cleaning up

Signed-off-by: Wojciech Ozga <woz@zurich.ibm.com>
IBM · Oct 6, 2024 · e5d61f8 · e5d61f8
1 parent c0074e2
commit e5d61f8
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 41 deletions.
diff --git a/security-monitor/rust-crates/cove_tap/src/parser.rs b/security-monitor/rust-crates/cove_tap/src/parser.rs
@@ -53,11 +53,11 @@ impl TeeAttestationPayloadParser {
         let mut digests = vec![];
         for _ in 0..number_of_digests {
             let size = self.read_u16()? as usize;
-            let entry_type = TapDigestEntryType::from_u16(self.read_u16()?)?;
+            let pcr_id = self.read_u16()?;
             let algorithm = TapDigestAlgorithm::from_u16(self.read_u16()?)?;
             let value = self.read_exact(size-4)?;
             digests.push(TapDigest {
-                entry_type,
+                pcr_id,
                 algorithm,
                 value
             });

diff --git a/security-monitor/rust-crates/cove_tap/src/serializer.rs b/security-monitor/rust-crates/cove_tap/src/serializer.rs
@@ -55,7 +55,7 @@ impl TeeAttestationPayloadSerializer {
         for mut digest in payload.digests.drain(..) {
             let entry_size = digest.value.len() + 2 + 2;
             result.append(&mut (entry_size as u16).to_le_bytes().to_vec());
-            result.append(&mut (digest.entry_type as u16).to_le_bytes().to_vec());
+            result.append(&mut (digest.pcr_id).to_le_bytes().to_vec());
             result.append(&mut (digest.algorithm as u16).to_le_bytes().to_vec());
             result.append(&mut digest.value);
         }

diff --git a/security-monitor/rust-crates/cove_tap/src/spec.rs b/security-monitor/rust-crates/cove_tap/src/spec.rs
@@ -39,7 +39,7 @@ impl TapLockboxAlgorithm {
 }
 
 pub struct TapDigest {
-    pub entry_type: TapDigestEntryType,
+    pub pcr_id: u16,
     pub algorithm: TapDigestAlgorithm,
     pub value: Vec<u8>,
 }
@@ -49,29 +49,9 @@ impl TapDigest {
         use crate::alloc::string::ToString;
         self.value.iter().map(|b| alloc::format!("{:02x}", b).to_string()).collect::<Vec<alloc::string::String>>().join("")
     }
-}
-
-#[repr(u16)]
-#[derive(Debug)]
-pub enum TapDigestEntryType {
-    VmCodeAndData = 4,
-    VmBootHart = 5,
-}
-
-impl TapDigestEntryType {
-    pub fn from_u16(value: u16) -> Result<Self, TapError> {
-        match value {
-            4 => Ok(Self::VmCodeAndData),
-            5 => Ok(Self::VmBootHart),
-            v => Err(TapError::UnsupportedTapDigestEntryType(v)),
-        }
-    }
 
-    pub fn to_u16(&self) -> u16 {
-        match self {
-            Self::VmCodeAndData => 4,
-            Self::VmBootHart => 5,
-        }
+    pub fn pcr_id(&self) -> u16 {
+        self.pcr_id
     }
 }
 

diff --git a/...itor/src/non_confidential_flow/handlers/cove_host_extension/promote_to_confidential_vm.rs b/...itor/src/non_confidential_flow/handlers/cove_host_extension/promote_to_confidential_vm.rs
@@ -65,7 +65,7 @@ impl PromoteToConfidentialVm {
 
     fn create_confidential_vm(&self, shared_memory: &NaclSharedMemory) -> Result<ConfidentialVmId, Error> {
         debug!("Promoting a VM to a confidential VM");
-        debug!("Copying the entire VM's state to the confidential memory, recreating the MMU configuration");
+        // Copying the entire VM's state to the confidential memory, recreating the MMU configuration
         let memory_protector = ConfidentialVmMemoryProtector::from_vm_state(&self.hgatp)?;
 
         // The pointer to the flattened device tree (FDT) as well as the entire FDT must be treated as an untrusted input, which measurement
@@ -76,7 +76,6 @@ impl PromoteToConfidentialVm {
         let htimedelta = 0;
 
         // We create a fixed number of harts (all but the boot hart are in the reset state).
-        debug!("Copying boot hart's state");
         let confidential_harts: Vec<_> = (0..number_of_confidential_harts)
             .map(|confidential_hart_id| match confidential_hart_id {
                 Self::BOOT_HART_ID => ConfidentialHart::from_vm_hart(confidential_hart_id, self.program_counter, htimedelta, shared_memory),
@@ -174,12 +173,12 @@ impl PromoteToConfidentialVm {
         use crate::core::control_data::MeasurementDigest;
         match tee_attestation_payload {
             Some(tee_attestation_payload) => {
-                debug!("Authenticating and authorizing the confidential VM using read TAP");
+                debug!("Authenticating and authorizing the confidential VM");
                 for digest in tee_attestation_payload.digests.iter() {
-                    debug!("Reference measurement: {:?} {:?} {}", digest.entry_type, digest.algorithm, digest.value_in_hex());
+                    debug!("Reference measurement: {:?}={:?}=0x{}", digest.pcr_id, digest.algorithm, digest.value_in_hex());
                     // TODO: make sure we compare digests of the same algorithm...
                     let pcr_value = MeasurementDigest::clone_from_slice(&digest.value);
-                    ensure!(measurements.compare(digest.entry_type.to_u16() as usize, pcr_value)?, Error::LocalAttestationFailed())?;
+                    ensure!(measurements.compare(digest.pcr_id() as usize, pcr_value)?, Error::LocalAttestationFailed())?;
                 }
                 debug!("Attestation successful, read {} secrets", tee_attestation_payload.secrets.len());
                 Ok(tee_attestation_payload.secrets)

diff --git a/tools/local_attestation/src/generate.rs b/tools/local_attestation/src/generate.rs
@@ -5,11 +5,9 @@ use crate::ensure;
 use crate::error::Error;
 use std::fs::OpenOptions;
 use std::io::Write;
-
 use tap::Lockbox;
 use tap::TapDigest;
 use tap::TapDigestAlgorithm;
-use tap::TapDigestEntryType;
 use tap::TapLockboxAlgorithm;
 use tap::TapSecret;
 use tap::TeeAttestationPayload;
@@ -40,13 +38,13 @@ pub fn generate_tap(
     });
 
     let mut digests = vec![];
-    for (pcr_number, pcr_value) in pcrs.into_iter() {
+    for (pcr_id, pcr_value) in pcrs.into_iter() {
         let tap_digest = TapDigest {
-            entry_type: TapDigestEntryType::from_u16(pcr_number)?,
+            pcr_id,
             algorithm: TapDigestAlgorithm::Sha512,
             value: pcr_value,
         };
-        println!("Writing PCR{}={}", pcr_number, tap_digest.value_in_hex());
+        println!("Writing PCR{}={}", pcr_id, tap_digest.value_in_hex());
         digests.push(tap_digest);
     }
 
@@ -87,11 +85,7 @@ pub fn generate_tap(
     )?;
     let tap = parser.parse_and_verify()?;
     for digest in tap.digests.iter() {
-        println!(
-            "Read PCR{}={}",
-            digest.entry_type.to_u16(),
-            digest.value_in_hex()
-        );
+        println!("Read PCR{}={}", digest.pcr_id, digest.value_in_hex());
     }
 
     Ok(())