validatedpatterns · butler54 · Feb 16, 2026 · Feb 9, 2026 · Feb 9, 2026
diff --git a/templates/attestation-certificate.yaml b/templates/attestation-certificate.yaml
@@ -0,0 +1,23 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: attestation-token
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "3"
+spec:
+  secretName: attestation-cert
+  duration: 8760h # 1 year
+  renewBefore: 720h # 30 days
+  commonName: {{ .Values.attestation.commonName | default "kbs-trustee-operator-system" }}
+  subject:
+    organizations:
+      - {{ .Values.attestation.organization | default "Red Hat" }}
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: attestation-self-signed-issuer
+    kind: Issuer
diff --git a/templates/attestation-issuer.yaml b/templates/attestation-issuer.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: attestation-self-signed-issuer
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "2"
+spec:
+  selfSigned: {}
diff --git a/templates/attestation-policy.yaml b/templates/attestation-policy.yaml
@@ -0,0 +1,79 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: attestation-policy
+  namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
+data:
+  default_cpu.rego: |
+    package policy
+
+    import rego.v1
+    default executables := 33
+    default hardware := 97
+    default configuration := 36
+
+    ## miminimal but reliable attestation policy
+    ## hardware and firmware changes. This is not in our control. It's up to the user to update acceptable measurements
+    ## In conjuction with verification with the service provider.
+    ## currently setup for azure vTPM
+
+
+    ##### Azure vTPM SNP
+    executables := 3 if {
+      # input.azsnpvtpm.measurement in data.reference.measurement
+      input.azsnpvtpm.tpm.pcr03 in data.reference.snp_pcr03
+      input.azsnpvtpm.tpm.pcr08 in data.reference.snp_pcr08
+      input.azsnpvtpm.tpm.pcr09 in data.reference.snp_pcr09
+      input.azsnpvtpm.tpm.pcr11 in data.reference.snp_pcr11
+      input.azsnpvtpm.tpm.pcr12 in data.reference.snp_pcr12
+    }
+
+    hardware := 2 if {
+      # Check the reported TCB to validate the ASP FW
+      # input.azsnpvtpm.reported_tcb_bootloader in data.reference.tcb_bootloader
+      # input.azsnpvtpm.reported_tcb_microcode in data.reference.tcb_microcode
+      # input.azsnpvtpm.reported_tcb_snp in data.reference.tcb_snp
+      # input.azsnpvtpm.reported_tcb_tee in data.reference.tcb_tee
+      input.azsnpvtpm
+    }
+
+    # For the 'configuration' trust claim 2 stands for
+    # "The configuration is a known and approved config."
+    #
+    # For this, we compare all the configuration fields.
+    configuration := 2 if {
+      # input.azsnpvtpm.platform_smt_enabled in data.reference.smt_enabled
+      # input.azsnpvtpm.platform_tsme_enabled in data.reference.tsme_enabled
+      # input.azsnpvtpm.policy_abi_major in data.reference.abi_major
+      # input.azsnpvtpm.policy_abi_minor in data.reference.abi_minor
+      # input.azsnpvtpm.policy_single_socket in data.reference.single_socket
+      # input.azsnpvtpm.policy_smt_allowed in data.reference.smt_allowed
+      input.azsnpvtpm
+    }
+
+    ##### Azure vTPM TDX
+    executables := 3 if {
+      input.aztdxvtpm.tpm.pcr03 in data.reference.tdx_pcr03
+      input.aztdxvtpm.tpm.pcr08 in data.reference.tdx_pcr08
+      input.aztdxvtpm.tpm.pcr09 in data.reference.tdx_pcr09
+      input.aztdxvtpm.tpm.pcr11 in data.reference.tdx_pcr11
+      input.aztdxvtpm.tpm.pcr12 in data.reference.tdx_pcr12
+    }
+
+    hardware := 2 if {
+      # Check the quote is a TDX quote signed by Intel SGX Quoting Enclave
+      input.aztdxvtpm.quote.header.tee_type == "81000000"
+      input.aztdxvtpm.quote.header.vendor_id == "939a7233f79c4ca9940a0db3957f0607"
+
+      # Check TDX Module version and its hash. Also check OVMF code hash.
+      # input.aztdxvtpm.quote.body.mr_seam in data.reference.mr_seam
+      # input.aztdxvtpm.quote.body.tcb_svn in data.reference.tcb_svn
+      # input.aztdxvtpm.quote.body.mr_td in data.reference.mr_td
+    }
+
+    configuration := 2 if {
+      # input.aztdxvtpm.quote.body.xfam in data.reference.xfam
+      input.aztdxvtpm
+    }
diff --git a/templates/attestation-status-eso.yaml b/templates/attestation-status-eso.yaml
@@ -0,0 +1,23 @@
+{{- if ne .Values.global.secretStore.backend "none" }}
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: attestation-status-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  data:
+  target:
+    name: attestation-status
+    template:
+      type: generic
+  dataFrom:
+  - extract:
+      key: {{ .Values.global.coco.attestationStatus }}
+{{- end }}
diff --git a/templates/certificate.yaml b/templates/certificate.yaml
@@ -5,6 +5,7 @@ metadata:
   namespace: imperative
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "3"
 spec:
   secretName: kbs-tls-self-signed
   duration: 8760h # 1 year

