Use a hard-coded string for virtual measurement (#6802)

Co-authored-by: Amaury Chamayou <[email protected]>

src/pal/quote_generation.h

@@ -3,7 +3,6 @@
 #pragma once
 
 #include "ds/files.h"
-#include "ds/system.h"
 
 #include <nlohmann/json.hpp>
 #include <string>
@@ -23,13 +22,7 @@ namespace ccf::pal
 
     auto j = nlohmann::json::object();
 
-    const auto uname = ccf::ds::system::exec("uname -a");
-    if (!uname.has_value())
-    {
-      throw std::runtime_error("Error calling uname");
-    }
-
-    j["measurement"] = uname.value();
+    j["measurement"] = "Insecure hard-coded virtual measurement v1";
     j["host_data"] = package_hash.hex_str();
 
     files::dump(j.dump(2), virtual_attestation_path("measurement"));

tests/code_update.py

@@ -51,7 +51,7 @@ def test_verify_quotes(network, args):
             j = r.body.json()
             if j["format"] == "Insecure_Virtual":
                 # A virtual attestation makes 3 claims:
-                # - The measurement (same on many nodes) is the result of calling `uname -a`
+                # - The measurement (same on any virtual node) is a hard-coded string, currently unmodifiable
                 claimed_measurement = j["measurement"]
                 # For consistency with other platforms, this endpoint always returns a hex-string.
                 # But for virtual, it's encoding some ASCII string, not a digest, so decode it for readability

tests/infra/utils.py

@@ -8,8 +8,7 @@
 
 def get_measurement(enclave_type, enclave_platform, package, library_dir="."):
     if enclave_platform == "virtual":
-        result = infra.proc.ccall("uname", "-a")
-        return result.stdout.decode().strip()
+        return "Insecure hard-coded virtual measurement v1"
 
     else:
         raise ValueError(f"Cannot get measurement on {enclave_platform}")