Skip to content

push-model: implement continuous attestation with configurable intervals #1066

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 4, 2025
Merged

push-model: implement continuous attestation with configurable intervals #1066

merged 1 commit into from
Aug 4, 2025

Conversation

@sergio-correia
Copy link
Contributor

@sergio-correia sergio-correia commented Jul 31, 2025
edited
Loading

After the first successful attestation, the agent now waits for a
configurable interval before repeating the attestation process by
returning to the Negotiating state, creating a continuous attestation
loop.

The interval between the attestations is currently fixed, but in the
future, the verifier will provide this information in its response to
the attestation, so we can parse it from there and use it instead.

Currently, the interval between sending the measurements is defined
as 60s, but can be configured with the --attestation-interval-seconds
switch.

@sergio-correia sergio-correia marked this pull request as draft July 31, 2025 08:18
@codecov
Copy link

codecov bot commented Jul 31, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 22.72727% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.21%. Comparing base (d7003ab) to head (96ea82c).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
keylime-push-model-agent/src/state_machine.rs 7.69% 12 Missing ⚠️
keylime-push-model-agent/src/attestation.rs 42.85% 4 Missing ⚠️
keylime-push-model-agent/src/main.rs 50.00% 1 Missing ⚠️
Additional details and impacted files
Flag Coverage Δ
e2e-testsuite 58.21% <22.72%> (-0.69%) ⬇️
upstream-unit-tests 58.21% <22.72%> (-0.69%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
keylime-push-model-agent/src/main.rs 41.33% <50.00%> (-0.56%) ⬇️
keylime-push-model-agent/src/attestation.rs 44.92% <42.85%> (-16.15%) ⬇️
keylime-push-model-agent/src/state_machine.rs 15.32% <7.69%> (-28.62%) ⬇️

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sergio-correia sergio-correia marked this pull request as ready for review July 31, 2025 19:05
@sergio-correia sergio-correia marked this pull request as draft August 1, 2025 09:11
sarroutbi
sarroutbi reviewed Aug 1, 2025
View reviewed changes
Copy link
Contributor

@sarroutbi sarroutbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, define const values to avoid "magic numbers":

measurement_interval_seconds: 60, -> measurement_interval_seconds: DEFAULT_MEASUREMENT_INTERVAL_SECONDS

@sergio-correia sergio-correia changed the title push-model: add new state for continuous attestation push-model: implement continuous attestation with configurable intervals Aug 1, 2025
@sergio-correia sergio-correia marked this pull request as ready for review August 1, 2025 18:41
@sergio-correia
push-model: implement continuous attestation with configurable intervals
96ea82c 
After the first successful attestation, the agent now waits for a
configurable interval before repeating the attestation process by
returning to the Negotiating state, creating a continuous attestation
loop.

The interval between the attestations is currently fixed, but in the
future, the verifier will provide this information in its response to
the attestation, so we can parse it from there and use it instead.

Currently, the interval between sending the measurements is defined
as 60s, but can be configured with the --attestation-interval-seconds
switch.

Signed-off-by: Sergio Correia <scorreia@redhat.com>
ansasaki
ansasaki approved these changes Aug 4, 2025
View reviewed changes
Copy link
Contributor

@ansasaki ansasaki left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I tested the continuous attestation against current state of the Verifier from the keylime/keylime#1693 and it worked well in the happy execution path.

@ansasaki ansasaki merged commit b0a796f into keylime:master Aug 4, 2025
11 of 12 checks passed
@sergio-correia sergio-correia deleted the continuous branch August 18, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarroutbi sarroutbi sarroutbi left review comments

@ansasaki ansasaki ansasaki approved these changes

Assignees

@sarroutbi sarroutbi

@ansasaki ansasaki

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sergio-correia @sarroutbi @ansasaki