Skip to content

Commit

Permalink
eventlog: platform priority change and fix event log cli
Browse files Browse the repository at this point in the history
* make tpm as the first priority while doing platform check
* fix event log issue and provide the sorted output
* fix test case issues

Signed-off-by: Ruoyu Ying <[email protected]>
  • Loading branch information
Ruoyu-y committed Jun 14, 2024
1 parent cda0356 commit e5a4b88
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 11 deletions.
13 changes: 10 additions & 3 deletions src/python/cc_event_log_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from cctrusted_base.api import CCTrustedApi
from cctrusted_base.eventlog import TcgEventLog
from cctrusted_base.tcgcel import TcgTpmsCelEvent
from cctrusted_base.tcg import TcgAlgorithmRegistry
from cctrusted_vm.cvm import ConfidentialVM
from cctrusted_vm.sdk import CCTrustedVmSdk

Expand Down Expand Up @@ -41,11 +42,17 @@ def main():
LOG.info("Total %d of event logs fetched.", len(event_logs))

res = CCTrustedApi.replay_cc_eventlog(event_logs)
# pylint: disable-next=C0301
LOG.info("Note: If the underlying platform is TDX, the IMR index showing is cc measurement register instead of TDX measurement register.")
# pylint: disable-next=C0301
LOG.info("Please refer to the spec https://www.intel.com/content/www/us/en/content-details/726790/guest-host-communication-interface-ghci-for-intel-trust-domain-extensions-intel-tdx.html")
LOG.info("Replayed result of collected event logs:")
# pylint: disable-next=C0201
for key in res.keys():
LOG.info("IMR[%d]: ", key)
LOG.info(" %s", res.get(key).get(12).hex())
for k in sorted(res.keys()):
LOG.info("IMR[%d]: ", k)
for alg, h in res.get(k).items():
LOG.info(" %s: ", TcgAlgorithmRegistry.get_algorithm_string(alg))
LOG.info(" %s", h.hex())

LOG.info("Dump collected event logs:")
for event in event_logs:
Expand Down
7 changes: 4 additions & 3 deletions src/python/cctrusted_vm/cvm.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,13 @@ def init(self) -> bool:
@staticmethod
def detect_cc_type():
"""Detect the type of current confidential VM"""
# TODO: refine the justification
#TODO: refine the justification
# support TPM as the first priority for now
if os.path.exists(TpmVM.DEFAULT_TPM_DEVICE_NODE):
return CCTrustedApi.TYPE_CC_TPM
for devpath in TdxVM.DEVICE_NODE_PATH.values():
if os.path.exists(devpath):
return CCTrustedApi.TYPE_CC_TDX
if os.path.exists(TpmVM.DEFAULT_TPM_DEVICE_NODE):
return CCTrustedApi.TYPE_CC_TPM
return CCTrustedApi.TYPE_CC_NONE

@abstractmethod
Expand Down
2 changes: 1 addition & 1 deletion src/python/cctrusted_vm/sdk.py
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ def get_cc_eventlog(self, start:int = None, count:int = None) -> list:
self._cvm.process_eventlog()

event_logs = EventLogs(self._cvm.boot_time_event_log, self._cvm.runtime_event_log,
TcgEventLog.TCG_FORMAT_PCCLIENT)
self._cvm.cc_type, TcgEventLog.TCG_FORMAT_PCCLIENT)

event_logs.select(start, count)

Expand Down
8 changes: 4 additions & 4 deletions src/python/tests/tdx_check.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ def _check_imr(imr_index: int, alg_id: int, rtmr: bytes):
alg_id: an integer specified the hash algorithm.
rtmr: bytes of RTMR data for comparison.
"""
assert 0 <= imr_index < TdxRTMR.RTMR_COUNT
assert 0 < imr_index <= TdxRTMR.RTMR_COUNT
assert rtmr is not None
assert alg_id == TcgAlgorithmRegistry.TPM_ALG_SHA384
imr = CCTrustedVmSdk.inst().get_cc_measurement([imr_index, alg_id])
imr = CCTrustedVmSdk.inst().get_cc_measurement([imr_index - 1, alg_id])
assert imr is not None
digest_obj = imr.digest(alg_id)
assert digest_obj is not None
Expand Down Expand Up @@ -128,8 +128,8 @@ def _check_quote_rtmrs(quote):
# Compare all the RTMR values which are used by the event log.
# Please note that some RTMR may not be used.
for imr_idx, digests in rtmrs.items():
assert quote_rtmrs[imr_idx] == digests[alg.alg_id], \
f"RTMR{imr_idx} doesn't equal the replay from event log!"
assert quote_rtmrs[imr_idx - 1] == digests[alg.alg_id], \
f"RTMR{imr_idx - 1} doesn't equal the replay from event log!"

def _check_quote_reportdata(quote, nonce=None, userdata=None):
"""Check the userdata in quote result."""
Expand Down

0 comments on commit e5a4b88

Please sign in to comment.