MigTD April release changes - Part 2#771
Open
MichalTarnacki wants to merge 9 commits intointel:mainfrom
Open
Conversation
Add missing feature = "main" gate to RebindingInfo import and StartRebinding variant so compilation succeeds when building with vmcall-raw,policy_v2 without main (needed for unit tests). Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Remove the two-phase rebinding model (PREPARE/FINALIZE) per GHCI 1.5: - Remove MIGTD_REBIND_OP_PREPARE/FINALIZE constants - Remove operation field from RebindingInfo struct - Adjust reserved field check (bytes 10-15 per spec) - Remove rebinding_old_finalize() and rebinding_new_finalize() - Simplify start_rebinding() to call prepare directly BREAKING CHANGE: RebindingInfo no longer contains an operation field Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Per GHCI 1.5, MIGTD_DATA now contains a single entry of type TDINFO: - Replace 3 type constants with MIGTD_DATA_TYPE_TDINFO = 0 - Rewrite InitData struct: init_report/policy/event_log -> init_tdinfo - Add mrowner()/mrownerconfig() helpers for TDINFO_STRUCT field extraction - Enforce numberOfEntry == 1 and min size 512 in read_from_bytes() - get_from_local() extracts td_info from TDX report instead of full report - Update rebinding_old_prepare to use mrowner and local event_log - spdm_req: TdReportInit sends init_tdinfo, EventLogInit uses local log, MigPolicyInit sends mrowner instead of digest_sha384(init_policy) - Remove digest_sha384 import from rebinding.rs Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Adapt rebinding handshake to use init_tdinfo instead of init_policy: - rebinding.rs: rename params in pre_session_data_exchange functions - server_client.rs: rename init_td_report -> init_tdinfo in RATLS cert creation/verification, update pre_session_data parsing with init_tdinfo naming, compare mrowner at TDINFO offset 112..160 directly instead of digest_sha384(init_policy) - spdm_rsp.rs: rename pre_session_data parsing, compare mrowner directly Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Per GHCI 1.5, policy and SERVTD_EXT verification operates on TDINFO_STRUCT: - verify_servtd_hash(): accepts TDINFO bytes, returns TdInfo (not TdxReport), parses via MaybeUninit + copy_nonoverlapping - verify_init_tdreport() -> verify_init_tdinfo(): renamed, returns TdInfo - Add get_rtmrs_from_tdinfo() and setup_evaluation_data_with_tdinfo() - authenticate_rebinding_old(): 6 params instead of 7 (removed init_policy and init_td_report, replaced with init_tdinfo); calls verify_event_log() directly against RTMRs from init_tdinfo; uses local policy for TCB eval - Remove get_init_tcb_evaluation_info() and TD_INFO_OFFSET constant - Update call sites in server_client.rs and spdm_rsp.rs Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Add unit tests for updated data structures and verification: - rebinding.rs: tests for InitData (roundtrip, mrowner, bad signature, bad version, multiple entries, wrong type, short tdinfo, empty input) and RebindingInfo (no init, with init, short buffer, nonzero reserved, missing init data) - mig_policy.rs: tests for verify_servtd_hash (valid, wrong hash, short input, ignore_attributes, ignore_mrowner) and get_rtmrs_from_tdinfo Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Update td-shim submodule: add TDVMCALL_REPORTFATALERROR (0x10003) and tdvmcall_report_fatal_error() per GHCI 1.5 section 3.4. Panic handler now calls ReportFatalError before halting. Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Add EXPECTED_SERVTD_ATTR constant and verify TDG.SERVTD.RD(CURR_SERVTD_ATTR) matches the hardcoded value in read_servtd_ext(), per MigTD Design Guide and GHCI 1.5 requirements. Reject with error on mismatch. Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
… to rebind flow Add SERVTD_EXT and init TDINFO elements to migration attestation info exchange (element count 3→5). MigTD-src now reads SERVTD_EXT via TDG.SERVTD.RD and sends it along with its TDINFO_STRUCT to MigTD-dst. MigTD-dst receives and stores SERVTD_EXT, then writes APPROVED_SERVTD_EXT_HASH after MSK exchange. Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
Contributor
|
See comment #770, please do use part 1, part 2. Instead, just say which specific feature this PR is dealing with. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.