Skip to content

Refactor protobuf messages#198

Draft
rgerganov wants to merge 1 commit intomainfrom
protobuf-refactor
Draft

Refactor protobuf messages#198
rgerganov wants to merge 1 commit intomainfrom
protobuf-refactor

Conversation

@rgerganov
Copy link
Collaborator

@rgerganov rgerganov commented Sep 26, 2023

Introduce new protobuf messages which encapsulate various evidence packages which are being sent to the Certifier Service. Using separate message types for each platform is less error-prone and allows extensibility.

rgerganov
rgerganov commented Sep 26, 2023
View reviewed changes
certifier_service/certprotos/certifier.proto
};

message trust_request_message {
optional string requesting_enclave_tag = 1;
Copy link
Collaborator Author

@rgerganov rgerganov Sep 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need this and the next one?

Copy link
Collaborator

@jlmucb jlmucb Sep 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

jlmucb
jlmucb requested changes Sep 26, 2023
View reviewed changes
Copy link
Collaborator

@jlmucb jlmucb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would not refactor it this way right now. The evidence packages can change, for example, there could be a cert chain for some of the platforms. Also, there not be one evidence package format even for a single platform. (i.e.- someone could specify rules in an alternative format even for the same platform).

I like the idea but could we talk before doing this?

Are these changes needed for some functional reason or just to beautify?

@rgerganov
Copy link
Collaborator Author

rgerganov commented Sep 27, 2023

This refactoring will enable adding support for NVIDIA H100. The current way of sending evidence to the Certifier Service is very error-prone and I don't see why we should keep doing it like that:

  • using hard-coded strings for evidence type is bad; these strings are not part of the protocol definition and need to be hard-coded in both C++ and Go
  • relying on implicit list order is even worse; for SEV-SNP there is an implicit assumption that certificates are ordered ARK,ASK,VCEK in the evidence package and there is no way find this out from the protocol definition
  • using string literals instead of enums is also bad practice

My proposal is to fix this before adding more technical debt by following the current pattern for new platforms like NVIDIA.

@rgerganov
Refactor protobuf messages
3a211ae 
Introduce new protobuf messages which encapsulate various evidence
packages which are being sent to the Certifier Service. Using separate
message types for each platform is less error-prone and allows
extensibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jlmucb jlmucb jlmucb requested changes

@yelvmw yelvmw Awaiting requested review from yelvmw

@gapisback gapisback Awaiting requested review from gapisback

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

cla-not-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rgerganov @jlmucb @vmwclabot