From 7185ae749fad3e531c9a8e8ea98d6ee5c9e6eadf Mon Sep 17 00:00:00 2001 From: Magnus Kulke Date: Mon, 16 Oct 2023 17:32:49 +0200 Subject: [PATCH] attestation-agent: add TDX-vTPM feature to cargo manifests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This attester is supposed to procure evidence from Azure TDX CVMs The attester uses a flow similar to the az_snp_vtpm module, albeit with TDX Quotes. Co-authored-by: Iago López Galeiras Signed-off-by: Magnus Kulke --- Cargo.toml | 2 +- attestation-agent/README.md | 1 + attestation-agent/app/Cargo.toml | 1 + attestation-agent/attester/Cargo.toml | 4 +- .../attester/src/az_tdx_vtpm/mod.rs | 51 +++++++++++++++++++ attestation-agent/attester/src/lib.rs | 10 ++++ attestation-agent/kbc/Cargo.toml | 1 + attestation-agent/kbs_protocol/Cargo.toml | 1 + attestation-agent/lib/Cargo.toml | 1 + 9 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 attestation-agent/attester/src/az_tdx_vtpm/mod.rs diff --git a/Cargo.toml b/Cargo.toml index 2b6a788a5..8ba980820 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -39,7 +39,7 @@ env_logger = "0.10.0" hex = "0.4.3" hmac = "0.12.1" jwt-simple = "0.11" -kbs-types = "0.5.1" +kbs-types = "0.5.3" lazy_static = "1.4.0" log = "0.4.14" openssl = "0.10" diff --git a/attestation-agent/README.md b/attestation-agent/README.md index 318078f39..3a016c2ba 100644 --- a/attestation-agent/README.md +++ b/attestation-agent/README.md @@ -124,6 +124,7 @@ CC KBC supports different kinds of hardware TEE attesters, now | sgx-attester | Intel SGX DCAP | | snp-attester | AMD SEV-SNP | | az-snp-vtpm-attester| Azure SEV-SNP CVM | +| az-tdx-vtpm-attester| Azure TDX CVM | | cca-attester | Arm Confidential Compute Architecture (CCA) | To build cc kbc with all available attesters and install, use diff --git a/attestation-agent/app/Cargo.toml b/attestation-agent/app/Cargo.toml index 99da786a0..852aa62d8 100644 --- a/attestation-agent/app/Cargo.toml +++ b/attestation-agent/app/Cargo.toml @@ -40,6 +40,7 @@ cc_kbc_all_attesters = ["cc_kbc", "attestation_agent/all-attesters"] cc_kbc_tdx = ["cc_kbc", "attestation_agent/tdx-attester"] cc_kbc_sgx = ["cc_kbc", "attestation_agent/sgx-attester"] cc_kbc_az_snp_vtpm = ["cc_kbc", "attestation_agent/az-snp-vtpm-attester"] +cc_kbc_az_tdx_vtpm = ["cc_kbc", "attestation_agent/az-tdx-vtpm-attester"] cc_kbc_snp = ["cc_kbc", "attestation_agent/snp-attester"] eaa_kbc = ["attestation_agent/eaa_kbc"] diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml index ff073bb0c..b57b69cad 100644 --- a/attestation-agent/attester/Cargo.toml +++ b/attestation-agent/attester/Cargo.toml @@ -9,6 +9,7 @@ edition = "2021" anyhow.workspace = true async-trait.workspace = true az-snp-vtpm = { version = "0.4", default-features = false, features = ["attester"], optional = true } +az-tdx-vtpm = { version = "0.4", default-features = false, features = ["attester"], optional = true } base64.workspace = true kbs-types.workspace = true log.workspace = true @@ -35,11 +36,12 @@ required-features = [ "bin" ] [features] default = ["all-attesters"] -all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "snp-attester", "csv-attester", "cca-attester"] +all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "az-tdx-vtpm-attester", "snp-attester", "csv-attester", "cca-attester"] tdx-attester = ["tdx-attest-rs"] sgx-attester = ["occlum_dcap"] az-snp-vtpm-attester = ["az-snp-vtpm"] +az-tdx-vtpm-attester = ["az-tdx-vtpm"] snp-attester = ["sev"] csv-attester = ["csv-rs", "codicon", "hyper", "hyper-tls", "tokio"] cca-attester = ["nix"] diff --git a/attestation-agent/attester/src/az_tdx_vtpm/mod.rs b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs new file mode 100644 index 000000000..1f7ca8368 --- /dev/null +++ b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs @@ -0,0 +1,51 @@ +// Copyright (c) 2023 Microsoft Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::Attester; +use anyhow::*; +use az_tdx_vtpm::vtpm::Quote as TpmQuote; +use az_tdx_vtpm::{hcl, imds, is_tdx_cvm, vtpm}; +use log::debug; +use serde::{Deserialize, Serialize}; +use std::result::Result::Ok; + +pub fn detect_platform() -> bool { + match is_tdx_cvm() { + Ok(tdx) => tdx, + Err(err) => { + debug!