Skip to content

Commit

Permalink
vmsdk/rust: get TSM report from the directory in environment variable
Browse files Browse the repository at this point in the history 
Signed-off-by: Xiaocheng Dong <xiaocheng.dong@intel.com>
  • Loading branch information
@dongx1x
dongx1x committed May 6, 2024
1 parent 287d71c commit 63e383d
Show file tree
Hide file tree
Showing 3 changed files with 102 additions and 20 deletions.
85 changes: 68 additions & 17 deletions src/rust/cctrusted_vm/src/cvm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use cctrusted_base::tcg::EventLogEntry;
use cctrusted_base::tcg::{TcgAlgorithmRegistry, TcgDigest};
use core::result::Result::Ok;
use sha2::{Digest, Sha512};
use std::{fs, path::Path};
use std::{env, fs, path::Path};
use tempfile::tempdir_in;

// the interfaces a CVM should implement
Expand All @@ -26,12 +26,30 @@ pub trait CVM {
nonce: Option<String>,
data: Option<String>,
) -> Result<CcReport, anyhow::Error> {
let tsm_dir = Path::new(TSM_PREFIX);
if !tsm_dir.exists() {
return Err(anyhow!(
"[process_tsm_report] TSM is not supported in the current environment"
));
}
let (tmp_dir, tmp_str);
let tsm_report = match env::var("TSM_REPORT") {
Ok(v) => {
tmp_str = v;
let tsm_dir = Path::new(&tmp_str);
if !tsm_dir.exists() {
return Err(anyhow!(
"[process_tsm_report] TSM_REPORT is defined but directory does not exist"
));
}
tsm_dir
}
Err(_) => {
let tsm_dir = Path::new(TSM_PREFIX);
if !tsm_dir.exists() {
return Err(anyhow!(
"[process_tsm_report] TSM is not supported in the current environment"
));
}

tmp_dir = tempdir_in(tsm_dir)?;
tmp_dir.path()
}
};

// Update the hash value if nonce or data exists
let mut hasher = Sha512::new();
Expand All @@ -54,28 +72,33 @@ pub trait CVM {
.try_into()
.expect("[process_tsm_report] Wrong length of data");

let tsm_report = tempdir_in(tsm_dir)?;
let pre_generation = fs::read_to_string(tsm_report.join("generation"))
.expect("[process_tsm_report] generation read failed")
.trim()
.parse::<u32>()
.expect("[process_tsm_report] generation parse failed");

// Write hash array to inblob
fs::write(tsm_report.path().join("inblob"), inblob)
fs::write(tsm_report.join("inblob"), inblob)
.expect("[process_tsm_report] Write to inblob failed");
// Read outblob
let outblob = fs::read(tsm_report.path().join("outblob"))
.expect("[process_tsm_report] outblob read failed");
let outblob =
fs::read(tsm_report.join("outblob")).expect("[process_tsm_report] outblob read failed");
// Read provider
let provider = fs::read_to_string(tsm_report.path().join("provider"))
let provider = fs::read_to_string(tsm_report.join("provider"))
.expect("[process_tsm_report] provider read failed");
// Read auxblob if exists
let auxblob = match fs::read(tsm_report.path().join("auxblob")) {
let auxblob = match fs::read(tsm_report.join("auxblob")) {
Ok(v) => Some(v),
Err(_) => None,
};
// Read generation and check the generation
let generation = fs::read_to_string(tsm_report.path().join("generation"))
let generation = fs::read_to_string(tsm_report.join("generation"))
.expect("[process_tsm_report] generation read failed")
.trim()
.parse::<u32>()
.expect("[process_tsm_report] generation parse failed");
if generation > 1 {
if generation - pre_generation > 1 {
return Err(anyhow!("[process_tsm_report] check write race failed"));
}
// Convert provider to TeeType
Expand Down Expand Up @@ -131,7 +154,11 @@ pub trait CVM {
Returns:
TcgDigest struct
*/
fn process_cc_measurement(&self, index: u8, algo_id: u16) -> Result<TcgDigest, anyhow::Error>;
fn process_cc_measurement(
&mut self,
index: u8,
algo_id: u16,
) -> Result<TcgDigest, anyhow::Error>;

