From d5bf5b606feae1fcdc388debee38e4a799981eab Mon Sep 17 00:00:00 2001
From: Magnus Kulke <magnuskulke@microsoft.com>
Date: Mon, 27 Nov 2023 09:07:00 +0100
Subject: [PATCH] attestation-agent: add az-tdx-vtpm attester

This attester is supposed to run on Azure TDX CVMs.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
---
 Cargo.lock                                        |  2 +-
 Cargo.toml                                        |  2 +-
 attestation-agent/README.md                       |  1 +
 attestation-agent/attester/src/az_tdx_vtpm/mod.rs | 11 +++++------
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 03fb6281d..1d193e87c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2818,7 +2818,7 @@ dependencies = [
 [[package]]
 name = "kbs-types"
 version = "0.4.0"
-source = "git+https://github.com/mkulke/kbs-types?rev=a55f1a5#a55f1a5d6c6476dd0e0e374486c7cbb68d0fd3d5"
+source = "git+https://github.com/virtee/kbs-types?rev=90b13bb#90b13bb023c5805d82cc3206fab9c8e57f61746f"
 dependencies = [
  "serde",
  "serde_json",
diff --git a/Cargo.toml b/Cargo.toml
index 5ae9ab82e..1fdaa815d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -40,7 +40,7 @@ hex = "0.4.3"
 hmac = "0.12.1"
 jwt-simple = "0.11"
 # TODO: change it to "0.5", once released.
-kbs-types = { git = "https://github.com/mkulke/kbs-types", rev = "a55f1a5" }
+kbs-types = { git = "https://github.com/virtee/kbs-types", rev = "90b13bb" }
 lazy_static = "1.4.0"
 log = "0.4.14"
 openssl = "0.10"
diff --git a/attestation-agent/README.md b/attestation-agent/README.md
index 318078f39..3a016c2ba 100644
--- a/attestation-agent/README.md
+++ b/attestation-agent/README.md
@@ -124,6 +124,7 @@ CC KBC supports different kinds of hardware TEE attesters, now
 | sgx-attester        | Intel SGX DCAP              |
 | snp-attester        | AMD SEV-SNP                 |
 | az-snp-vtpm-attester| Azure SEV-SNP CVM           |
+| az-tdx-vtpm-attester| Azure TDX CVM               |
 | cca-attester        | Arm Confidential Compute Architecture (CCA)  |
 
 To build cc kbc with all available attesters and install, use
diff --git a/attestation-agent/attester/src/az_tdx_vtpm/mod.rs b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs
index e6f5781e5..1f7ca8368 100644
--- a/attestation-agent/attester/src/az_tdx_vtpm/mod.rs
+++ b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs
@@ -15,7 +15,7 @@ pub fn detect_platform() -> bool {
     match is_tdx_cvm() {
         Ok(tdx) => tdx,
         Err(err) => {
-            debug!("Failed to retrieve HCL report from TPM: {err}");
+            debug!("Couldn't perform Azure TDX platform detection: {err}");
             false
         }
     }
@@ -28,7 +28,7 @@ pub struct AzTdxVtpmAttester;
 struct Evidence {
     tpm_quote: TpmQuote,
     hcl_report: Vec<u8>,
-    tdx_quote: Vec<u8>,
+    td_quote: Vec<u8>,
 }
 
 #[async_trait::async_trait]
@@ -36,16 +36,15 @@ impl Attester for AzTdxVtpmAttester {
     async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
         let hcl_report_bytes = vtpm::get_report()?;
         let hcl_report = hcl::HclReport::new(hcl_report_bytes.clone())?;
-        let tdx_report_slice = hcl_report.tdx_report_slice();
-        let report_body = imds::ReportBody::new(tdx_report_slice);
-        let tdx_quote_bytes = imds::get_td_quote(report_body)?;
+        let td_report = hcl_report.try_into()?;
+        let td_quote_bytes = imds::get_td_quote(&td_report)?;
 
         let tpm_quote = vtpm::get_quote(&report_data)?;
 
         let evidence = Evidence {
             tpm_quote,
             hcl_report: hcl_report_bytes,
-            tdx_quote: tdx_quote_bytes,
+            td_quote: td_quote_bytes,
         };
         Ok(serde_json::to_string(&evidence)?)
     }