#1091 integrated an attestation server, that, in the product, talks to sled-agent, which in turns talks to the RoT. In development of this feature, we relied heavily on mock RoT in the vm-attest crate, which was used to develop demos and iteratively develop MVP VM attestation.
To make PhD work, we simply do not have an attestation server for propolis-server in this case:
|
let attest_config = match propolis_addr.ip() { |
|
IpAddr::V4(_) => None, |
|
IpAddr::V6(ipv6_addr) => { |
|
let sled_subnet = Ipv6Subnet::< |
|
{ omicron_common::address::SLED_PREFIX }, |
|
>::new(ipv6_addr); |
|
let sa_addr = |
|
omicron_common::address::get_sled_address(sled_subnet); |
|
|
|
Some(AttestationServerConfig::new(sa_addr)) |
(Even if the propolis-server run by PhD had an IPv6 address, it wouldn't have sled-agent, so we would still need to handle this for the phd tests).
It would be nice to add support for using the "mock" RoT to propolis-server for our testing. #1068 may be good to pair with this work.
#1091 integrated an attestation server, that, in the product, talks to sled-agent, which in turns talks to the RoT. In development of this feature, we relied heavily on mock RoT in the vm-attest crate, which was used to develop demos and iteratively develop MVP VM attestation.
To make PhD work, we simply do not have an attestation server for propolis-server in this case:
propolis/bin/propolis-server/src/main.rs
Lines 326 to 335 in 2c9d705
(Even if the propolis-server run by PhD had an IPv6 address, it wouldn't have sled-agent, so we would still need to handle this for the phd tests).
It would be nice to add support for using the "mock" RoT to propolis-server for our testing. #1068 may be good to pair with this work.