44:19.592746       1 grpc_attestor.go:483]      CredentialData.ParentName.Digest.Value 353cffa59d481b898b8bd848ec5befc4755eb81d0ea0e67f51e1d96812638332
I0608 16:44:19.592803       1 grpc_attestor.go:484]      CredentialTicket fab050ab41384c0b49a37904f7613669bb9687c40a1baebd2791b80b3470d311
I0608 16:44:19.592818       1 grpc_attestor.go:485]      CredentialHash eb69332ed882285a3edf4357ca69d9414d456505caa0613ee088a50b8932986a
I0608 16:44:19.592832       1 grpc_attestor.go:487]      ContextSave (ek)
I0608 16:44:19.601864       1 grpc_attestor.go:500]      ContextLoad (ek)
I0608 16:44:19.608972       1 grpc_attestor.go:513]      LoadUsingAuth
I0608 16:44:19.617381       1 grpc_attestor.go:550]      AK keyName 0022000b2d0ec438a3e1cb164946caba8da92785dfe11f35e5da821e5dd03abd73f87d5f
I0608 16:44:19.621003       1 grpc_attestor.go:575]      akPubPEM: 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEQv5c+L4fBGy4OrraB/
lpNEMnw6qmpE5enKiudsRxtqzchccmBRoY3Ggtp6rJ2vFBzUzO1uOV7wLTu1iWyE
2AgJ6UDoH36Epd3ke3zFQp6CFprvOD+qb9n5X0tVBa30Ol3yoLy4GJ2skV1CgYLW
NOrFrk3YJtf0hFeocbQDoYoxUatVUfkX40elymf9gcCwoZYyXyQPwMr1ajVRCOuY
3bgHhjad6+Lp67TdIB1+3Kxs2F5Syvtdejf3qAClzUNVqsuI0xuVGQli4Kb827r+
fJQbXyd1TqdxItApQ3AfwzAmkqWdl2ECQ74RmSNkA/s6ZK0OSlARoXtAfkbGqwTG
4QIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.621058       1 grpc_attestor.go:577]      Write (akPub) ========
I0608 16:44:19.621193       1 grpc_attestor.go:583]      Write (akPriv) ========
I0608 16:44:19.621343       1 grpc_attestor.go:595]      Returning GetAK ========
I0608 16:44:19.640808       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.640829       1 grpc_attestor.go:607] ======= ActivateCredential ========
I0608 16:44:19.640834       1 grpc_attestor.go:608]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.640839       1 grpc_attestor.go:610]      ContextLoad (ek)
I0608 16:44:19.648695       1 grpc_attestor.go:623]      Read (akPub)
I0608 16:44:19.648780       1 grpc_attestor.go:629]      Read (akPriv)
I0608 16:44:19.656860       1 grpc_attestor.go:671]      keyName 0022000b2d0ec438a3e1cb164946caba8da92785dfe11f35e5da821e5dd03abd73f87d5f
I0608 16:44:19.656889       1 grpc_attestor.go:673]      ActivateCredentialUsingAuth
I0608 16:44:19.668098       1 grpc_attestor.go:726]      <--  activateCredential()
I0608 16:44:19.675814       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.675833       1 grpc_attestor.go:199] ======= Attest ========
I0608 16:44:19.675837       1 grpc_attestor.go:200]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.675842       1 grpc_attestor.go:207]      ContextLoad (ek) ========
I0608 16:44:19.683809       1 grpc_attestor.go:219]      LoadUsingAuth ========
I0608 16:44:19.686842       1 grpc_attestor.go:243]      Read (akPub) ========
I0608 16:44:19.686940       1 grpc_attestor.go:249]      Read (akPriv) ========
I0608 16:44:19.691142       1 grpc_attestor.go:263]      AK keyName 0022000b2d0ec438a3e1cb164946caba8da92785dfe11f35e5da821e5dd03abd73f87d5f
I0608 16:44:19.694416       1 grpc_attestor.go:270]      AK CachedKey Name 2d0ec438a3e1cb164946caba8da92785dfe11f35e5da821e5dd03abd73f87d5f
