Add support for AMD SEV-SNP

.github/workflows/docker.yml

@@ -28,10 +28,9 @@ jobs:
 
       - name: Install cosign
         # https://github.com/sigstore/cosign-installer
-        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
+        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
         with:
-          cosign-release: "v1.13.1"
-
+          cosign-release: "v2.2.1"
       - name: Build Docker Image
         id: docker-build
         run: |

.github/workflows/main.yml

@@ -27,17 +27,17 @@ jobs:
         id: cosign-verify
         run: |
             COSIGN_EXPERIMENTAL=true cosign verify \
-            --certificate-identity-regexp 'https://github.com/veracruz-project/veracruz/.github/workflows/docker.yml@refs/heads/main' \
+            --certificate-identity-regexp 'https://github.com/veracruz-project/veracruz/.github/workflows/docker.yml@refs/heads/dreemkiller_amd_sev' \
             --certificate-oidc-issuer https://token.actions.githubusercontent.com \
-              ghcr.io/veracruz-project/veracruz/ci@sha256:dd434df33153bd8915859eb0f280270d2cdf07d6100ef4332bcd18c5e8525068
+              ghcr.io/veracruz-project/veracruz/ci@sha256:48fbfbe4af44372b5cad15e80c7e17f523bb76cc157cf492860a48b37db4bd3f
 
   linux:
     runs-on: ubuntu-latest
     needs: [check]
     outputs:
       output: ${{ steps.check-diff.outputs.cargo-lock }}
     container:
-      image: ghcr.io/veracruz-project/veracruz/ci@sha256:dd434df33153bd8915859eb0f280270d2cdf07d6100ef4332bcd18c5e8525068
+      image: ghcr.io/veracruz-project/veracruz/ci@sha256:48fbfbe4af44372b5cad15e80c7e17f523bb76cc157cf492860a48b37db4bd3f
       volumes:
         - ${{ github.workspace }}:/work/veracruz
     steps:
@@ -254,6 +254,44 @@ jobs:
           name: nitro
           path: workspaces/**/Cargo.lock
 
+  sev-snp:
+    runs-on: ubuntu-latest
+    needs: [check]
+    outputs:
+      output: ${{ steps.check-diff.outputs.cargo-lock }}
+    container:
+      image: ghcr.io/veracruz-project/veracruz/ci@sha256:dd434df33153bd8915859eb0f280270d2cdf07d6100ef4332bcd18c5e8525068
+      volumes:
+        - ${{ github.workspace }}:/work/veracruz
+    steps:
+      - name: Check out the Veracruz repository
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: add the GITHUB_WORKSPACE into git config
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+      - name: Running AMD SEV-SNP build
+        id: sev-snp-build
+        run: |
+          make -C /work/veracruz/workspaces sev
+      - name: Check modification to Cargo.lock
+        id: check-diff
+        run: |
+          file_changed=$(git diff --diff-filter=ACMUXTRD --name-only -- '**Cargo.lock' | tr '\n' '' | xargs)
+          echo "cargo-lock=$file_changed" >> $GITHUB_OUTPUT
+          if [ -n "$file_changed" ] ; then
+            echo "::warning::Cargo.lock files modified";
+            echo "::warning::Cargo.lock change list: ${{ steps.check-diff.outputs.cargo-lock }}";
+          fi
+      - name: Upload Cargo.lock files
+        id: upload-changed-cargo-lock
+        if: steps.check-diff.outputs.cargo-lock != ''
+        uses: actions/upload-artifact@v3
+        with:
+          name: sev-snp
+          path: workspaces/**.Cargo.lock
+
   # tests that the docs/CLI_QUICKSTART.md is still up to date
   quickstart:
     runs-on: ubuntu-latest

crates/generate-policy/src/main.rs

@@ -105,6 +105,8 @@ struct Arguments {
     /// The filename of the Runtime Manager PRCR0 file for Nitro Enclave
     /// measurement.  This is optional.
     pcr0_file: Option<PathBuf>,
+    /// The hash of the SEV SNP image. This is optional
+    sevsnp_hash: Option<String>,
     /// The filename of the output policy file.
     output_policy_file: PathBuf,
     /// The expiry timepoint of the server certificate.  This is not optional,
@@ -223,6 +225,13 @@ impl Arguments {
                     .num_args(1)
                     .required(false)
             )
+            .arg(
+                Arg::new("sevsnp-hash")
+                    .long("sevsnp-hash")
+                    .value_name("HASH")
+                    .help("Hash of the SEV SNP measurment")
+                    .required(false),
+            )
             .arg(
                 Arg::new("output-policy-file")
                     .short('o')
@@ -444,9 +453,12 @@ impl Arguments {
         let pcr0_file = matches
             .get_one::<String>("pcr-file")
             .map(|fname| PathBuf::from(fname));
-        if css_file.is_none() && pcr0_file.is_none() {
+        let sevsnp_hash = matches
+            .get_one::<String>("sevsnp-hash")
+            .map(|value| value.to_string());
+        if css_file.is_none() && pcr0_file.is_none() && sevsnp_hash.is_none() {
             return Err(anyhow!(
-                "Either the CSS.bin or the PCR0 file must be provided as a \
+                "Either the CSS.bin, sevsnp_hash, or the PCR0 file must be provided as a \
     command-line parameter.",
             ));
         }
@@ -492,6 +504,7 @@ impl Arguments {
             proxy_service_cert,
             css_file,
             pcr0_file,
+            sevsnp_hash,
             output_policy_file,
             certificate_expiry,
             program_binaries,
@@ -521,6 +534,7 @@ impl Arguments {
             POLICY_CIPHERSUITE.to_string(),
             self.compute_linux_enclave_hash()?,
             self.compute_nitro_enclave_hash()?,
+            self.sevsnp_hash.clone(),
             format!("{}", self.proxy_attestation_server_ip),
             self.serialize_proxy_service_certificate()?,
             self.enclave_debug_mode,

crates/linux-runtime-manager/Cargo.toml

@@ -13,6 +13,6 @@ lazy_static = { version = "1.4.0", features = ["spin_no_std"] }
 log = "0.4.13"
 nix = "0.26"
 psa-attestation = { path = "../psa-attestation" }
-raw-fd = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.2" }
+raw-fd = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.3" }
 runtime-manager = { path = "../runtime-manager", features = ["linux"] }
 veracruz-utils = { path = "../veracruz-utils", features = ["linux"] }

crates/linux-veracruz-server/Cargo.toml

@@ -13,7 +13,7 @@ lazy_static = { version = "1.4.0", features = ["spin_no_std"] }
 log = "0.4.13"
 nix = { version = "0.26" }
 policy-utils = { path = "../policy-utils", features = ["std", ] }
-proxy-attestation-client = { git = "https://github.com/veracruz-project/proxy-attestation-client", tag = "v0.2" }
+proxy-attestation-client = { git = "https://github.com/veracruz-project/proxy-attestation-client", tag = "v0.4" }
 rand = "0.8.3"
 tempfile = { version = "3.2.0" }
 veracruz-server = { path = "../veracruz-server", features = ["linux"]}

crates/nitro-runtime-manager/Cargo.toml

@@ -10,7 +10,7 @@ anyhow = "1"
 log = "0.4.13"
 nix = { version = "0.26" }
 nsm_api = { package = "aws-nitro-enclaves-nsm-api", version = "0.3.0" }
-raw-fd = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.2" }
+raw-fd = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.3" }
 runtime-manager = { path = "../runtime-manager", features = ["nitro"] }
 veracruz-utils = { path = "../veracruz-utils", features = ["nitro"] }
 serde_bytes = "0.11"

crates/nitro-veracruz-server/Cargo.toml

@@ -9,8 +9,8 @@ bincode = { version = "1.2.1", default-features = false }
 clap = { version = "4", features = ["derive"]}
 env_logger = { version = "0.10.0" }
 log = "0.4.13"
-nitro-enclave = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.2" }
+nitro-enclave = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.3" }
 policy-utils = { path = "../policy-utils", features = ["std"] }
-proxy-attestation-client = { git = "https://github.com/veracruz-project/proxy-attestation-client", tag = "v0.2" }
+proxy-attestation-client = { git = "https://github.com/veracruz-project/proxy-attestation-client", tag = "v0.4" }
 veracruz-server = { path = "../veracruz-server", features = ["nitro"]}
 veracruz-utils = { path = "../veracruz-utils", features = ["nitro"] }

crates/policy-utils/Cargo.toml

@@ -27,7 +27,7 @@ mbedtls = { path = "../third-party/rust-mbedtls/mbedtls", default-features = fal
 regex = "1"
 serde = { version = "1.0.185", features = ["derive"] }
 serde_json = { version = "1.0", default-features = false }
-veracruz-utils = { path = "../veracruz-utils", optional = true }
+veracruz-utils = { path = "../veracruz-utils" }
 wasi-types = { path = "../third-party/wasi-types" }
 
