Skip to content

Commit

Permalink
Merge pull request #6 from OpenSecretCloud/remove-lingering-azure
Browse files Browse the repository at this point in the history
Remove lingering azure
  • Loading branch information
AnthonyRonning authored Feb 11, 2025
2 parents 1942a56 + 97f3fde commit 3ee7828
Show file tree
Hide file tree
Showing 6 changed files with 4 additions and 213 deletions.
39 changes: 0 additions & 39 deletions docs/nitro-deploy.md
Original file line number Diff line number Diff line change
Expand Up @@ -779,45 +779,6 @@ A restart should not be needed but if you need to:
sudo systemctl restart vsock-billing-proxy.service
```

### Continuum Attestation Updator

We need to run a script on the parent that updates the URL for the continuum azure attestation endpoint.

On the parent:

```
scp update_continuum_url.sh ec2-user@[aws-parent-instance-ip]:~/
```

```
sudo vim /etc/systemd/system/update-continuum-url.service
```

```
[Unit]
Description=Update Continuum URL Service
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/home/ec2-user/update_continuum_url.sh
User=ec2-user
Group=ec2-user
Type=simple
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
```

```
sudo systemctl daemon-reload
sudo systemctl enable update-continuum-url.service
sudo systemctl start update-continuum-url.service
sudo systemctl status update-continuum-url.service
```

## KMS Key

You need to create an AWS KMS key that the enclave can encrypt/decrypt things to. Name it according to your environment:
Expand Down
8 changes: 0 additions & 8 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -359,14 +359,6 @@ else
log "AMD KDS Interface connection failed"
fi

# Test the connection to Azure Attestation
log "Testing connection to Azure Attestation:"
if timeout 5 bash -c '</dev/tcp/127.0.0.7/443'; then
log "Azure Attestation connection successful"
else
log "Azure Attestation connection failed"
fi

# Test the connection to GitHub
log "Testing connection to GitHub:"
if timeout 5 bash -c '</dev/tcp/127.0.0.9/443'; then
Expand Down
12 changes: 0 additions & 12 deletions justfile
Original file line number Diff line number Diff line change
Expand Up @@ -187,18 +187,6 @@ update-continuum-proxy:
{{container}} cp "${containerID}":/bin/privatemode-proxy ./continuum-proxy && \
{{container}} rm "${containerID}"

# SCP the update_continuum_url.sh script to the AWS parent instance (dev)
scp-update-continuum-url-dev:
scp -i $DEV_SSH_KEY update_continuum_url.sh $DEV_SERVER:~/

# SCP the update_continuum_url.sh script to the AWS parent instance (prod)
scp-update-continuum-url-prod:
scp -i $PROD_SSH_KEY update_continuum_url.sh $PROD_SERVER:~/

# SCP the update_continuum_url.sh script to the AWS parent instance (preview)
scp-update-continuum-url-preview:
scp -i $PREVIEW_SSH_KEY update_continuum_url.sh $PREVIEW_SERVER:~/

### Enclave Management ###

# Terminate the running enclave (dev)
Expand Down
4 changes: 2 additions & 2 deletions pcrDev.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"HashAlgorithm": "Sha384 { ... }",
"PCR0": "0042958bde1fdd1bcbd4085ec94456c49e7bc5d2c3368f6f34edd6f339193cb7b53929d299eaf6a220ed5b7691f8618a",
"PCR0": "b2e498b68481c8bf628aaaab5f0947c7c906ae370c659f52576f24b42ee30816e6f271f294141883a9b6a71365711fcf",
"PCR1": "5039fa3d13b95dded883deed58d2a0ac63bee4f05f16e05eda0dd21e54bcd01f5e700505998b5674616ea8346ce94b29",
"PCR2": "65c6c8a0520688286886ec526d9ca491e14e3ef2e4e6b003e429fc8215e4be61eecbceb8afaf335e06f878ac11a3a702"
"PCR2": "6163453eda49431035a7b3c6333b357d1853d7c82801407233ab6564637e67293111e19ba0a0c6f7f5f49cf92a192e51"
}
4 changes: 2 additions & 2 deletions pcrProd.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"HashAlgorithm": "Sha384 { ... }",
"PCR0": "878dc4111e94722f3d33b202dc1368916af2eb486e74b3d94c9dfbcb3d981fa652827ea8e951ddfe06d1cefb482e431c",
"PCR0": "516f55b2b30f728e234b765f77ce39beb42fd1067602b5c184ed25ed6da4a2848ee630b76143a31b126d4e1782cdd5b9",
"PCR1": "5039fa3d13b95dded883deed58d2a0ac63bee4f05f16e05eda0dd21e54bcd01f5e700505998b5674616ea8346ce94b29",
"PCR2": "c80316eb5d0983f68e376d5b71edfd0bafcdb6319be5dbe93e294f0afca782fb48586bece3cd6d5cf691254895abe0b5"
"PCR2": "d341e7e7e07582388995744939847c13e1a4e727e138643053f182467d6d809c72fc2382796bdf366c0b4be17cb29976"
}
150 changes: 0 additions & 150 deletions update_continuum_url.sh

This file was deleted.

0 comments on commit 3ee7828

Please sign in to comment.