Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update eif_build tool #39

Merged
merged 4 commits into from
Jan 16, 2025
Merged

Update eif_build tool #39

merged 4 commits into from
Jan 16, 2025

Conversation

atanzu
Copy link
Contributor

@atanzu atanzu commented Jan 8, 2025
edited
Loading

Issue #, if available:
aws/aws-nitro-enclaves-cli#204
#34

Description of changes:
This is a updated version of #20 because it needed to be rebased and split between the library part and the binary tool

We extend EIF building functionality with additional option of signing EIF files with KMS.
sign_info parameter of EifBuilder now turned to a structure that contains enum for the signing key.
This enum can be represented as local private key (previous functionality) or KMS signing key (implemented in COSE library).

This PR contains the following changes:

  • Updates dependency aws-nitro-enclaves-image-format to 0.4.
  • Bumps MSRV to 1.71 so the library and binary crates use the same Rust version.
  • Updates eif_build with the new command line arguments:
    • kms-key-id: ARN of the KMS key to be used to sign the EIF.
    • kms-key-region: region of the KMS key.
    • algo: algorithm to use for measurements, possible values: sha256, sha384, sha512.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@atanzu atanzu force-pushed the update_eif_build_tool branch from 381ff72 to 350cf1d Compare January 8, 2025 13:51
@atanzu atanzu marked this pull request as ready for review January 8, 2025 13:53
@atanzu atanzu force-pushed the update_eif_build_tool branch from 350cf1d to bee6f49 Compare January 15, 2025 09:44
eugkoira
eugkoira reviewed Jan 15, 2025
View reviewed changes
eugkoira
eugkoira reviewed Jan 15, 2025
View reviewed changes
meerd
meerd reviewed Jan 15, 2025
View reviewed changes
atanzu added 3 commits January 15, 2025 12:02
@atanzu
Update eif_build to use image format v0.4
6c09013 
This commit updates `aws-nitro-enclaves-image-format` to 0.4 and
modifies the source code to make it buildable with this updated
dependency.

Signed-off-by: Mark Kirichenko <[email protected]>
@atanzu
Bump Rust version to 1.71 for eif_build
2f45656 
This commit bumps MSRV to 1.71 in order to support the same MSRV as for
`aws-nitro-enclaves-image-format` library.

Signed-off-by: Mark Kirichenko <[email protected]>
@atanzu
Pack parameters of build_eif into a struct
2c8d879 
This commit packs parameters of function `eif_build` into a structure in
order to reduce number of parameters it takes.

Signed-off-by: Mark Kirichenko <[email protected]>
@atanzu atanzu force-pushed the update_eif_build_tool branch from bee6f49 to d816d7e Compare January 15, 2025 12:45
@atanzu
Allow to specify hashing algorithm
a67ae47 
This commit adds a new command line option `--algo` for `eif_build` tool
which allows to specify the hashing algorithm used to measure the image.

Signed-off-by: Mark Kirichenko <[email protected]>
@atanzu atanzu force-pushed the update_eif_build_tool branch from d816d7e to a67ae47 Compare January 15, 2025 12:47
@atanzu atanzu requested review from eugkoira and meerd January 15, 2025 12:49
@atanzu atanzu merged commit 1edaf99 into main Jan 16, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@meerd meerd meerd approved these changes

@eugkoira eugkoira eugkoira approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@atanzu @meerd @eugkoira