CCA config improvements (!88) · Merge requests · Tooling / shrinkwrap · GitLab

Jean-Philippe Brucker requested to merge jbru/buildroot-cca into main Dec 09, 2024

Add a few config options that are useful when running the CCA software stack:

CONFIG_ARM_CCA_GUEST driver that provides attestation token
CONFIG_HZ_100 to accelerate guest boot
Fixed build timestamp for a locally reproducible kernel build (avoid changing the Realm Initial Measurement after every make)

And add buildroot-cca.yaml, which makes a buildroot image containing tools and configuration for testing remote attestation:

cca-workload-attestation queries linux configfs-tsm for attestation token, optionally send it to a verifier
keybroker-app demonstrate a keybroker interaction with remote attestation
a script to launch a VM with predictable initial measurements This uses an external buildroot configuration repo shared with the Linaro CCA stack