Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-27 18:46:11 -04:00
Code Issues Packages Projects Releases Wiki Activity

measurement-reader: add support for TDX

Browse Source
This commit is contained in:
Nils Hanke 2023-03-09 18:11:47 +01:00 committed by Malte Poll
parent dd2da25ebe
commit 253d201ff3
3 changed files with 145 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
measurement-reader/cmd/main.go
View File

@ -14,6 +14,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/variant" "github.com/edgelesssys/constellation/v2/internal/variant"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tdx"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm" "github.com/edgelesssys/constellation/v2/measurement-reader/internal/tpm"
"go.uber.org/zap" "go.uber.org/zap"
"go.uber.org/zap/zapcore" "go.uber.org/zap/zapcore"
@ -34,12 +35,19 @@ func main() {
if err != nil { if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements") log.With(zap.Error(err)).Fatalf("Failed to read TPM measurements")
} }
case oid.QEMUTDX{}:
m, err = tdx.Measurements()
if err != nil {
log.With(zap.Error(err)).Fatalf("Failed to read Intel TDX measurements")
}
default: default:
log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant") log.With(zap.String("attestationVariant", variantString)).Fatalf("Unsupported attestation variant")
} }
fmt.Println("Measurements:") fmt.Println("Measurements:")
for _, measurement := range m { for _, measurement := range m {
fmt.Printf("\t%s : 0x%0X\n", measurement.Index, measurement.Value) // -7 should ensure consistent padding across all current prefixes: PCR[xx], MRTD, RTMR[x].
// If the prefix gets longer somewhen in the future, this might need adjustment for consistent padding.
fmt.Printf("\t%-7s : 0x%0X\n", measurement.Index, measurement.Value)
} }
} }

58
measurement-reader/internal/tdx/tdx.go Normal file
View File

@ -0,0 +1,58 @@
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
// Package tdx reads measurements from an Intel TDX guest.
package tdx
import (
"fmt"
"sort"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/tdx"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
)
// Measurements returns a sorted list of TDX runtime measurements.
func Measurements() ([]sorted.Measurement, error) {
m, err := tdx.GetSelectedMeasurements(tdx.Open, []int{0, 1, 2, 3, 4})
if err != nil {
return nil, err
}
return sortMeasurements(m), nil
}
func sortMeasurements(m measurements.M) []sorted.Measurement {
keys := make([]uint32, 0, len(m))
for idx := range m {
keys = append(keys, idx)
}
sort.Slice(keys, func(i, j int) bool {
return keys[i] < keys[j]
})
var measurements []sorted.Measurement
for _, idx := range keys {
expected := m[idx].Expected
// Index 0 == MRTD
// Index 1-5 == RTMR[0-4]
var index string
if (idx) == 0 {
index = "MRTD"
} else {
index = fmt.Sprintf("RTMR[%01d]", idx-1)
}
measurements = append(measurements, sorted.Measurement{
Index: index,
Value: expected[:],
})
}
return measurements
}

78
measurement-reader/internal/tdx/tdx_test.go Normal file
View File

@ -0,0 +1,78 @@
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package tdx
import (
"bytes"
"testing"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/measurement-reader/internal/sorted"
"github.com/stretchr/testify/assert"
)
func TestSortMeasurements(t *testing.T) {
testCases := map[string]struct {
input measurements.M
want []sorted.Measurement
}{
"pre sorted": {
input: measurements.M{
0: measurements.WithAllBytes(0x11, false),
1: measurements.WithAllBytes(0x22, false),
2: measurements.WithAllBytes(0x33, false),
},
want: []sorted.Measurement{
{
Index: "MRTD",
Value: bytes.Repeat([]byte{0x11}, 32),
},
{
Index: "RTMR[0]",
Value: bytes.Repeat([]byte{0x22}, 32),
},
{
Index: "RTMR[1]",
Value: bytes.Repeat([]byte{0x33}, 32),
},
},
},
"unsorted": {
input: measurements.M{
1: measurements.WithAllBytes(0x22, false),
0: measurements.WithAllBytes(0x11, false),
2: measurements.WithAllBytes(0x33, false),
},
want: []sorted.Measurement{
{
Index: "MRTD",
Value: bytes.Repeat([]byte{0x11}, 32),
},
{
Index: "RTMR[0]",
Value: bytes.Repeat([]byte{0x22}, 32),
},
{
Index: "RTMR[1]",
Value: bytes.Repeat([]byte{0x33}, 32),
},
},
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
got := sortMeasurements(tc.input)
for i := range got {
assert.Equal(got[i].Index, tc.want[i].Index)
assert.Equal(got[i].Value, tc.want[i].Value)
}
})
}
}