From 424cda05a50050d81d33d9c96a1e6cf5f2d13572 Mon Sep 17 00:00:00 2001 From: Anton Antonov Date: Mon, 21 Jul 2025 15:20:01 +0000 Subject: [PATCH] Small fixes in Get Started with CCA Attestation and Veraison LP 1. sudo is required to write into /usr/local/ 2. use jq to produce human-readable json 3. arc --color parameter is not supported on some terminals Signed-off-by: Anton Antonov --- .../cca-veraison/attestation-token.md | 4 ++-- .../cca-veraison/attestation-verification.md | 4 ++-- .../cca-veraison/evaluate-result.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md index 49c7573f1c..342c49d5a0 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-token.md @@ -13,10 +13,10 @@ In this section, you will obtain an example CCA attestation token. To set up the First, start by removing any existing Go installation. Next, obtain the install files and run the following command: ```bash -rm -rf /usr/local/go +sudo rm -rf /usr/local/go wget https://go.dev/dl/go1.23.3.linux-$(dpkg --print-architecture).tar.gz -tar -C /usr/local -xzf go1.23.3.linux-$(dpkg --print-architecture).tar.gz +sudo tar -C /usr/local -xzf go1.23.3.linux-$(dpkg --print-architecture).tar.gz ``` Export the installation path and add it to your `$PATH environment` variable: diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md index ff56474c4e..98e2ef27c5 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/attestation-verification.md @@ -16,7 +16,7 @@ The URL for reaching this experimental verifier service is https://veraison.test To check that you can reach the Linaro attestation verifier service, run the following command: ```bash -curl https://veraison.test.linaro.org:8443/.well-known/veraison/verification +curl https://veraison.test.linaro.org:8443/.well-known/veraison/verification | jq ``` This is a simple call to query the well-known characteristics of the verification service. If it succeeds, it will return a JSON response that looks something like this: @@ -63,7 +63,7 @@ If you can reach the verification service, you are now ready to use it to evalua One of the properties that was returned in the previous step was the public key of the verification service. This key will be needed later to check the signature on the attestation results. All that is needed in this step is to copy the contents of the `ear-verification-key` field from the previous step and save it to a separate JSON file. -The easiest way to do this is to use the `jq` utility. +The easiest way to do this is to use the `jq` utility. You can save the public key by repeating the curl command from the previous step and use `jq` to filter the response down to just the public key part. Save it into a file called `pkey.json`: ```bash diff --git a/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md b/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md index f86747886c..44e92ee955 100644 --- a/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md +++ b/content/learning-paths/servers-and-cloud-computing/cca-veraison/evaluate-result.md @@ -34,7 +34,7 @@ The attestation result is a JWT file, which stands for JSON Web Token. This mean The following command will use the `arc` tool, which you built in the previous step, to verify the cryptographic signature on the attestation result, and display the result in a human-readable format: ```bash -./arc verify --pkey $HOME/pkey.json --color $HOME/attestation_result.jwt +./arc verify --pkey $HOME/pkey.json $HOME/attestation_result.jwt ``` This command produces quite a lot of output. However, you will notice that a large amount of the output simply reflects the contents of the CCA attestation token that you inspected earlier with the evcli tool. The most interesting part of the output is towards the bottom, and should look like this: