Skip to content

trustee: Configure reference values based on all possible PCR combinations#116

Open
bgartzi wants to merge 13 commits into
trusted-execution-clusters:mainfrom
bgartzi:pcr_combination
Open

trustee: Configure reference values based on all possible PCR combinations#116
bgartzi wants to merge 13 commits into
trusted-execution-clusters:mainfrom
bgartzi:pcr_combination

Conversation

@bgartzi

@bgartzi bgartzi commented Dec 22, 2025

Copy link
Copy Markdown
Member

Now the compute-pcrs library supports computing PCR value combinations. In other words, given all events from image A and image B (where some of the components got updated), it computes all possible PCRs of the intermediate states that a node could go through during an update from image A to image B.

While implementing this I found a compute-pcrs bug that this PR relies on: trusted-execution-clusters/compute-pcrs#56

For now, I added a workaround commit that is not signed-off-by me. Once the compute-pcrs library gets merged, I will update this PR.

Another discussion topic that comes to my mind is how unit tests are implemented to face this new integration. They sure could be way more isolated from compute-pcrs, which I will update if relevant.

@Jakob-Naucke

Copy link
Copy Markdown
Member

@bgartzi because the recent changes to compute-pcrs-lib are incompatible, I am ignoring it for dependabot or it keeps updating (see #121). Hoping that none of us forget it, reminder for you and myself to unignore it after this PR (@dependabot unignore compute-pcrs-lib, not sure if required to be upon a dependabot PR). Thanks!

@bgartzi

bgartzi commented Jan 16, 2026

Copy link
Copy Markdown
Member Author

Except for the flagged commit that I will remove as soon as the fix (trusted-execution-clusters/compute-pcrs#62) lands compute-pcrs and I update the pointer to the right lib version, I think this is finally ready for review.

@bgartzi bgartzi changed the title DRAFT: trustee: Configure reference values based on all possible PCR combinations trustee: Configure reference values based on all possible PCR combinations Jan 16, 2026
@bgartzi

bgartzi commented Jan 16, 2026

Copy link
Copy Markdown
Member Author

Note that the followed approach just impacts the amount of reference values. It does not impact the amount of pcrs stored in the image-pcrs configmap. Although it gets the job done, it's not trivial to track where those reference values came from.

Not sure if this is what you had in mind, or populating both rvs and image-pcrs with all possible combinations would be preferred.

@Jakob-Naucke Jakob-Naucke left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice. A few comments.

Comment thread Cargo.toml
[workspace.package]
edition = "2024"
rust-version = "1.85"
rust-version = "1.88"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We usually sync buildroot, so I'm open to moving to 1.92 right away.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On this regard: I needed to also update some Containerfiles to build onto buildroot:fedora instead of just buildroot (which I think implicitly implied buildroot:latest).

Comment thread operator/src/test_utils.rs Outdated
Comment thread api/trusted-cluster-gen.go Outdated
Comment thread api/trusted-cluster-gen.go
Comment thread tests/trusted_execution_cluster.rs Outdated
@bgartzi

bgartzi commented Jan 20, 2026

Copy link
Copy Markdown
Member Author

Fixing latest conflicts...


ARG build_type
FROM ghcr.io/trusted-execution-clusters/buildroot AS builder
FROM ghcr.io/trusted-execution-clusters/buildroot:fedora AS builder

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:latest and :fedora point to Fedora 43 images that are apparently different, but I don't even know how they're different. Is there a difference that matters to this PR?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There was not, until I set the minimum rust version to 1.92: :latest fails to build as it still holds 1.91.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Not for this PR but frankly we should yank a :latest that isn't being updated

Comment thread operator/src/test_utils.rs
@bgartzi

bgartzi commented Jan 23, 2026

Copy link
Copy Markdown
Member Author

This version:

  • Rebase fixing conflicts
  • Addresses some of the comments on macros/constants on integration tests
  • Fixes an issue I found in which equally valued reference values would be repeated in the trustee data configmap.

Still, the buildroot:latest vs buildroot:fedora discussion and research remains.


ARG build_type
FROM ghcr.io/trusted-execution-clusters/buildroot AS builder
FROM ghcr.io/trusted-execution-clusters/buildroot:fedora AS builder

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Not for this PR but frankly we should yank a :latest that isn't being updated

Comment thread tests/trusted_execution_cluster.rs Outdated
@bgartzi bgartzi force-pushed the pcr_combination branch from 8a8439d to bd7ee37 Compare July 9, 2026 10:50
@bgartzi

bgartzi commented Jul 9, 2026

Copy link
Copy Markdown
Member Author

Now extra approved images can be also pre-pulled, defaults to the secondary approved image pulled in the combination integration test and integration tests in github pre-pull images first.

@Jakob-Naucke Jakob-Naucke left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

urgh, two start failures in the test (probably not your fault) and a stop failure (fix is coming soon). I'll try and improve these soon.

Comment thread scripts/pre-pull-images.sh Outdated
Comment on lines +24 to +26
pull_approved_image "$APPROVED_IMAGE" $index

for image in $EXTRA_APPROVED_IMAGES; do

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a fan of the extra env. I'd rather keep these out of the Makefile, put a const for the test image at the top of tests/trusted_execution_cluster.rs, and grep-sed for that here, WDYT?

Suggested change
pull_approved_image "$APPROVED_IMAGE" $index
for image in $EXTRA_APPROVED_IMAGES; do
combined_pcrs_test_image=$(grep "const COMBINED_PCRS_TEST_IMAGE" tests/trusted_execution_cluster.rs | \
sed -E 's/.*"(.*)";/\1/')
for image in "$APPROVED_IMAGE" "$combined_pcrs_test_image"; do

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

skipped the for, but I can put it there. You tell me.

@bgartzi bgartzi force-pushed the pcr_combination branch from bd7ee37 to db72022 Compare July 9, 2026 14:57

@Jakob-Naucke Jakob-Naucke left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, I like it. @alicefr PTAL too bc it's pretty big

@openshift-ci openshift-ci Bot added the lgtm label Jul 10, 2026
@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: bgartzi, Jakob-Naucke

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Comment on lines +204 to +205
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("coreos-%d", i),

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we use something different then the index? maybe the instead the approvedImage with the / and :replaced by -. Or do we have a limit in the name lenght?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also coreos wasn't great by the way

Comment thread test_utils/src/constants.rs Outdated
Comment on lines +11 to +15
#[macro_export]
macro_rules! expected_pcr7_hash {
() => {{ "b3a56a06c03a65277d0a787fcabc1e293eaa5d6dd79398f2dda741f7b874c65d" }};
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, do we expect these constant to remain always the same or do we need to modify them for example when we upgrade the fedora version of the approved image?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They might change with approved images, specially pcr4. If we'd like to parametrize this so we could hardcode this upper in the stack, such as in the makefile, the problem wouldn't be passing pcr values, but the events of each of them.

Comment thread tests/trusted_execution_cluster.rs Outdated
named_test! {
async fn test_combined_image_pcrs_configmap_updates() -> anyhow::Result<()> {
let test_ctx = setup!([
"quay.io/trusted-execution-clusters/fedora-coreos@sha256:372a5db90a8695fafc2869d438bacd7f0ef7fd84f63746a450bfcd4b8b64ae83",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question, how do we upgrade this? Should it make sense to move the definition out of the test and put an env variable. Same question, how do we get the expected pcr value.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, it's just a second version for testing that combination works, we can probably leave it for a few years. It's not a moving target like FCOS versions.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As soon as we want to write another test that handles 2 approved images and their upgrade path, yes. We can get ahead of time and put it that way if you want. I don't have a personal choice.

When it comes to upgrades, if we would like to change the image to a completely new one, we need to boot a VM with that image, check the tpm event log and look for shim, grub and kernel related events. Then we need to compute possible combinations, which include primary bootloader + secondary kernel and secondary bootloader + primary kernel.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we document in a comment how we build this image and describe how we extracted the pcrs values. At least, we won't forget it

use trusted_cluster_operator_test_utils::constants::*;
use trusted_cluster_operator_test_utils::*;

const COMBINE_PCRS_UPDATE_TEST_IMAGE: &str = "quay.io/trusted-execution-clusters/fedora-coreos@sha256:372a5db90a8695fafc2869d438bacd7f0ef7fd84f63746a450bfcd4b8b64ae83";

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is make sense to squash the definition of this image in the commit where this was introduced

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you also mean the pre-pull logic? Just the const definition, right?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the const definition

@alicefr

alicefr commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@bgartzi I did a first pass, the only part that worries me is how we update the various hardcoded pcrs values and the second image when we upgrade the whole setup

@openshift-ci openshift-ci Bot removed the lgtm label Jul 13, 2026
@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown

New changes are detected. LGTM label has been removed.

