add: snp updates and mods to support VLEK

[wobito]

This PR will add support for V{C|L}EK from amd snp-sev, this will also bump the sev crate from 1.2.0 to 3.1.1 with hope to close #286

Currently for the trustee sources to compile the azure-cvm-tooling needed to have the sev crate bump as well, that is why there is a change in the cargo for those packages, this would need kinvolk/azure-cvm-tooling#52 to land before we can change the package back to it upstream provider.
This was completed with the merge of kinvolk/azure-cvm-tooling#52

This pr also references a crate bump on sylabs/guest-components until a patch can be contributed upstream there as well.
This was completed with the merge of confidential-containers/guest-components#555

[fitzthum]

Looks great. I made some comments. Please add a commit message.

Also, is this PR really AWS specific or does it just add VLEK support?

[wobito]

Thanks again for the comments. Will work on this tomorrow and resolve the issues

Greatly appreciate the review so quickly!

[Xynnn007]

Welcome to the community @wobito ! Only some code style things and I also recommend that upstream first and then we can get this PR perfect and merge.

[mkulke]

we might want to avoid introducing new abbreviations, since people will search for it and get confusing results. it's fine as a variable name, but in strings we can spell it out ("VCEK or VLEK not found") maybe.

[wobito]

I made the requested changes. I appreciate the quick feedback! :D

still finding the sweet spot with rust ;P

[mkulke]

small nit, otherwise lgtm

[fitzthum]

Ok, looks really close to me. A couple small nits.

[fitzthum]

LGTM. Thanks @wobito

@Xynnn007 feel free to merge if your comments are addressed

[Xynnn007]

LGTM. Only one last thing

[fitzthum]

Wait, I think we need to update the evidence struct here still.

[wobito]

Forgive me, but can you provide some more information so I can help in anyway

[mkulke]

Forgive me, but can you provide some more information so I can help in anyway

afaiu in the corresponding guest-components change the evidence struct was modified, we need to do the same here, otherwise the evidence will not be parsed by the verifier. there is currently no CI job that would catch this.

[wobito]

Thank you 🙏

I believe I understand that now
I'll take a pass at it

[fitzthum]

Ok, I think we're good now. We do have a baremetal SNP runner that we could use for an e2e test in the future.

[mkulke]

Ok, I think we're good now. We do have a baremetal SNP runner that we could use for an e2e test in the future.

that would be useful. the e2e tests themselves should not very invasive, but they do install a bunch of dependencies on the runner that might taint the machine. Maybe we can scrutinize this and run the tests in containers (privileged, w/ tee hw-devices mounted).