I0608 16:44:19.694444       1 grpc_attestor.go:274]      Getting EventLog from /root/binary_bios_measurements
I0608 16:44:19.736155       1 grpc_attestor.go:295]      Returning Attest ========
I0608 16:44:19.754199       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.754223       1 grpc_attestor.go:839] ======= PushSecret ========
I0608 16:44:19.754228       1 grpc_attestor.go:840]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.754237       1 grpc_attestor.go:843]      Loading EndorsementKeyRSA
I0608 16:44:19.769640       1 grpc_attestor.go:860]      Importing External Key
I0608 16:44:19.787904       1 grpc_attestor.go:866]      <-- End importKey()
I0608 16:44:19.787940       1 grpc_attestor.go:870]      Hash of imported Key bZeQ9G0KuKpHVwfZuobcMf7tL/ViU1maVaJCAY+QjfU=
I0608 16:44:19.792110       1 grpc_attestor.go:135] >> inbound request
I0608 16:44:19.792143       1 grpc_attestor.go:959] ======= PullRSAKey ========
I0608 16:44:19.792148       1 grpc_attestor.go:960]      client provided uid: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.792180       1 grpc_attestor.go:962] ======= Generate UnrestrictedKey ========
I0608 16:44:19.792185       1 grpc_attestor.go:964]      ContextLoad (ek) ========
I0608 16:44:19.799949       1 grpc_attestor.go:977]      Loading AttestationKey
I0608 16:44:19.806801       1 grpc_attestor.go:1018]      AK keyName: ACIACy0OxDij4csWSUbKuo2pJ4Xf4R815dqCHl3QOr1z+H1f,
I0608 16:44:19.807956       1 grpc_attestor.go:1045]      akPub PEM 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEQv5c+L4fBGy4OrraB/
lpNEMnw6qmpE5enKiudsRxtqzchccmBRoY3Ggtp6rJ2vFBzUzO1uOV7wLTu1iWyE
2AgJ6UDoH36Epd3ke3zFQp6CFprvOD+qb9n5X0tVBa30Ol3yoLy4GJ2skV1CgYLW
NOrFrk3YJtf0hFeocbQDoYoxUatVUfkX40elymf9gcCwoZYyXyQPwMr1ajVRCOuY
3bgHhjad6+Lp67TdIB1+3Kxs2F5Syvtdejf3qAClzUNVqsuI0xuVGQli4Kb827r+
fJQbXyd1TqdxItApQ3AfwzAmkqWdl2ECQ74RmSNkA/s6ZK0OSlARoXtAfkbGqwTG
4QIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.807985       1 grpc_attestor.go:1049]      ======= CreateKeyUsingAuthUnrestricted ========
I0608 16:44:19.812495       1 grpc_attestor.go:1082]      PCR [0] Value a0b5ff3383a1116bd7dc6df177c0c2d433b9ee1813ea958fa5d166a202cb2a85 
I0608 16:44:19.814167       1 grpc_attestor.go:1082]      PCR [7] Value f7c8a51aaf0d22c438fcaa3b617c2594bceffb22782cd8a3b96fcbe5ff4d0a2c 
I0608 16:44:19.913997       1 grpc_attestor.go:1097]      Unrestricted ukPub: 0001000b00040072000000100014000b0800000000000100c0e175ce93eeb9ec39df530cd2363ea3e6e4d92db0a2a40306a9ce4bfcb6765b60c8d4b141408a720d484e2f42ba18317b2f9f59d7784e617a9b38346fcbb0eada027d0620267d57e70a649962838965a0c9b7bff5dde3c69767efc850f7a60e15d9160cf056db19c7f58ab41f16a1cb6377ad39d6259fd160a85073d71f8bda7c672862d4847239db32b082a4ce2d60c2430334bc026bdb6dfaa51f81424be02c6d0c71143f86708ada0d75fbe4fb1fb8eec4133ff40b37b300dbebd0eb6459df74a31b6ada4ed018975418cf6ed822e6aac6bb757b4fe27a08fd6e597b28d2b98c6c33c6dd7dc81ab6d71714fbcc9c0a18ec1437fff78ec2d57213c9f5f33d,
