diff --git a/README.md b/README.md index 5f29b0a..e3f70db 100644 --- a/README.md +++ b/README.md @@ -80,35 +80,44 @@ $ git clone https://github.com/cc-api/cc-trusted-vmsdk.git $ cd cc-trusted-vmsdk $ sudo su $ source setupenv.sh -$ python3 -m pip install pytest $ python3 -m pytest -v ./src/python/tests/test_sdk.py ``` _NOTE: The tests need to run via root user._ -## 4. Run in Google TDX VM environment with vTPM +## 4. Run in Google Cloud TDX VM environment with vTPM -Google TDX VM does not support CCEL and RTMR yet, but only support vTPM. So this -SDK will get event log and integrated measurement register from vTPM by default. +Google Cloud Platform (GCP) [TDX Preview](https://cloud.google.com/confidential-computing/confidential-vm/docs/create-a-confidential-vm-instance#intel-tdx) does not support CCEL and RTMR yet, but it supports vTPM. +The SDK will get event log and integrated measurement register from vTPM for GCP TDs. -Please install following pre-requisite for Google TDVM with Ubuntu 22.04 distro: +Refer to [How to create GCP TD](https://github.com/cc-api/confidential-cluster/blob/main/deployment/single_node_gcp.md) to create a GCP TD. -`` -sudo apt install libtss-dev -sudo python3 -m pip install tpm2-pytss -`` +Run the following steps in the GCP TD: -- Dump the PCR (IMR) in Google' TDX instance as follows: +``` +$ git clone https://github.com/cc-api/cc-trusted-vmsdk.git +$ cd cc-trusted-vmsdk +$ sudo su +$ source setupenv.sh + +# Get PCRs of vTPM +$ python3 ./src/python/cc_imr_cli.py + +# Get vTPM event logs in TCG compliant format +$ python3 ./src/python/cc_event_log_cli.py +``` + +- The example output of PCRs (IMR) in a GCP TD as follows: ![](/docs/gogle_tdx_tpm_dump_imr.png) -- Dump the TPM event log in Google's TDX instance as follows: +- The example output of the TPM event log in a GCP TD as follows: ![](/docs/gogle_tdx_tpm_dump_eventlog.png) ## 5. License This project is licensed under the Apache 2.0 License. -## 5. Contact -For any inquiries or support, please contact us at XXX. +## 6. Contact +For any inquiries or support, please open an issue or contact us at [Slack](https://cc-api.slack.com/archives/C070P10A0DR). diff --git a/setupenv.sh b/setupenv.sh index bb84759..b892d18 100644 --- a/setupenv.sh +++ b/setupenv.sh @@ -2,22 +2,30 @@ CURR_DIR=$(pwd) +# Check if the script is being run as root +if [ "$EUID" -ne 0 ]; then + echo "Please run the script as root" + exit 1 +fi + # setup virtualenv and PYTHONPATH -apt-get update && apt-get install -y python3-virtualenv +apt-get update +apt-get install -y python3-virtualenv pkg-config libtss-dev + +if [[ -d ${CURR_DIR}/venv ]]; then + echo "===========> Remove ${CURR_DIR}/venv and create a new one" + rm -rf {CURR_DIR}/venv +fi -if [[ ! -d ${CURR_DIR}/venv ]]; then - python3 -m virtualenv -p python3 ${CURR_DIR}/venv - source ${CURR_DIR}/venv/bin/activate - python3 -m pip install "cctrusted_base @ git+https://github.com/cc-api/cc-trusted-api.git#subdirectory=common/python" - python3 -m pip install -r $CURR_DIR/src/python/requirements.txt - if [ ! $? -eq 0 ]; then - echo "Failed to install python PIP packages, please check your proxy (https_proxy) or setup PyPi mirror." - deactivate - rm ${CURR_DIR}/venv -fr - return 1 - fi -else - source ${CURR_DIR}/venv/bin/activate +python3 -m virtualenv -p python3 ${CURR_DIR}/venv +source ${CURR_DIR}/venv/bin/activate +python3 -m pip install "cctrusted_base @ git+https://github.com/cc-api/cc-trusted-api.git#subdirectory=common/python" +python3 -m pip install -r $CURR_DIR/src/python/requirements.txt +if [ ! $? -eq 0 ]; then + echo "Failed to install python PIP packages, please check your proxy (https_proxy) or setup PyPi mirror." + deactivate + rm ${CURR_DIR}/venv -fr + return 1 fi export PYTHONPATH=$PYTHONPATH:$CURR_DIR/src/python