Skip to content

Refactor protobuf messages #198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Refactor protobuf messages #198

wants to merge 1 commit into from

Conversation

rgerganov
Copy link
Collaborator

Introduce new protobuf messages which encapsulate various evidence packages which are being sent to the Certifier Service. Using separate message types for each platform is less error-prone and allows extensibility.

rgerganov
rgerganov commented Sep 26, 2023
View reviewed changes
certifier_service/certprotos/certifier.proto
authentication = 0;
attestation = 1;
};

message trust_request_message {
optional string requesting_enclave_tag = 1;
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need this and the next one?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

jlmucb
jlmucb requested changes Sep 26, 2023
View reviewed changes
Copy link
Collaborator

@jlmucb jlmucb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not refactor it this way right now. The evidence packages can change, for example, there could be a cert chain for some of the platforms. Also, there not be one evidence package format even for a single platform. (i.e.- someone could specify rules in an alternative format even for the same platform).

I like the idea but could we talk before doing this?

Are these changes needed for some functional reason or just to beautify?

@rgerganov
Copy link
Collaborator Author

This refactoring will enable adding support for NVIDIA H100. The current way of sending evidence to the Certifier Service is very error-prone and I don't see why we should keep doing it like that:

  • using hard-coded strings for evidence type is bad; these strings are not part of the protocol definition and need to be hard-coded in both C++ and Go
  • relying on implicit list order is even worse; for SEV-SNP there is an implicit assumption that certificates are ordered ARK,ASK,VCEK in the evidence package and there is no way find this out from the protocol definition
  • using string literals instead of enums is also bad practice

My proposal is to fix this before adding more technical debt by following the current pattern for new platforms like NVIDIA.

@rgerganov
Refactor protobuf messages
3a211ae 
Introduce new protobuf messages which encapsulate various evidence
packages which are being sent to the Certifier Service. Using separate
message types for each platform is less error-prone and allows
extensibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlmucb jlmucb jlmucb requested changes

@yelvmw yelvmw Awaiting requested review from yelvmw

@gapisback gapisback Awaiting requested review from gapisback

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rgerganov @jlmucb @vmwclabot