 [build-dependencies]

crates/policy-utils/src/lib.rs

@@ -70,6 +70,8 @@ pub enum Platform {
     Linux,
     /// The enclave is running under AWS Nitro enclaves.
     Nitro,
+    /// The AMD SEV-SNP platform
+    SEVSNP,
     /// The mock platform for unit testing (client unit tests, at the moment).
     Mock,
 }
@@ -92,6 +94,7 @@ impl fmt::Display for Platform {
         match self {
             Platform::Linux => write!(f, "linux"),
             Platform::Nitro => write!(f, "nitro"),
+            Platform::SEVSNP => write!(f, "sevsnp"),
             Platform::Mock => write!(f, "mock"),
         }
     }

crates/policy-utils/src/policy.rs

@@ -88,6 +88,8 @@ pub struct Policy {
     runtime_manager_hash_linux: Option<String>,
     /// The hash of the Veracruz trusted runtime for AWS Nitro Enclaves.
     runtime_manager_hash_nitro: Option<String>,
+    /// The hash of the Veracruz trusted runtime for AMD SEV SNP.
+    runtime_manager_hash_sevsnp: Option<String>,
     /// The URL of the proxy attestation service.
     proxy_attestation_server_url: String,
     /// The PEM encoded certificate for the proxy service that matches the chosen
@@ -125,6 +127,7 @@ impl Policy {
         ciphersuite: String,
         runtime_manager_hash_linux: Option<String>,
         runtime_manager_hash_nitro: Option<String>,
+        runtime_manager_hash_sevsnp: Option<String>,
         proxy_attestation_server_url: String,
         proxy_service_cert: String,
         debug: bool,
@@ -148,6 +151,7 @@ impl Policy {
             ciphersuite,
             runtime_manager_hash_linux,
             runtime_manager_hash_nitro,
+            runtime_manager_hash_sevsnp,
             proxy_attestation_server_url,
             debug,
             execution_strategy,
@@ -231,6 +235,10 @@ impl Policy {
                 .runtime_manager_hash_nitro
                 .as_ref()
                 .ok_or(anyhow!(PolicyError::InvalidPlatform))?,
+            Platform::SEVSNP => self
+                .runtime_manager_hash_sevsnp
+                .as_ref()
+                .ok_or(anyhow!(PolicyError::InvalidPlatform))?,
             Platform::Mock => self
                 .runtime_manager_hash_nitro
                 .as_ref()

crates/runtime-manager/Cargo.toml

@@ -9,7 +9,6 @@ resolver = "2"
 [features]
 default = []
 linux = [
-  "bincode",
   "execution-engine/std",
   "io-utils/linux",
   "nix",
@@ -19,7 +18,6 @@ linux = [
   "veracruz-utils/linux",
 ]
 nitro = [
-  "bincode",
   "execution-engine/std",
   "execution-engine/nitro",
   "io-utils/nitro",
@@ -32,7 +30,7 @@ nitro = [
 
 [dependencies]
 anyhow = "1"
-bincode = { version = "1.2.1", default-features = false, optional = true }
+bincode = { version = "1.2.1", default-features = false }
 err-derive = "0.2"
 execution-engine = { path = "../execution-engine" }
 hex = { version = "0.4.2" }

crates/runtime-manager/src/managers/error.rs

@@ -51,4 +51,6 @@ pub enum RuntimeManagerError {
     LockSessionManager,
     #[error(display = "RuntimeManager: Failed to obtain lock on session table.")]
     LockSessionTable,
+    #[error(display = "RuntimeManager: Firmware error")]
+    FirmwareError,
 }

crates/session-manager/Cargo.toml

@@ -22,4 +22,4 @@ err-derive = "0.2"
 mbedtls = { path = "../third-party/rust-mbedtls/mbedtls", default-features = false, features = ["std", "aesni", "padlock", "tls13"] }
 platform-services = { path = "../platform-services" }
 policy-utils = { path = "../policy-utils" }
-veracruz-utils = { path = "../veracruz-utils", optional = true }
+veracruz-utils = { path = "../veracruz-utils" }

crates/sev-runtime-manager/.gitignore

@@ -0,0 +1 @@
+.guest_image_canary

crates/sev-runtime-manager/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "sev-runtime-manager"
+authors = ["The Veracruz Development Team"]
+description = "The trusted Veracruz runtime's command-and-control module for AMD SEV-SNP. Co-ordinates and directs the rest of the runtime"
+edition = "2018"
+version = "0.1.0"
+links = "sev-guest-get-report"
+
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+anyhow = "1"
+nix = { version = "0.26.4" }
+raw-fd = { git = "https://github.com/veracruz-project/nitro-enclave", tag = "v0.3" }
+runtime-manager = { path = "../runtime-manager" }
+sev-snp-utils = { version = "=1.4.4", package= "lit-sev-snp-utils"}
+rustix = "=0.37.13"
+veracruz-utils = { path = "../veracruz-utils", features = ["linux"] }

crates/sev-runtime-manager/build.rs

@@ -0,0 +1,100 @@
+//! SEV Runtime Manager build script
+//!
+//! ## Authors
+//!
+//! The Veracruz Development Team.
+//!
+//! ## Licensing and copyright notice
+//!
+//! See the `LICENSE_MIT.markdown` file in the Veracruz root directory for
+//! information on licensing and copyright.
+
+use std::{
+    env,
+    path::Path,
+    process::Command
+};
+
+fn main() {
+    let source_dir_var = &env::var_os("CARGO_MANIFEST_DIR").unwrap();
+    let source_dir = Path::new(&source_dir_var);
+    let out_dir_var = &env::var_os("OUT_DIR").unwrap();
+    let out_dir = Path::new(&out_dir_var);
+    let linux_dir = out_dir.join("linux");
+    if !linux_dir.is_dir() {
+        let git_status = Command::new("git")
+            .current_dir(out_dir)
+            .args(&["clone", "https://github.com/AMDESE/linux.git"])
+            .status()
+            .unwrap();
+        if !git_status.success() {
+            panic!("Failed to clone linux source");
+        }
+        let git_status = Command::new("git")
+            .current_dir(out_dir.join("linux"))
+            .args(&["checkout", "6e7765cb477a9753670d4351d14de93f1e9dbbd4"])
+            .status()
+            .unwrap();
+        if !git_status.success() {
+            panic!("Failed to checkout commit");
+        }
+    }
+
+    let make_status = Command::new("make")
+        .current_dir(&linux_dir)
+        .args(&["headers"])
+        .status()
+        .unwrap();
+    if !make_status.success() {
+        panic!("Failed to build linux headers");
+    }
+
+    let sev_guest_dir = out_dir.join("sev-guest");
+    if !sev_guest_dir.is_dir() {
+        let git_status = Command::new("git")
+            .current_dir(out_dir)
+            .args(&["clone", "https://github.com/AMDESE/sev-guest.git",])
+            .status()
+            .unwrap();
+        if !git_status.success() {
+            panic!("Failed to clone sev-guest project");
+        }
+        let git_status = Command::new("git")
+            .current_dir(out_dir.join("sev-guest"))
+            .args(&["checkout", "62317d7de4d79d4ca887b357dddf072082b0b078",])
+            .status()
+            .unwrap();
+        if !git_status.success() {
+            panic!("Failed to clone sev-guest project");
+        }
+
+        let patch_filename = source_dir.join("get-report.patch");
+        let git_patch_status = Command::new("git")
+            .current_dir(&sev_guest_dir)
+            .args(&["apply", &patch_filename.as_os_str().to_str().unwrap()])
+            .status()
+            .unwrap();
+        if !git_patch_status.success() {
+            panic!("Failed to patch sev-guest project");
+        }
+    }
+
+    let veracruz_mk_filename = source_dir.join("veracruz.mk");
+
+    let mut full_string: String = "LINUX_INCLUDE=".to_string();
+    full_string.push_str(linux_dir.as_os_str().to_str().unwrap());
+    full_string.push_str("/usr/include");
+    let linux_include = full_string.as_str();
+
+    let make_status = Command::new("make")
+        .current_dir(&sev_guest_dir)
+        .args(&["-f", &veracruz_mk_filename.as_os_str().to_str().unwrap(), &linux_include])
+        .status()
+        .unwrap();
+    if !make_status.success() {
+        panic!("Failed to build sev-guest");
+    }
+
+    println!("cargo:rustc-link-lib=static=sev-guest-get-report");
+    println!("cargo:rustc-link-search={:}", sev_guest_dir.display());
+}