@bgartzi

bgartzi commented Jul 13, 2026

Copy link
Copy Markdown
Member Author

still struggling to remember I have to sign commits sorry.

@alicefr:

@bgartzi I did a first pass, the only part that worries me is how we update the various hardcoded pcrs values and the second image when we upgrade the whole setup

The problem is we could automate this using the compute-pcrs library somewhere in CI or makefile, but that would somehow break the purpose of the end to end test. If we really wish to test the whole stack, we need to boot a VM with the tested images, extract all pcr events and hashes, then update the values. We could automate it, but it is not precisely trivial.

bgartzi added 13 commits July 14, 2026 18:50
And update those crates that were making use of it. Later we will also
use it in some other crates.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
I broke some of the compute-pcrs' lib APIs, so apart from just pointing
into a newer commit, we also need to tweak a couple of things here and
there.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
trustee tests were relying on some values that didn't hold any TPMEvent
or any PCR value that related to them.

This commit turns those dummy values into something that are closer to
something we could expect in reality.

The main reason to do this is that the compute-pcrs logic does not like
empty event PCRs, as it's based on that to reconstruct them.

This goes against the purpose of a unit test, as we should actually mock
that external part so as not to rely on it, but decided this was simpler
at least as an initial proposal.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Update trustee reference values with all possible combinations between
approved PCR values, not just those that come directly from image PCRs.

This computes reference values for possible stages during node updates
in which a node could be booting some components from image A and some
other from image B.

This commit also adds a test to check that pcr4 is well covered in front
of bootloader and kernel updates. The test is closer to an integration
test than to an unit-test as it relies on values that are close to real
values, and how the compute-pcrs lib's combine_images processes them.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Support the possibility of generating CRs for multiple approved images.
These are stored sepparately in different yaml files.

This changes the way trusted-cluster-gen names approved_image_cr.yaml
files, as it's not just one, but many of them that can be marshalled.
That's why test dependencies are updated to also be able to handle
multiple approved image CRs.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Refactor the logic that was verifying expected image pcrs in
test_image_pcrs_configmap_updates as a method of TestContext.

It also slightly changes the logic of the poller to stop when the length
of pcrs equals the one expected.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
The compute pcrs job was computing pcr7 based on the guest OS
information. However, PCR7 is mainly affected by the EFI variables,
which are configured by the platform, or virtualization host.

As we lack a proper way to retrieve the EFI vars of the platform that
nodes are running on, we don't attest pcr7, so we should just not
compute it.

This commit removes the bits that computed pcr7 in the compute-pcrs job
and those that checked it during integration tests. It leaves the test
logic covering pcr7 in operator/src/trustee.rs as it should be agnostic
to whatever pcr prediction comes in.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
These could be used by other tests too. Make it a macro so it can be
reused, and define a few more macros for standard TPMEvents and PCR
values that are constant across integration tests at the moment, such as
PCR7 and PCR14.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Add an integration test in which 2 approved images with different
bootloader and kernel are added to the cluster. This emulates the
situation in which a coreos image could be undergoing a bootloader and
kernel update.

The test checks that 2 images are added to the image pcr config map, and
then checks that the reference values contain all possible pcr4
combinations. pcr7 and pcr14 are constant in this case, so there are not
combinations possible (apart from the original value).

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
The logic checking that the image-pcrs configmap was populated moved
into using await_condition instead of a poller. Some conditions were
checked twice inside of the actual condition and subsequent assertions.
This commit removes those assertions in favor of the await call.

Moreover, it makes more sense from a stability point of view to wait for
the whole condition to happen, as it could be the case that a Nth image
is approved, and we run all the assertions (and fail) because only one
of the N images was found in the configmap. This way, the tests will
wait until the expected images of all approved images are present.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Some integration tests might run on more approved images. Find which it
is based on the test file then pre-pull it.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Assisted-By: Claude Opus 4.6 <noreply@anthropic.com>
This help not hitting some test timeouts due to images not being pulled
quickly enough.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
Covering the primary and secondary approved images and also possible
combinations between the two of them.

Signed-off-by: Beñat Gartzia Arruabarrena <bgartzia@redhat.com>
@openshift-ci

openshift-ci Bot commented Jul 14, 2026

Copy link
Copy Markdown

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants