From f07c947502bd469782c6f55f8c3c62ec3224b1bc Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 15 Mar 2024 11:54:16 +0000
Subject: [PATCH] attestationreport: fix and better log output

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/snp.go | 12 ++++++++----
 attestationreport/sw.go  |  2 ++
 attestationreport/tdx.go |  2 ++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/attestationreport/snp.go b/attestationreport/snp.go
index 3cb56ea2..20602f99 100644
--- a/attestationreport/snp.go
+++ b/attestationreport/snp.go
@@ -87,6 +87,8 @@ const (
 func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []ReferenceValue,
 ) (*MeasurementResult, bool) {
 
+	log.Trace("Verifying SNP measurements")
+
 	result := &MeasurementResult{
 		Type:      "SNP Result",
 		SnpResult: &SnpResult{},
@@ -154,6 +156,7 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 
 	// Compare Measurements
 	if cmp := bytes.Compare(s.Measurement[:], snpReferenceValue.Sha384); cmp != 0 {
+		log.Trace("Failed to verify SNP reference value")
 		result.Artifacts = append(result.Artifacts,
 			DigestResult{
 				Name:    snpReferenceValue.Name,
@@ -171,6 +174,7 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 
 		ok = false
 	} else {
+		log.Trace("Successfully verified SNP reference value")
 		// As we previously checked, that the attestation report contains exactly one
 		// SNP Reference Value, we can set this here:
 		result.Artifacts = append(result.Artifacts,
@@ -481,25 +485,25 @@ func verifySnpExtensions(cert *x509.Certificate, report *snpreport) ([]Result, b
 
 	if r, ok = checkExtensionUint8(cert, "1.3.6.1.4.1.3704.1.3.2", uint8(tcb>>8)); !ok {
 		log.Tracef("SEV TEE Extension Check failed")
-		ok = false
+		success = false
 	}
 	results = append(results, r)
 
 	if r, ok = checkExtensionUint8(cert, "1.3.6.1.4.1.3704.1.3.3", uint8(tcb>>48)); !ok {
 		log.Tracef("SEV SNP Extension Check failed")
-		ok = false
+		success = false
 	}
 	results = append(results, r)
 
 	if r, ok = checkExtensionUint8(cert, "1.3.6.1.4.1.3704.1.3.8", uint8(tcb>>56)); !ok {
 		log.Tracef("SEV UCODE Extension Check failed")
-		ok = false
+		success = false
 	}
 	results = append(results, r)
 
 	if r, ok = checkExtensionBuf(cert, "1.3.6.1.4.1.3704.1.4", report.ChipId[:]); !ok {
 		log.Tracef("Chip ID Extension Check failed")
-		ok = false
+		success = false
 	}
 	results = append(results, r)
 
diff --git a/attestationreport/sw.go b/attestationreport/sw.go
index 52f75829..c3137929 100644
--- a/attestationreport/sw.go
+++ b/attestationreport/sw.go
@@ -21,6 +21,8 @@ import (
 
 func VerifySwMeasurements(swMeasurements []Measurement, refVals []ReferenceValue) ([]MeasurementResult, bool) {
 
+	log.Trace("Verifying SW measurements")
+
 	swMeasurementResults := make([]MeasurementResult, 0)
 	ok := true
 
diff --git a/attestationreport/tdx.go b/attestationreport/tdx.go
index 2988567a..33535b9b 100644
--- a/attestationreport/tdx.go
+++ b/attestationreport/tdx.go
@@ -194,6 +194,8 @@ func parseECDSASignatureV4(buf *bytes.Buffer, sig *ECDSA256QuoteSignatureDataStr
 
 func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, referenceValues []ReferenceValue) (*MeasurementResult, bool) {
 
+	log.Trace("Verifying TDX measurements")
+
 	var err error
 	result := &MeasurementResult{
 		Type:      "TDX Result",