From 2b9f21905270aacf23dd711cdd6711b2d2b0489d Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Wed, 26 Jun 2024 04:38:53 -0400 Subject: [PATCH 1/2] migtd-policy-generator: support `TDX_03` identity Signed-off-by: Jiaqi Gao --- tools/migtd-policy-generator/src/policy.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/migtd-policy-generator/src/policy.rs b/tools/migtd-policy-generator/src/policy.rs index 708c9e78..c9763efb 100644 --- a/tools/migtd-policy-generator/src/policy.rs +++ b/tools/migtd-policy-generator/src/policy.rs @@ -288,6 +288,7 @@ impl TdxModulePolicy { match id { "TDX_01" => 1, "TDX_02" => 2, + "TDX_03" => 3, _ => { panic!("Unexpected TDX Module ID"); } From 9f71e3a7349df3c3a5feadd37098f8969ffd9b52 Mon Sep 17 00:00:00 2001 From: Jiaqi Gao Date: Wed, 26 Jun 2024 04:39:44 -0400 Subject: [PATCH 2/2] config: sync policy data from backend server Signed-off-by: Jiaqi Gao --- config/policy_pre_production_fmspc.json | 75 +++++++++++++++++++++++++ config/policy_production_fmspc.json | 65 +++++++++++++++++++-- 2 files changed, 134 insertions(+), 6 deletions(-) diff --git a/config/policy_pre_production_fmspc.json b/config/policy_pre_production_fmspc.json index c9899b22..8aa613a9 100644 --- a/config/policy_pre_production_fmspc.json +++ b/config/policy_pre_production_fmspc.json @@ -1008,6 +1008,59 @@ }, "fmspc": "10806F040000" }, + { + "Platform": { + "TcbInfo": { + "pcesvn": { + "operation": "greater-or-equal", + "reference": 0 + }, + "sgxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [ + 1, + 1, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 + ] + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [ + 0, + 0, + 1, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 + ] + } + } + }, + "fmspc": "10D06D000000" + }, { "Platform": { "TcbInfo": { @@ -1215,6 +1268,28 @@ } } }, + { + "TDXModule": { + "TDXModule_Identity": { + "ATTRIBUTES": { + "operation": "equal", + "reference": "0000000000000000" + }, + "MRSIGNERSEAM": { + "operation": "equal", + "reference": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + "TDXModuleMajorVersion": { + "operation": "equal", + "reference": 3 + }, + "TDXModuleSVN": { + "operation": "equal", + "reference": 0 + } + } + } + }, { "TDXModule": { "TDXModule_Identity": { diff --git a/config/policy_production_fmspc.json b/config/policy_production_fmspc.json index bc9f0513..4fe5bee2 100644 --- a/config/policy_production_fmspc.json +++ b/config/policy_production_fmspc.json @@ -170,8 +170,8 @@ "sgxtcbcomponents": { "operation": "array-greater-or-equal", "reference": [ - 1, - 1, + 2, + 2, 2, 2, 3, @@ -193,7 +193,7 @@ "reference": [ 4, 0, - 1, + 2, 0, 0, 0, @@ -372,6 +372,59 @@ }, "fmspc": "40A06F000000" }, + { + "Platform": { + "TcbInfo": { + "pcesvn": { + "operation": "greater-or-equal", + "reference": 13 + }, + "sgxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [ + 2, + 2, + 2, + 2, + 2, + 255, + 0, + 2, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 + ] + }, + "tdxtcbcomponents": { + "operation": "array-greater-or-equal", + "reference": [ + 3, + 0, + 2, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0 + ] + } + } + }, + "fmspc": "60A06F000000" + }, { "Platform": { "TcbInfo": { @@ -753,8 +806,8 @@ "sgxtcbcomponents": { "operation": "array-greater-or-equal", "reference": [ - 1, - 1, + 2, + 2, 2, 2, 3, @@ -776,7 +829,7 @@ "reference": [ 4, 0, - 1, + 2, 0, 0, 0,