Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added vTPM get HCL report contains user defined data #57

Merged
merged 1 commit into from
Sep 4, 2024
Merged

Added vTPM get HCL report contains user defined data #57

merged 1 commit into from
Sep 4, 2024

Conversation

pawelpros
Copy link
Contributor

Added vTPM get HCL report which allows to include user defined data in retrieved report

  • Added temporary limit for max data (50 bytes) - Azure vTPM supports only SHA384 bytes
  • Added refresh nvindex method which enables setting user_data field
  • Added get HCL report method which uses user provided data and include it in nvindex

How to use

Sample usage based on az-cvm-vtpm/az-tdx-vtpm/src/main.rs:

   let user_hash_64bytes = vec![129, 74, 176, 151, 217, 100, 189, 145, 134, 54, 115, 9, 167, 175, 181, 132, 104, 26, 79, 83, 206, 35, 227, 133, 13, 252, 13, 125, 185, 191, 33, 195, 3, 233, 185, 245, 9, 72, 154, 252, 29, 4, 105, 117, 132, 67, 22, 81, 175, 110, 207, 6, 210, 132, 161, 56, 7, 237, 198, 214, 220, 223, 166, 117];
    println!("user_hash_64bytes HEX: {:?}", hex::encode(&user_hash_64bytes));
    let bytes = vtpm::get_report_with_data(&user_hash_64bytes)?;

Testing done

Tested on virtual machine spawned in Azure by invoking below steps:

  1. Updating az-cvm-vtpm/az-tdx-vtpm/src/main.rs
  2. Compiling code
  3. Running sample main
  4. Output from library:
    user_hash_64bytes HEX: "814ab097d964bd9186367309a7afb584681a4f53ce23e3850dfc0d7db9bf21c303e9b9f509489afc1d04697584431651af6ecf06d284a13807edc6d6dcdfa675"
  5. Output from TPM2_tools:
    Command: sudo tpm2_nvread -C o 0x01400001
    Result:
    json { "keys":[], "vm-configuration":{}, "user-data":"814AB097D964BD9186367309A7AFB584681A4F53CE23E3850DFC0D7DB9BF21C303E9B9F509489AFC1D04697584431651AF6ECF06D284A13807EDC6D6DCDFA675" }

mkulke
mkulke reviewed Sep 3, 2024
View reviewed changes
az-cvm-vtpm/src/hcl/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
pawelpros
pawelpros commented Sep 3, 2024
View reviewed changes
az-cvm-vtpm/src/vtpm/mod.rs Outdated Show resolved Hide resolved
@pawelpros pawelpros force-pushed the enabledita branch 3 times, most recently from 45ab314 to e067cf1 Compare September 4, 2024 08:41
@pawelpros
Added vTPM get HCL report contains user defined data
dcc0888 
- Added temporary limit for max data (50 bytes) - Azure vTPM supports only SHA384 bytes
- Added refresh nvindex method which enables setting user_data field
- Added get HCL report method which uses user provided data and include it in nvindex

Signed-off-by: Pawel Proskurnicki <[email protected]>
@mkulke mkulke merged commit 96a1b5d into kinvolk:main Sep 4, 2024
1 check passed
@pawelpros pawelpros deleted the enabledita branch September 4, 2024 12:10
@ssolit ssolit mentioned this pull request Oct 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkulke mkulke mkulke approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pawelpros @mkulke