I0608 16:44:19.914039       1 grpc_attestor.go:1098]      Unrestricted ukPriv: 00204d34f5527d14574d45aedde63c9e58704005b0d467196dcf560d3e30c89c0d7c00102b854d3aae55b0d282e4e29495e711f16d7b9e9628b699d54a8ce75d77e6858ef491a23e7fc24b8d7455fa7014e22efaddb8ac5f0dd191a7e30c98b905a034e32120dfe4f246b96b83573309594ee98b281cac7413d174052dd11f36c1d7ef9da0fd936275c2899eb5a028ea86039aaa075b5d8b74ec3cfd8eb793d01b8b3db6346dd89d09d379ac713945be930de52af83019836c11a403f98d51f3aeb17e25ae472079aa9e2a4b2f1feaddb38596997d2e1734288b0f26b713,
I0608 16:44:19.914057       1 grpc_attestor.go:1100]      Write (ukPub) ========
I0608 16:44:19.914205       1 grpc_attestor.go:1106]      Write (ukPriv) ========
I0608 16:44:19.922167       1 grpc_attestor.go:1143]      ukeyName: ACIAC5F5ctUIUWA3cLslbVUVmsxd9mmpav8aqmGU6+vqe3h9,
I0608 16:44:19.922239       1 grpc_attestor.go:1169]      uakPub PEM 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOF1zpPuuew531MM0jY+
o+bk2S2woqQDBqnOS/y2dltgyNSxQUCKcg1ITi9Cuhgxey+fWdd4TmF6mzg0b8uw
6toCfQYgJn1X5wpkmWKDiWWgybe/9d3jxpdn78hQ96YOFdkWDPBW2xnH9Yq0Hxah
y2N3rTnWJZ/RYKhQc9cfi9p8Zyhi1IRyOdsysIKkzi1gwkMDNLwCa9tt+qUfgUJL
4CxtDHEUP4ZwitoNdfvk+x+47sQTP/QLN7MA2+vQ62RZ33SjG2raTtAYl1QYz27Y
Iuaqxrt1e0/iegj9bll7KNK5jGwzxt19yBq21xcU+8ycChjsFDf/947C1XITyfXz
PQIDAQAB
-----END PUBLIC KEY-----
I0608 16:44:19.927726       1 grpc_attestor.go:1179]      Certify Attestation: ff54434780170022000b68f3824ce43321d7e2f4aee95611cc15d8ee6f50b4a3e69627289bd24478ee8d0000000000000015c96e0000000f000000000120160511001628000022000b917972d50851603770bb256d55159acc5df669a96aff1aaa6194ebebea7b787d0022000bc0383b88e0fda9feaff41525d7c36a80f0019279f7fb5062708cf28bae3df22a,
I0608 16:44:19.927782       1 grpc_attestor.go:1180]      Certify Signature: 4fa286c50fc0b8c54bd208b13672f5c1e2f2f80eebc1db77b920e35ac72a10e760c94070d18732a104999067738133b79c099af782ebbd034b0750bb06890c41faf0174206abfb296f5a591eb92eee6861beedda18ed06b6a438452b5fb7ccfc51a335527951d9376e799f3a63503589644387d35dc51ab724d07ba1c9cb1208d0e4534a2af7d4a30cd0522a8a18db70408fb4d0a9989483f9f8f3ad16c8b2adabd60c7fef3dfbc7dcff11bb26787ad6400a7fab45e5b608ad43f8ce544bd7303beeafff4951e26a85555ca1afe9abedc5db84835b92dfa51045534ca9500ddbbb6a780796c1b17aec00875f28515c9918f880d8daee8731e023a101561fc322,
I0608 16:44:19.928897       1 grpc_attestor.go:1185]      Data to sign: 369c327d-ad1f-401c-aa91-d9b0e69bft67
I0608 16:44:19.935420       1 grpc_attestor.go:1201]      Test Signature:  PFaCe+Ly2/T5ySzAZRzoDNDMndsqO4N6XvCTypwLawIiJtpal8qtELzK+H4YbDeewal9XtlBnYcYMNfYzRU8NgdtiGYEGcLsghpqjss9yVX740gCVjc4ChmIjn6Gf9eJyXspS/5Cj604pEi166DZBn+lSLSeQ443Tr/Vt+gXzdx6+u+bN8LRTXss9p9rU3KtGuRgO4964nPowBINg8H2jtbg2L5hvQ6NGsP3HIEVfgzMSfgwYQ6ch5uujMdeytyYh0+HZNHAz/Q/ke233EXB6xyL0FaFaE3PriDxVILz4b3W7YmbV7uSHs6m/9x1BTwZaGVjUGf0vMCaD9ZDrEEbow
I0608 16:44:19.935464       1 grpc_attestor.go:1204]      Read and Decode (attestion)
I0608 16:44:19.935542       1 grpc_attestor.go:1244]      Attestation : MatchesPublic true
I0608 16:44:19.935582       1 grpc_attestor.go:1245]      Attestation att.AttestedCertifyInfo.Name: kXly1QhRYDdwuyVtVRWazF32aalq/xqqYZTr6+p7eH0=
I0608 16:44:19.935610       1 grpc_attestor.go:1253]      Decoding PublicKey for AK ========
I0608 16:44:19.935771       1 grpc_attestor.go:1282]      Signature Verified
I0608 16:44:19.935827       1 grpc_attestor.go:1297]      Returning PullRSAKeyResponse
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment