eventlog: platform priority change and fix event log cli

* make tpm as the first priority while doing platform check * fix event log issue and provide the sorted output Signed-off-by: Ruoyu Ying <[email protected]>
cc-api · Jun 11, 2024 · f62da5c · f62da5c
1 parent cda0356
commit f62da5c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/src/python/cc_event_log_cli.py b/src/python/cc_event_log_cli.py
@@ -7,6 +7,7 @@
 from cctrusted_base.api import CCTrustedApi
 from cctrusted_base.eventlog import TcgEventLog
 from cctrusted_base.tcgcel import TcgTpmsCelEvent
+from cctrusted_base.tcg import TcgAlgorithmRegistry
 from cctrusted_vm.cvm import ConfidentialVM
 from cctrusted_vm.sdk import CCTrustedVmSdk
 
@@ -41,11 +42,17 @@ def main():
     LOG.info("Total %d of event logs fetched.", len(event_logs))
 
     res = CCTrustedApi.replay_cc_eventlog(event_logs)
+    # pylint: disable-next=C0301
+    LOG.info("Note: If the underlying platform is TDX, the IMR index showing is cc measurement register instead of TDX measurement register.")
+    # pylint: disable-next=C0301
+    LOG.info("      Please refer to the spec https://www.intel.com/content/www/us/en/content-details/726790/guest-host-communication-interface-ghci-for-intel-trust-domain-extensions-intel-tdx.html")
     LOG.info("Replayed result of collected event logs:")
     # pylint: disable-next=C0201
-    for key in res.keys():
-        LOG.info("IMR[%d]: ", key)
-        LOG.info("     %s", res.get(key).get(12).hex())
+    for k in sorted(res.keys()):
+        LOG.info("IMR[%d]: ", k)
+        for alg, h in res.get(k).items():
+            LOG.info("   %s: ", TcgAlgorithmRegistry.get_algorithm_string(alg))
+            LOG.info("      %s", h.hex())
 
     LOG.info("Dump collected event logs:")
     for event in event_logs:

diff --git a/src/python/cctrusted_vm/cvm.py b/src/python/cctrusted_vm/cvm.py
@@ -97,12 +97,13 @@ def init(self) -> bool:
     @staticmethod
     def detect_cc_type():
         """Detect the type of current confidential VM"""
-        # TODO: refine the justification
+        #TODO: refine the justification
+        # support TPM as the first priority for now
+        if os.path.exists(TpmVM.DEFAULT_TPM_DEVICE_NODE):
+            return CCTrustedApi.TYPE_CC_TPM
         for devpath in TdxVM.DEVICE_NODE_PATH.values():
             if os.path.exists(devpath):
                 return CCTrustedApi.TYPE_CC_TDX
-        if os.path.exists(TpmVM.DEFAULT_TPM_DEVICE_NODE):
-            return CCTrustedApi.TYPE_CC_TPM
         return CCTrustedApi.TYPE_CC_NONE
 
     @abstractmethod

diff --git a/src/python/cctrusted_vm/sdk.py b/src/python/cctrusted_vm/sdk.py
@@ -135,7 +135,7 @@ def get_cc_eventlog(self, start:int = None, count:int = None) -> list:
         self._cvm.process_eventlog()
 
         event_logs = EventLogs(self._cvm.boot_time_event_log, self._cvm.runtime_event_log,
-                               TcgEventLog.TCG_FORMAT_PCCLIENT)
+                               self._cvm.cc_type, TcgEventLog.TCG_FORMAT_PCCLIENT)
 
         event_logs.select(start, count)