Skip to content

Commit

Permalink
attestation-agent: add az-tdx-vtpm attester
Browse files Browse the repository at this point in the history
This attester is supposed to run on Azure TDX CVMs.

Signed-off-by: Magnus Kulke <[email protected]>
  • Loading branch information
mkulke committed Nov 29, 2023
1 parent 9a6a769 commit d5bf5b6
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ hex = "0.4.3"
hmac = "0.12.1"
jwt-simple = "0.11"
# TODO: change it to "0.5", once released.
kbs-types = { git = "https://github.com/mkulke/kbs-types", rev = "a55f1a5" }
kbs-types = { git = "https://github.com/virtee/kbs-types", rev = "90b13bb" }
lazy_static = "1.4.0"
log = "0.4.14"
openssl = "0.10"
Expand Down
1 change: 1 addition & 0 deletions attestation-agent/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ CC KBC supports different kinds of hardware TEE attesters, now
| sgx-attester | Intel SGX DCAP |
| snp-attester | AMD SEV-SNP |
| az-snp-vtpm-attester| Azure SEV-SNP CVM |
| az-tdx-vtpm-attester| Azure TDX CVM |
| cca-attester | Arm Confidential Compute Architecture (CCA) |

To build cc kbc with all available attesters and install, use
Expand Down
11 changes: 5 additions & 6 deletions attestation-agent/attester/src/az_tdx_vtpm/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ pub fn detect_platform() -> bool {
match is_tdx_cvm() {
Ok(tdx) => tdx,
Err(err) => {
debug!("Failed to retrieve HCL report from TPM: {err}");
debug!("Couldn't perform Azure TDX platform detection: {err}");
false
}
}
Expand All @@ -28,24 +28,23 @@ pub struct AzTdxVtpmAttester;
struct Evidence {
tpm_quote: TpmQuote,
hcl_report: Vec<u8>,
tdx_quote: Vec<u8>,
td_quote: Vec<u8>,
}

#[async_trait::async_trait]
impl Attester for AzTdxVtpmAttester {
async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
let hcl_report_bytes = vtpm::get_report()?;
let hcl_report = hcl::HclReport::new(hcl_report_bytes.clone())?;
let tdx_report_slice = hcl_report.tdx_report_slice();
let report_body = imds::ReportBody::new(tdx_report_slice);
let tdx_quote_bytes = imds::get_td_quote(report_body)?;
let td_report = hcl_report.try_into()?;
let td_quote_bytes = imds::get_td_quote(&td_report)?;

let tpm_quote = vtpm::get_quote(&report_data)?;

let evidence = Evidence {
tpm_quote,
hcl_report: hcl_report_bytes,
tdx_quote: tdx_quote_bytes,
td_quote: td_quote_bytes,
};
Ok(serde_json::to_string(&evidence)?)
}
Expand Down

0 comments on commit d5bf5b6

Please sign in to comment.