From 38c23e69d3543fd06f2ec12e1d1179218490a1d8 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Tue, 16 Jan 2024 13:03:02 +0200 Subject: [PATCH] attester: tdx: use TSM reports to generate quotes Move tdx attester to primarily use TSM reports to get the quotes generated. The ioctl() based get-quote mechanisms have never been upstreamed so they can be considered 'deprecated'. However, a feature switch is added to keep the old functionality available for now. Signed-off-by: Mikko Ylinen --- attestation-agent/attester/Cargo.toml | 3 +- attestation-agent/attester/src/tdx/mod.rs | 51 +++++++++++++++++------ 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml index 760d17743..2e3d04073 100644 --- a/attestation-agent/attester/Cargo.toml +++ b/attestation-agent/attester/Cargo.toml @@ -40,7 +40,8 @@ required-features = [ "bin" ] default = ["all-attesters"] all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "az-tdx-vtpm-attester", "snp-attester", "csv-attester", "cca-attester"] -tdx-attester = ["tdx-attest-rs"] +tdx-attester = ["tsm-report", "tdx-deprecated-getquote-ioctl"] +tdx-deprecated-getquote-ioctl = ["tdx-attest-rs"] sgx-attester = ["occlum_dcap"] az-snp-vtpm-attester = ["az-snp-vtpm"] az-tdx-vtpm-attester = ["az-tdx-vtpm"] diff --git a/attestation-agent/attester/src/tdx/mod.rs b/attestation-agent/attester/src/tdx/mod.rs index b5b47e777..29b32a760 100644 --- a/attestation-agent/attester/src/tdx/mod.rs +++ b/attestation-agent/attester/src/tdx/mod.rs @@ -3,17 +3,23 @@ // SPDX-License-Identifier: Apache-2.0 // +use super::tsm_report::{provider_is, TsmReportPath, TsmReportProvider, TSM_REPORT_PROVIDER_TDX}; use super::Attester; use anyhow::*; use base64::Engine; use serde::{Deserialize, Serialize}; use std::path::Path; +use std::result::Result::Ok; + +#[cfg(feature = "tdx-deprecated-getquote-ioctl")] use tdx_attest_rs; const CCEL_PATH: &str = "/sys/firmware/acpi/tables/data/CCEL"; pub fn detect_platform() -> bool { - Path::new("/dev/tdx-attest").exists() || Path::new("/dev/tdx-guest").exists() + provider_is(TSM_REPORT_PROVIDER_TDX) + || (cfg!(feature = "tdx-legacy-getquote-ioctl") + && (Path::new("/dev/tdx-attest").exists() || Path::new("/dev/tdx-guest").exists())) } #[derive(Serialize, Deserialize)] @@ -37,20 +43,38 @@ impl Attester for TdxAttester { report_data.resize(64, 0); - let tdx_report_data = tdx_attest_rs::tdx_report_data_t { - d: report_data.as_slice().try_into()?, - }; - - let engine = base64::engine::general_purpose::STANDARD; - let quote = match tdx_attest_rs::tdx_att_get_quote(Some(&tdx_report_data), None, None, 0) { - (tdx_attest_rs::tdx_attest_error_t::TDX_ATTEST_SUCCESS, Some(q)) => engine.encode(q), - (error_code, _) => { - return Err(anyhow!( - "TDX Attester: Failed to get TD quote. Error code: {:?}", - error_code - )); + let quote_bytes = match TsmReportPath::open() { + Ok(tsm) => match tsm.attestation_report(TsmReportProvider::Tdx(report_data)) { + Ok(bytes) => { + tsm.close(); + bytes + } + Err(e) => { + tsm.close(); + bail!("TDX Attester: {}", e); + } + }, + #[cfg(feature = "tdx-deprecated-getquote-ioctl")] + Err(_) => { + let tdx_report_data = tdx_attest_rs::tdx_report_data_t { + d: report_data.as_slice().try_into().unwrap(), + }; + + match tdx_attest_rs::tdx_att_get_quote(Some(&tdx_report_data), None, None, 0) { + (tdx_attest_rs::tdx_attest_error_t::TDX_ATTEST_SUCCESS, Some(q)) => q, + (error_code, _) => { + bail!( + "TDX Attester: Failed to get TD quote using ioctl. Error code: {:?}", + error_code + ); + } + } } + #[cfg(not(feature = "tdx-deprecated-getquote-ioctl"))] + Err(e) => bail!("TDX Attester: {}", e), }; + let engine = base64::engine::general_purpose::STANDARD; + let quote = engine.encode(quote_bytes); let cc_eventlog = match std::fs::read(CCEL_PATH) { Result::Ok(el) => Some(engine.encode(el)), @@ -66,6 +90,7 @@ impl Attester for TdxAttester { .map_err(|e| anyhow!("Serialize TDX evidence failed: {:?}", e)) } + #[cfg(feature = "tdx-deprecated-getquote-ioctl")] async fn extend_runtime_measurement( &self, events: Vec>,