Attestation Agent (aka AA) is a service for the attestation procedure in Confidential Computing. It provides several kinds of service APIs related to attestation.
This repository packages AA into an easy-to-use image.
For more details, please visit the upstream of Attestation Agent.
AA offers 2 kinds of interface, gRPC and ttrpc. Please choose the corresponding Dockerfile to build your AA image.
- Ensure Docker is installed on your system
# download the source
git clone --recurse-submodules \
https://github.com/inclavare-containers/attestation-agent.git && \
cd attestation-agent
# build AA image with gRPC interface
make build-grpc
# build AA image with ttrpc interface
make build-ttrpcIn order to build AA with the specific commit, please set the environment
variable AA_COMMIT to build. Run make help to get the full help information.
gRPC or ttrpc image runs in a slightly different way.
- Ensure Docker is installed on your system
- AA image is installed
- The running platform supports a CPU-TEE, including:
- Intel TDX
- Intel SGX
- AMD SEV-SNP
- Azure SEV-SNP CVM
- Azure TDX CVM
- Arm Confidential Compute Architecture (CCA)
You can modify the configuration of AA by setting the following environment variables when starting the container.
- Usage: specify the KBC type and KBS address
- Optional Value: AA_KBC_PARAMS=cc_kbc::{KBS_address}
- Default Value: AA_KBC_PARAMS=cc_kbc::http://127.0.0.1:8085
- Usage: determine log level.
- Optional Value: RUST_LOG={error, warn, info, debug, trace}
- Default Value: RUST_LOG=debug
Run attestation-agent:grpc image.
docker run -d \
-p 50002:50002 \
--name attestation-agent-grpc attestation-agent:grpcRun attestation-agent:ttrpc image.
docker run -d \
-v /run/confidential-containers/attestation-agent/:/run/confidential-containers/attestation-agent/ \
--name attestation-agent-ttrpc attestation-agent:ttrpc
