MigTD April release changes - Part 1#770
Open
MichalTarnacki wants to merge 6 commits intointel:mainfrom
Open
Conversation
MichalTarnacki
force-pushed
the
ghci_20260214
branch
from
57d1e06 to
a62fa75
Compare
Add missing feature = "main" gate to RebindingInfo import and StartRebinding variant so compilation succeeds when building with vmcall-raw,policy_v2 without main (needed for unit tests). Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Remove the two-phase rebinding model (PREPARE/FINALIZE) per GHCI 1.5: - Remove MIGTD_REBIND_OP_PREPARE/FINALIZE constants - Remove operation field from RebindingInfo struct - Adjust reserved field check (bytes 10-15 per spec) - Remove rebinding_old_finalize() and rebinding_new_finalize() - Simplify start_rebinding() to call prepare directly BREAKING CHANGE: RebindingInfo no longer contains an operation field Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Per GHCI 1.5, MIGTD_DATA now contains a single entry of type TDINFO: - Replace 3 type constants with MIGTD_DATA_TYPE_TDINFO = 0 - Rewrite InitData struct: init_report/policy/event_log -> init_tdinfo - Add mrowner()/mrownerconfig() helpers for TDINFO_STRUCT field extraction - Enforce numberOfEntry == 1 and min size 512 in read_from_bytes() - get_from_local() extracts td_info from TDX report instead of full report - Update rebinding_old_prepare to use mrowner and local event_log - spdm_req: TdReportInit sends init_tdinfo, EventLogInit uses local log, MigPolicyInit sends mrowner instead of digest_sha384(init_policy) - Remove digest_sha384 import from rebinding.rs Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Adapt rebinding handshake to use init_tdinfo instead of init_policy: - rebinding.rs: rename params in pre_session_data_exchange functions - server_client.rs: rename init_td_report -> init_tdinfo in RATLS cert creation/verification, update pre_session_data parsing with init_tdinfo naming, compare mrowner at TDINFO offset 112..160 directly instead of digest_sha384(init_policy) - spdm_rsp.rs: rename pre_session_data parsing, compare mrowner directly Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Per GHCI 1.5, policy and SERVTD_EXT verification operates on TDINFO_STRUCT: - verify_servtd_hash(): accepts TDINFO bytes, returns TdInfo (not TdxReport), parses via MaybeUninit + copy_nonoverlapping - verify_init_tdreport() -> verify_init_tdinfo(): renamed, returns TdInfo - Add get_rtmrs_from_tdinfo() and setup_evaluation_data_with_tdinfo() - authenticate_rebinding_old(): 6 params instead of 7 (removed init_policy and init_td_report, replaced with init_tdinfo); calls verify_event_log() directly against RTMRs from init_tdinfo; uses local policy for TCB eval - Remove get_init_tcb_evaluation_info() and TD_INFO_OFFSET constant - Update call sites in server_client.rs and spdm_rsp.rs Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Add unit tests for updated data structures and verification: - rebinding.rs: tests for InitData (roundtrip, mrowner, bad signature, bad version, multiple entries, wrong type, short tdinfo, empty input) and RebindingInfo (no init, with init, short buffer, nonzero reserved, missing init data) - mig_policy.rs: tests for verify_servtd_hash (valid, wrong hash, short input, ignore_attributes, ignore_mrowner) and get_rtmrs_from_tdinfo Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
MichalTarnacki
force-pushed
the
ghci_20260214
branch
from
a62fa75 to
e2ba5e7
Compare
Contributor
|
This PR includes too many features. Could you please split into different PRs, based on each individual feature? "Release change - Part 1" does not make sense to me. We should create PR based on specific feature, not part 1, part 2. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adapt MigTD rebinding to GHCI 1.5. The two-phase PREPARE/FINALIZE model is removed in favor of a single-step flow. MIGTD_DATA is rewritten to carry one TDINFO_STRUCT entry instead of the old report/policy/event_log triple, with direct mrowner/mrownerconfig field accessors. The rebind handshake and attestation verification now operate on raw TDINFO bytes — init_policy is replaced by init_tdinfo throughout pre-session exchange, RATLS, and SPDM paths. Unit tests cover the new data structures and policy verification.