Add EnableRuntimeGPUAttestation opts to AttestationEvidence API#694
Conversation
yawangwang
force-pushed
the
enable_runtime_gpu_for_evidence_api
branch
from
8587730 to
3531fc8
Compare
yawangwang
force-pushed
the
enable_runtime_gpu_for_evidence_api
branch
2 times, most recently
from
91b59fa to
10df66c
Compare
alexmwu
left a comment
alexmwu
left a comment
There was a problem hiding this comment.
As discussed offline, the fields param should not return the runtime attestation by default since it won't for the GetKeyEndorsement API. You can keep the other fields since you've already implemented it. This should also probably return '*' for ease of use
As a side note, the customer has asked for gRPC to replace REST, and we could probably shift to specifying this in gRPC at some point: https://google.aip.dev/157
Done. Changed the behavior of "filterVMAttestationFields" to NOT return runtime device attestation by default, but only return it by "*" or the specific field "deviceReports". |
yawangwang
force-pushed
the
enable_runtime_gpu_for_evidence_api
branch
3 times, most recently
from
5bfc68a to
ab8b19d
Compare
alexmwu
left a comment
alexmwu
left a comment
There was a problem hiding this comment.
Please resolve comments before submitting, especially always setting runtime attestation to true
yawangwang
force-pushed
the
enable_runtime_gpu_for_evidence_api
branch
from
ab8b19d to
07d84cb
Compare
yawangwang
force-pushed
the
enable_runtime_gpu_for_evidence_api
branch
from
07d84cb to
2d48985
Compare
Done. |
2 participants
By default, runtime GPU attestation is disabled during raw evidence collection. It is enabled only when the /v1/evidence API is called