measurement-reader: add support for TDX

measurement-reader/cmd/main.go

@@ -14,6 +14,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/variant"
 	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
+	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tdx"
 	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
@@ -34,12 +35,19 @@ func main() {
 		if err != nil {
 			log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements")
 		}
+	case oid.QEMUTDX{}:
+		m, err = tdx.Measurements()
+		if err != nil {
+			log.With(zap.Error(err)).Fatalf("Failed to read Intel TDX measurements")
+		}
 	default:
 		log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant")
 	}
 
 	fmt.Println("Measurements:")
 	for _, measurement := range m {
-		fmt.Printf("\t%s : 0x%0X\n", measurement.Index, measurement.Value)
+		// -7 should ensure consistent padding across all current prefixes: PCR[xx], MRTD, RTMR[x].
+		// If the prefix gets longer somewhen in the future, this might need adjustment for consistent padding.
+		fmt.Printf("\t%-7s : 0x%0X\n", measurement.Index, measurement.Value)
 	}
 }

measurement-reader/internal/tdx/tdx.go

@@ -0,0 +1,58 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+// Package tdx reads measurements from an Intel TDX guest.
+package tdx
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
+	"github.com/edgelesssys/constellation/v2/internal/attestation/tdx"
+	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
+)
+
+// Measurements returns a sorted list of TDX runtime measurements.
+func Measurements() ([]sorted.Measurement, error) {
+	m, err := tdx.GetSelectedMeasurements(tdx.Open, []int{0, 1, 2, 3, 4})
+	if err != nil {
+		return nil, err
+	}
+
+	return sortMeasurements(m), nil
+}
+
+func sortMeasurements(m measurements.M) []sorted.Measurement {
+	keys := make([]uint32, 0, len(m))
+	for idx := range m {
+		keys = append(keys, idx)
+	}
+	sort.Slice(keys, func(i, j int) bool {
+		return keys[i] < keys[j]
+	})
+
+	var measurements []sorted.Measurement
+	for _, idx := range keys {
+		expected := m[idx].Expected
+
+		// Index 0   == MRTD
+		// Index 1-5 == RTMR[0-4]
+		var index string
+		if (idx) == 0 {
+			index = "MRTD"
+		} else {
+			index = fmt.Sprintf("RTMR[%01d]", idx-1)
+		}
+
+		measurements = append(measurements, sorted.Measurement{
+			Index: index,
+			Value: expected[:],
+		})
+	}
+
+	return measurements
+}

measurement-reader/internal/tdx/tdx_test.go

@@ -0,0 +1,78 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package tdx
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
+	"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSortMeasurements(t *testing.T) {
+	testCases := map[string]struct {
+		input measurements.M
+		want  []sorted.Measurement
+	}{
+		"pre sorted": {
+			input: measurements.M{
+				0: measurements.WithAllBytes(0x11, false),
+				1: measurements.WithAllBytes(0x22, false),
+				2: measurements.WithAllBytes(0x33, false),
+			},
+			want: []sorted.Measurement{
+				{
+					Index: "MRTD",
+					Value: bytes.Repeat([]byte{0x11}, 32),
+				},
+				{
+					Index: "RTMR[0]",
+					Value: bytes.Repeat([]byte{0x22}, 32),
+				},
+				{
+					Index: "RTMR[1]",
+					Value: bytes.Repeat([]byte{0x33}, 32),
+				},
+			},
+		},
+		"unsorted": {
+			input: measurements.M{
+				1: measurements.WithAllBytes(0x22, false),
+				0: measurements.WithAllBytes(0x11, false),
+				2: measurements.WithAllBytes(0x33, false),
+			},
+			want: []sorted.Measurement{
+				{
+					Index: "MRTD",
+					Value: bytes.Repeat([]byte{0x11}, 32),
+				},
+				{
+					Index: "RTMR[0]",
+					Value: bytes.Repeat([]byte{0x22}, 32),
+				},
+				{
+					Index: "RTMR[1]",
+					Value: bytes.Repeat([]byte{0x33}, 32),
+				},
+			},
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+
+			got := sortMeasurements(tc.input)
+			for i := range got {
+				assert.Equal(got[i].Index, tc.want[i].Index)
+				assert.Equal(got[i].Value, tc.want[i].Value)
+			}
+		})
+	}
+}