("Couldn't perform Azure TDX platform detection: {err}"); + false + } + } +} + +#[derive(Debug, Default)] +pub struct AzTdxVtpmAttester; + +#[derive(Serialize, Deserialize)] +struct Evidence { + tpm_quote: TpmQuote, + hcl_report: Vec, + td_quote: Vec, +} + +#[async_trait::async_trait] +impl Attester for AzTdxVtpmAttester { + async fn get_evidence(&self, report_data: Vec) -> Result { + let hcl_report_bytes = vtpm::get_report()?; + let hcl_report = hcl::HclReport::new(hcl_report_bytes.clone())?; + let td_report = hcl_report.try_into()?; + let td_quote_bytes = imds::get_td_quote(&td_report)?; + + let tpm_quote = vtpm::get_quote(&report_data)?; + + let evidence = Evidence { + tpm_quote, + hcl_report: hcl_report_bytes, + td_quote: td_quote_bytes, + }; + Ok(serde_json::to_string(&evidence)?) + } +} diff --git a/attestation-agent/attester/src/lib.rs b/attestation-agent/attester/src/lib.rs index acb8f1c1a..d1fd146ad 100644 --- a/attestation-agent/attester/src/lib.rs +++ b/attestation-agent/attester/src/lib.rs @@ -11,6 +11,9 @@ pub mod sample; #[cfg(feature = "az-snp-vtpm-attester")] pub mod az_snp_vtpm; +#[cfg(feature = "az-tdx-vtpm-attester")] +pub mod az_tdx_vtpm; + #[cfg(feature = "cca-attester")] pub mod cca; @@ -40,6 +43,8 @@ impl TryFrom for BoxedAttester { Tee::Sgx => Box::::default(), #[cfg(feature = "az-snp-vtpm-attester")] Tee::AzSnpVtpm => Box::::default(), + #[cfg(feature = "az-tdx-vtpm-attester")] + Tee::AzTdxVtpm => Box::::default(), #[cfg(feature = "cca-attester")] Tee::Cca => Box::::default(), #[cfg(feature = "snp-attester")] @@ -87,6 +92,11 @@ pub fn detect_tee_type() -> Option { return Some(Tee::Sgx); } + #[cfg(feature = "az-tdx-vtpm-attester")] + if az_tdx_vtpm::detect_platform() { + return Some(Tee::AzTdxVtpm); + } + #[cfg(feature = "az-snp-vtpm-attester")] if az_snp_vtpm::detect_platform() { return Some(Tee::AzSnpVtpm); diff --git a/attestation-agent/kbc/Cargo.toml b/attestation-agent/kbc/Cargo.toml index 591e11df4..870196fb3 100644 --- a/attestation-agent/kbc/Cargo.toml +++ b/attestation-agent/kbc/Cargo.toml @@ -41,6 +41,7 @@ all-attesters = ["kbs_protocol?/all-attesters"] tdx-attester = ["kbs_protocol/tdx-attester"] sgx-attester = ["kbs_protocol/sgx-attester"] az-snp-vtpm-attester= ["kbs_protocol/az-snp-vtpm-attester"] +az-tdx-vtpm-attester= ["kbs_protocol/az-tdx-vtpm-attester"] snp-attester = ["kbs_protocol/snp-attester"] cca-attester = ["kbs_protocol/cca-attester"] diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml index 60171537b..eb2761d7f 100644 --- a/attestation-agent/kbs_protocol/Cargo.toml +++ b/attestation-agent/kbs_protocol/Cargo.toml @@ -48,6 +48,7 @@ all-attesters = ["attester/all-attesters"] tdx-attester = ["attester/tdx-attester"] sgx-attester = ["attester/sgx-attester"] az-snp-vtpm-attester = ["attester/az-snp-vtpm-attester"] +az-tdx-vtpm-attester = ["attester/az-tdx-vtpm-attester"] snp-attester = ["attester/snp-attester"] csv-attester = ["attester/csv-attester"] cca-attester = ["attester/cca-attester"] diff --git a/attestation-agent/lib/Cargo.toml b/attestation-agent/lib/Cargo.toml index fbf9d90d1..2aa5c7ce3 100644 --- a/attestation-agent/lib/Cargo.toml +++ b/attestation-agent/lib/Cargo.toml @@ -31,6 +31,7 @@ all-attesters = ["kbc/all-attesters", "kbs_protocol?/all-attesters", "attester/a tdx-attester = ["kbc/tdx-attester", "kbs_protocol/tdx-attester", "attester/tdx-attester"] sgx-attester = ["kbc/sgx-attester", "kbs_protocol/sgx-attester", "attester/sgx-attester"] az-snp-vtpm-attester = ["kbc/az-snp-vtpm-attester", "kbs_protocol/az-snp-vtpm-attester", "attester/az-snp-vtpm-attester"] +az-tdx-vtpm-attester = ["kbc/az-tdx-vtpm-attester", "kbs_protocol/az-tdx-vtpm-attester", "attester/az-tdx-vtpm-attester"] snp-attester = ["kbc/snp-attester", "kbs_protocol/snp-attester", "attester/snp-attester"] sample_kbc = ["kbc/sample_kbc"]