diff --git a/templates/cosign-eso.yaml b/templates/cosign-eso.yaml
@@ -0,0 +1,23 @@
+{{- if and (ne .Values.global.secretStore.backend "none") (eq .Values.global.coco.securityPolicyFlavour "signed") }}
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: cosigned-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  data:
+  target:
+    name: cosign-keys
+    template:
+      type: generic
+  dataFrom:
+  - extract:
+      key: {{ .Values.global.coco.cosignKeys }}
+{{- end }}
diff --git a/templates/issuer.yaml b/templates/issuer.yaml
@@ -5,6 +5,7 @@ metadata:
   namespace: imperative
   annotations:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "2"
 spec:
   selfSigned: {}
 
diff --git a/templates/kbs-config-map.yaml b/templates/kbs-config-map.yaml
@@ -3,6 +3,8 @@ kind: ConfigMap
 metadata:
   name: kbs-config
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
 data:
   kbs-config.toml: |
     [http_server]
@@ -11,31 +13,36 @@ data:
     private_key = "/etc/https-key/tls.key"
     certificate = "/etc/https-cert/tls.crt"
     [admin]
-    insecure_api = true
+    insecure_api = false
     auth_public_key = "/etc/auth-secret/publicKey"
 
     [attestation_token]
-    insecure_key = true
+    insecure_key = false
     attestation_token_type = "CoCo"
+    trusted_certs_paths = ["/etc/attestation-cert/tls.crt"] # Check for location in cert (based on key generated)
 
     [attestation_service]
     type = "coco_as_builtin"
     work_dir = "/opt/confidential-containers/attestation-service"
     policy_engine = "opa"
 
-      [attestation_service.attestation_token_broker]
-      type = "Ear"
-      policy_dir = "/opt/confidential-containers/attestation-service/policies"
+    [attestation_service.attestation_token_broker]
+    type = "Ear"
+    policy_dir = "/opt/confidential-containers/attestation-service/policies"
 
-      [attestation_service.attestation_token_config]
-      duration_min = 5
+    [attestation_service.attestation_token_broker.signer]
+    key_path = "/etc/attestation-cert/tls.key"
+    cert_path = "/etc/attestation-cert/tls.crt"
 
-      [attestation_service.rvps_config]
-      type = "BuiltIn"
+    [attestation_service.attestation_token_config]
+    duration_min = 5
 
-        [attestation_service.rvps_config.storage]
-        type = "LocalJson"
-        file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
+    [attestation_service.rvps_config]
+    type = "BuiltIn"
+
+    [attestation_service.rvps_config.storage]
+    type = "LocalJson"
+    file_path = "/opt/confidential-containers/rvps/reference-values/reference-values.json"
 
     [[plugins]]
     name = "resource"

diff --git a/templates/kbs-route.yaml b/templates/kbs-route.yaml
@@ -1,10 +1,12 @@
 # Single cluster deploy don't use the route yet.
---- 
+---
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
   name: kbs
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "8"
 spec:
   subdomain: kbs
   port:

diff --git a/templates/kbs.yaml b/templates/kbs.yaml
@@ -3,6 +3,8 @@ kind: KbsConfig
 metadata:
   name: kbsconfig
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "7"
 spec:
   kbsConfigMapName: kbs-config
   kbsAuthSecretName: kbs-auth-public-key
@@ -12,10 +14,18 @@ spec:
     {{- range .Values.kbs.secretResources }}
     - "{{ .name }}"
     {{- end }}
+    {{- if eq .Values.global.coco.securityPolicyFlavour "signed" }}
+    - "cosign-keys"
+    {{- end }}
     - "security-policy"
+    - "attestation-status"
   kbsHttpsKeySecretName: kbs-https-key
   kbsHttpsCertSecretName: kbs-https-certificate
   kbsResourcePolicyConfigMapName: resource-policy
+  kbsAttestationPolicyConfigMapName: attestation-policy
+  kbsAttestationCertSecretName: attestation-cert
+  kbsAttestationKeySecretName: attestation-cert
+
 
   # TDX specific configuration (optional)
   {{- if .Values.kbs.tdx.enabled }}

diff --git a/templates/pcrs-eso.yaml b/templates/pcrs-eso.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata: 
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  name: pcrs-eso
+  namespace: trustee-operator-system
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.secretStore.name }}
+    kind: {{ .Values.secretStore.kind }}
+  target:
+    name: pcr-stash
+    template:
+      type: generic
+  dataFrom:
+  - extract:
+      key: 'secret/data/hub/pcrStash'
diff --git a/templates/push-secret.yaml b/templates/push-secret.yaml
@@ -4,6 +4,8 @@ kind: PushSecret
 metadata:
   name: push-certs
   namespace: imperative
+  annotations:
+    argocd.argoproj.io/sync-wave: "5"
 spec:
   updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync
   deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted

diff --git a/templates/reference-values.yaml b/templates/reference-values.yaml
@@ -1,25 +1,13 @@
+{{- if not (eq .Values.global.coco.secured  true) }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  annotations:
-    argocd.argoproj.io/sync-wave: "1"
   name: rvps-reference-values
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
 data:
   reference-values.json: |
-      [
-      ]
-
-# No reference values yet
-    # [
-    #   {
-    #     "name": "sample.svn",
-    #     "expired": "2025-01-01T00:00:00Z",
-    #     "hash-value": [
-    #       {
-    #         "alg": "sha256",
-    #         "value": "1"
-    #       }
-    #     ]
-    #   }
-    # ]
+    [
+    ]
+{{ end }}
diff --git a/templates/resource-policy.yaml b/templates/resource-policy.yaml
@@ -3,7 +3,12 @@ kind: ConfigMap
 metadata:
   name: resource-policy
   namespace: trustee-operator-system
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
 data:
   policy.rego: |
     package policy
-    default allow = true
+    default allow = false
+    allow {
+      input["submods"]["cpu0"]["ear.status"] == "affirming"
+    }