Simplify evidence explaination

b/334900893 Change-Id: I7cb74027312014f6367877f786d8e0b4984405cb
project-oak · Apr 30, 2024 · 4115409 · 4115409
1 parent 2eb60b6
commit 4115409
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 44 deletions.
diff --git a/oak_attestation_explain/src/lib.rs b/oak_attestation_explain/src/lib.rs
@@ -97,12 +97,9 @@ impl HumanReadableExplanation for RootLayerData {
                 let initial_memory_sha256_digest =
                     SNPInitialMemoryMeasurement::try_from(report.initial_measurement.as_slice())?;
                 Ok(format!(
-                    "Initial memory digest: {}
-
+                    "Initial Memory [Digest]: {}
 {}
-
-One or more SLSA provenances mapping this layer's attestation digest to source code should be available on rekor. They can be obtained with the following search:
-{}",
+Initial Memory [Provenance]: {}",
                     initial_memory_sha256_digest.display_hash(),
                     initial_memory_sha256_digest.display_hash_explaination(),
                     initial_memory_sha256_digest.provenance_link()
@@ -130,39 +127,45 @@ impl HumanReadableExplanation for KernelLayerData {
             .and_then(|digest| {
                 ArtifactDigestSha2_256::try_from(digest).map_err(anyhow::Error::from)
             })?;
-        let init_ram_fs_digest: ArtifactDigestSha2_256 = self
-            .init_ram_fs
-            .as_ref()
-            .context("unexpectedly unset init_ram_fs proto field")
-            .and_then(|digest| {
-                ArtifactDigestSha2_256::try_from(digest).map_err(anyhow::Error::from)
-            })?;
 
-        let digests = format!(
-            "Kernel Image: {}
-Kernel Setup Data: {}
-Kernel Command Line: {}
-Initial RAM Disk: {}",
+        let bz_image_description = format!(
+            "Kernel Image [Digest]: {}
+Kernel Setup Data [Digest]: {}",
             kernel_image_digest.display_hash(),
             ArtifactDigestSha2_256::try_from(
                 self.kernel_setup_data
                     .as_ref()
                     .context("unexpectedly unset kernel_setup_data proto field")?
             )?
             .display_hash(),
+        );
+        let kernel_commandline = format!(
+            "Kernel Command Line: {}",
             self.kernel_raw_cmd_line
                 .as_ref()
                 .context("unexpectedly unset kernel_raw_cmd_line proto field")?,
-            init_ram_fs_digest.display_hash()
         );
+        let init_ram_fs_digest: ArtifactDigestSha2_256 = self
+            .init_ram_fs
+            .as_ref()
+            .context("unexpectedly unset init_ram_fs proto field")
+            .and_then(|digest| {
+                ArtifactDigestSha2_256::try_from(digest).map_err(anyhow::Error::from)
+            })?;
+        let initial_ramdisk_description =
+            format!("Initial RAM Disk [Digest]: {}", init_ram_fs_digest.display_hash());
 
         Ok(format!(
             "{}
-
-One or more SLSA provenances mapping this layer's attestation digests to source code should be available on rekor. They can be obtained with the following search:
-{}",
-            digests,
-            kernel_image_digest.provenance_link()
+Kernel Image/Setup-Data [Provenance]: {}
+{}
+{}
+Inital RAM Disk [Provenance]: {}",
+            bz_image_description,
+            kernel_image_digest.provenance_link(),
+            kernel_commandline,
+            initial_ramdisk_description,
+            init_ram_fs_digest.provenance_link()
         ))
     }
 }
@@ -183,8 +186,8 @@ impl HumanReadableExplanation for SystemLayerData {
                 ArtifactDigestSha2_256::try_from(digest).map_err(anyhow::Error::from)
             })?;
         Ok(format!(
-            "System image digest: {}
-System image provenance: {}",
+            "System Image [Digest]: {}
+System Image [Provenance]: {}",
             system_image_digest.display_hash(),
             system_image_digest.provenance_link(),
         ))
@@ -213,19 +216,19 @@ impl HumanReadableExplanation for ApplicationLayerData {
                 )
             {
                 format!(
-                    "Binary digest: {}
-Binary provenance: {}
-Config digest: {}
-Config provenance: {}",
+                    "Binary [Digest]: {}
+Binary [Provenance]: {}
+Config [Digest]: {}
+Config [Provenance]: {}",
                     binary_digest.display_hash(),
                     binary_digest.provenance_link(),
                     config_digest.display_hash(),
                     config_digest.provenance_link()
                 )
             } else {
                 format!(
-                    "Binary digest: {}
-Binary provenance: {}",
+                    "Binary [Digest]: {}
+Binary [Provenance]: {}",
                     binary_digest.display_hash(),
                     binary_digest.provenance_link(),
                 )