/***
retrive CVM eventlogs
Expand Down Expand Up @@ -190,7 +217,31 @@ pub fn build_cvm() -> Result<Box<dyn BuildCVM>, anyhow::Error> {
// detect CVM type
pub fn get_cvm_type() -> CcType {
let mut tee_type = TeeType::PLAIN;
if Path::new(TEE_TPM_PATH).exists() {

if Path::new(TSM_PREFIX).exists() || env::var("TSM_REPORT").is_ok() {
let provider = match env::var("TSM_REPORT") {
Ok(v) => {
let tsm_dir = Path::new(&v);
fs::read_to_string(tsm_dir.join("provider"))
.expect("[get_cvm_type] provider read failed")
}
Err(_) => {
let tsm_dir = Path::new(TSM_PREFIX);
fs::read_to_string(
tempdir_in(tsm_dir)
.expect("[get_cvm_type] create temp dir failed")
.path()
.join("provider"),
)
.expect("[get_cvm_type] provider read failed")
}
};
tee_type = match provider.as_str() {
"tdx_guest\n" => TeeType::TDX,
"sev_guest\n" => TeeType::SEV,
&_ => todo!(),
};
} else if Path::new(TEE_TPM_PATH).exists() {
tee_type = TeeType::TPM;
} else if Path::new(TEE_TDX_1_0_PATH).exists() || Path::new(TEE_TDX_1_5_PATH).exists() {
tee_type = TeeType::TDX;
Expand Down
2 changes: 1 addition & 1 deletion src/rust/cctrusted_vm/src/sdk.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ impl CCTrustedApi for API {
// CCTrustedApi trait function: get measurements of a CVM
fn get_cc_measurement(index: u8, algo_id: u16) -> Result<TcgDigest, anyhow::Error> {
match build_cvm() {
Ok(cvm) => cvm.process_cc_measurement(index, algo_id),
Ok(mut cvm) => cvm.process_cc_measurement(index, algo_id),
Err(e) => Err(anyhow!("[get_cc_measurement] error create cvm: {:?}", e)),
}
}
Expand Down
35 changes: 33 additions & 2 deletions src/rust/cctrusted_vm/src/tdvm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

use crate::cvm::*;
use anyhow::*;
use cctrusted_base::api::ParseCcReport;
use cctrusted_base::api_data::CcReport;
use cctrusted_base::cc_type::*;
use cctrusted_base::eventlog::EventLogs;
Expand Down Expand Up @@ -476,15 +477,45 @@ impl CVM for TdxVM {
}

// CVM trait function: retrieve TDX RTMR
fn process_cc_measurement(&self, index: u8, algo_id: u16) -> Result<TcgDigest, anyhow::Error> {
fn process_cc_measurement(
&mut self,
index: u8,
algo_id: u16,
) -> Result<TcgDigest, anyhow::Error> {
match TdxRTMR::is_valid_index(index) {
Ok(_) => (),
Err(e) => return Err(anyhow!("[process_cc_measurement] {:?}", e)),
};

match TdxRTMR::is_valid_algo(algo_id) {
Ok(_) => (),
Err(e) => return Err(anyhow!("[process_cc_measurement] {:?}", e)),
Err(e) => return Err(anyhow!("D {:?}", e)),
};

match self.process_tsm_report(None, None) {
Ok(v) => {
let tdx_quote: TdxQuote = match CcReport::parse_cc_report(v.cc_report) {
Ok(q) => q,
Err(e) => {
return Err(anyhow!(
"[process_cc_measurement] error parse tdx quote: {:?}",
e
));
}
};
let rtmr = match index {
0 => tdx_quote.body.rtmr0,
1 => tdx_quote.body.rtmr1,
2 => tdx_quote.body.rtmr2,
3 => tdx_quote.body.rtmr3,
_ => return Err(anyhow!("[process_cc_measurement] invalid index")),
};
return match TdxRTMR::new(index, algo_id, rtmr) {
Ok(rtmr) => Ok(rtmr.get_tcg_digest(algo_id)),
Err(e) => Err(anyhow!("error creating TdxRTMR {:?}", e)),
};
}
Err(e) => log::info!("[process_cc_report] try TSM failed: {}", e),
};

let tdreport_raw = match self.get_td_report(None, None) {
Expand Down

0 comments on commit 63e383d

Please sign in to comment.