diff --git a/oak_attestation_explain/tests/explain_test.rs b/oak_attestation_explain/tests/explain_test.rs
@@ -49,27 +49,23 @@ fn produces_expected_explaination() {
                 } => {
                     assert_eq!(
                         root_layer.description().unwrap(),
-                        r#"Initial memory digest: sha2-256:519bb2bd42afa2dd8cb3ca88aed6a8aea8905ee371f5e64b4aae03c7cec99a22
-
+                        r#"Initial Memory [Digest]: sha2-256:519bb2bd42afa2dd8cb3ca88aed6a8aea8905ee371f5e64b4aae03c7cec99a22
 ⓘ The firmware attestation digest is the sha2-256 hash of the sha2-386 hash of the initial memory state taken by the AMD SoC. The original sha2-386 hash of the initial memory is: sha2-384:5a5cd76580dd3f0e9cc69ddfe7a6120919c02c3e376317bb3cc6de40a66e60683d380d966664d83fcd124f83f878d2ec.
-
-One or more SLSA provenances mapping this layer's attestation digest to source code should be available on rekor. They can be obtained with the following search:
-https://search.sigstore.dev/?hash=519bb2bd42afa2dd8cb3ca88aed6a8aea8905ee371f5e64b4aae03c7cec99a22"#
+Initial Memory [Provenance]: https://search.sigstore.dev/?hash=519bb2bd42afa2dd8cb3ca88aed6a8aea8905ee371f5e64b4aae03c7cec99a22"#
                     );
                     assert_eq!(
                         kernel_layer.description().unwrap(),
-                        r#"Kernel Image: sha2-256:bb149e581ed858d4269acf844ca9ceb00162f2e2aa2e2061072462a05e0c8743
-Kernel Setup Data: sha2-256:4cd020820da663063f4185ca14a7e803cd7c9ca1483c64e836db840604b6fac1
+                        r#"Kernel Image [Digest]: sha2-256:bb149e581ed858d4269acf844ca9ceb00162f2e2aa2e2061072462a05e0c8743
+Kernel Setup Data [Digest]: sha2-256:4cd020820da663063f4185ca14a7e803cd7c9ca1483c64e836db840604b6fac1
+Kernel Image/Setup-Data [Provenance]: https://search.sigstore.dev/?hash=bb149e581ed858d4269acf844ca9ceb00162f2e2aa2e2061072462a05e0c8743
 Kernel Command Line: console=ttyS0
-Initial RAM Disk: sha2-256:0000000000000000000000000000000000000000000000000000000000000000
-
-One or more SLSA provenances mapping this layer's attestation digests to source code should be available on rekor. They can be obtained with the following search:
-https://search.sigstore.dev/?hash=bb149e581ed858d4269acf844ca9ceb00162f2e2aa2e2061072462a05e0c8743"#
+Initial RAM Disk [Digest]: sha2-256:0000000000000000000000000000000000000000000000000000000000000000
+Inital RAM Disk [Provenance]: https://search.sigstore.dev/?hash=0000000000000000000000000000000000000000000000000000000000000000"#
                     );
                     assert_eq!(
                         application_layer.description().unwrap(),
-                        r#"Binary digest: sha2-256:b5cae5b9b92104f7ebc08b7cd7dc9f2fb191ebd5db7041421f2f885b777d5040
-Binary provenance: https://search.sigstore.dev/?hash=b5cae5b9b92104f7ebc08b7cd7dc9f2fb191ebd5db7041421f2f885b777d5040"#
+                        r#"Binary [Digest]: sha2-256:b5cae5b9b92104f7ebc08b7cd7dc9f2fb191ebd5db7041421f2f885b777d5040
+Binary [Provenance]: https://search.sigstore.dev/?hash=b5cae5b9b92104f7ebc08b7cd7dc9f2fb191ebd5db7041421f2f885b777d5040"#
                     );
                 }
                 _ => panic!("evidence values unexpectedly unset"),