diff --git a/Cargo.lock b/Cargo.lock index 022a84709..1d193e87c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -272,6 +272,7 @@ dependencies = [ "anyhow", "async-trait", "az-snp-vtpm", + "az-tdx-vtpm", "base64 0.21.5", "codicon", "csv-rs", @@ -387,6 +388,22 @@ dependencies = [ "ureq", ] +[[package]] +name = "az-tdx-vtpm" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "71ab55ab709f0295fc6d3e5ba457958e0409fc0b279e26d7cf9373fc5da12080" +dependencies = [ + "az-cvm-vtpm", + "base64-url", + "bincode", + "serde", + "serde_json", + "thiserror", + "ureq", + "zerocopy", +] + [[package]] name = "backtrace" version = "0.3.69" @@ -436,6 +453,15 @@ dependencies = [ "serde", ] +[[package]] +name = "base64-url" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed5efc028d778cd6fb4d1779ca001b3282717e34127b726593002506aa77ca08" +dependencies = [ + "base64 0.21.5", +] + [[package]] name = "base64ct" version = "1.6.0" @@ -1597,7 +1623,7 @@ dependencies = [ "elliptic-curve 0.13.8", "rfc6979 0.4.0", "signature 2.0.0", - "spki 0.7.2", + "spki 0.7.3", ] [[package]] @@ -2792,7 +2818,7 @@ dependencies = [ [[package]] name = "kbs-types" version = "0.4.0" -source = "git+https://github.com/virtee/kbs-types?rev=c90df0e#c90df0eb6575a63df015d7e700e26227e646bd0a" +source = "git+https://github.com/virtee/kbs-types?rev=90b13bb#90b13bb023c5805d82cc3206fab9c8e57f61746f" dependencies = [ "serde", "serde_json", @@ -3983,7 +4009,7 @@ checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ "der 0.7.8", "pkcs8 0.10.2", - "spki 0.7.2", + "spki 0.7.3", ] [[package]] @@ -4032,7 +4058,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ "der 0.7.8", - "spki 0.7.2", + "spki 0.7.3", ] [[package]] @@ -4717,7 +4743,7 @@ dependencies = [ "pkcs8 0.10.2", "rand_core 0.6.4", "signature 2.0.0", - "spki 0.7.2", + "spki 0.7.3", "subtle", "zeroize", ] @@ -5488,9 +5514,9 @@ dependencies = [ [[package]] name = "spki" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", "der 0.7.8", diff --git a/Cargo.toml b/Cargo.toml index 7ec7bd99d..1fdaa815d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,7 +40,7 @@ hex = "0.4.3" hmac = "0.12.1" jwt-simple = "0.11" # TODO: change it to "0.5", once released. -kbs-types = { git = "https://github.com/virtee/kbs-types", rev = "c90df0e" } +kbs-types = { git = "https://github.com/virtee/kbs-types", rev = "90b13bb" } lazy_static = "1.4.0" log = "0.4.14" openssl = "0.10" diff --git a/attestation-agent/README.md b/attestation-agent/README.md index 318078f39..3a016c2ba 100644 --- a/attestation-agent/README.md +++ b/attestation-agent/README.md @@ -124,6 +124,7 @@ CC KBC supports different kinds of hardware TEE attesters, now | sgx-attester | Intel SGX DCAP | | snp-attester | AMD SEV-SNP | | az-snp-vtpm-attester| Azure SEV-SNP CVM | +| az-tdx-vtpm-attester| Azure TDX CVM | | cca-attester | Arm Confidential Compute Architecture (CCA) | To build cc kbc with all available attesters and install, use diff --git a/attestation-agent/app/Cargo.toml b/attestation-agent/app/Cargo.toml index 99da786a0..852aa62d8 100644 --- a/attestation-agent/app/Cargo.toml +++ b/attestation-agent/app/Cargo.toml @@ -40,6 +40,7 @@ cc_kbc_all_attesters = ["cc_kbc", "attestation_agent/all-attesters"] cc_kbc_tdx = ["cc_kbc", "attestation_agent/tdx-attester"] cc_kbc_sgx = ["cc_kbc", "attestation_agent/sgx-attester"] cc_kbc_az_snp_vtpm = ["cc_kbc", "attestation_agent/az-snp-vtpm-attester"] +cc_kbc_az_tdx_vtpm = ["cc_kbc", "attestation_agent/az-tdx-vtpm-attester"] cc_kbc_snp = ["cc_kbc", "attestation_agent/snp-attester"] eaa_kbc = ["attestation_agent/eaa_kbc"] diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml index 803b4009f..ca1a994e2 100644 --- a/attestation-agent/attester/Cargo.toml +++ b/attestation-agent/attester/Cargo.toml @@ -9,6 +9,7 @@ edition = "2021" anyhow.workspace = true async-trait.workspace = true az-snp-vtpm = { version = "0.4", default-features = false, features = ["attester"], optional = true } +az-tdx-vtpm = { version = "0.4", default-features = false, features = ["attester"], optional = true } base64.workspace = true kbs-types.workspace = true log.workspace = true @@ -31,11 +32,12 @@ tokio.workspace = true [features] default = ["all-attesters"] -all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "snp-attester", "csv-attester", "cca-attester"] +all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "az-tdx-vtpm-attester", "snp-attester", "csv-attester", "cca-attester"] tdx-attester = ["tdx-attest-rs"] sgx-attester = ["occlum_dcap"] az-snp-vtpm-attester = ["az-snp-vtpm"] +az-tdx-vtpm-attester = ["az-tdx-vtpm"] snp-attester = ["sev"] csv-attester = ["csv-rs", "codicon", "hyper", "hyper-tls", "tokio"] cca-attester = ["nix"] diff --git a/attestation-agent/attester/src/az_tdx_vtpm/mod.rs b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs new file mode 100644 index 000000000..1f7ca8368 --- /dev/null +++ b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs @@ -0,0 +1,51 @@ +// Copyright (c) 2023 Microsoft Corporation +// +// SPDX-License-Identifier: Apache-2.0 +// + +use super::Attester; +use anyhow::*; +use az_tdx_vtpm::vtpm::Quote as TpmQuote; +use az_tdx_vtpm::{hcl, imds, is_tdx_cvm, vtpm}; +use log::debug; +use serde::{Deserialize, Serialize}; +use std::result::Result::Ok; + +pub fn detect_platform() -> bool { + match is_tdx_cvm() { + Ok(tdx) => tdx, + Err(err) => { + debug!("Couldn't perform Azure TDX platform detection: {err}"); + false + } + } +} + +#[derive(Debug, Default)] +pub struct AzTdxVtpmAttester; + +#[derive(Serialize, Deserialize)] +struct Evidence { + tpm_quote: TpmQuote, + hcl_report: Vec, + td_quote: Vec, +} + +#[async_trait::async_trait] +impl Attester for AzTdxVtpmAttester { + async fn get_evidence(&self, report_data: Vec) -> Result { + let hcl_report_bytes = vtpm::get_report()?; + let hcl_report = hcl::HclReport::new(hcl_report_bytes.clone())?; + let td_report = hcl_report.try_into()?; + let td_quote_bytes = imds::get_td_quote(&td_report)?; + + let tpm_quote = vtpm::get_quote(&report_data)?; + + let evidence = Evidence { + tpm_quote, + hcl_report: hcl_report_bytes, + td_quote: td_quote_bytes, + }; + Ok(serde_json::to_string(&evidence)?) + } +} diff --git a/attestation-agent/attester/src/lib.rs b/attestation-agent/attester/src/lib.rs index b1ade1fb1..cc7f335b7 100644 --- a/attestation-agent/attester/src/lib.rs +++ b/attestation-agent/attester/src/lib.rs @@ -11,6 +11,9 @@ pub mod sample; #[cfg(feature = "az-snp-vtpm-attester")] pub mod az_snp_vtpm; +#[cfg(feature = "az-tdx-vtpm-attester")] +pub mod az_tdx_vtpm; + #[cfg(feature = "cca-attester")] pub mod cca; @@ -40,6 +43,8 @@ impl TryFrom for BoxedAttester { Tee::Sgx => Box::::default(), #[cfg(feature = "az-snp-vtpm-attester")] Tee::AzSnpVtpm => Box::::default(), + #[cfg(feature = "az-tdx-vtpm-attester")] + Tee::AzTdxVtpm => Box::::default(), #[cfg(feature = "cca-attester")] Tee::Cca => Box::::default(), #[cfg(feature = "snp-attester")] @@ -77,6 +82,11 @@ pub fn detect_tee_type() -> Option { return Some(Tee::Sgx); } + #[cfg(feature = "az-tdx-vtpm-attester")] + if az_tdx_vtpm::detect_platform() { + return Some(Tee::AzTdxVtpm); + } + #[cfg(feature = "az-snp-vtpm-attester")] if az_snp_vtpm::detect_platform() { return Some(Tee::AzSnpVtpm); diff --git a/attestation-agent/kbc/Cargo.toml b/attestation-agent/kbc/Cargo.toml index 591e11df4..870196fb3 100644 --- a/attestation-agent/kbc/Cargo.toml +++ b/attestation-agent/kbc/Cargo.toml @@ -41,6 +41,7 @@ all-attesters = ["kbs_protocol?/all-attesters"] tdx-attester = ["kbs_protocol/tdx-attester"] sgx-attester = ["kbs_protocol/sgx-attester"] az-snp-vtpm-attester= ["kbs_protocol/az-snp-vtpm-attester"] +az-tdx-vtpm-attester= ["kbs_protocol/az-tdx-vtpm-attester"] snp-attester = ["kbs_protocol/snp-attester"] cca-attester = ["kbs_protocol/cca-attester"] diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml index 60171537b..eb2761d7f 100644 --- a/attestation-agent/kbs_protocol/Cargo.toml +++ b/attestation-agent/kbs_protocol/Cargo.toml @@ -48,6 +48,7 @@ all-attesters = ["attester/all-attesters"] tdx-attester = ["attester/tdx-attester"] sgx-attester = ["attester/sgx-attester"] az-snp-vtpm-attester = ["attester/az-snp-vtpm-attester"] +az-tdx-vtpm-attester = ["attester/az-tdx-vtpm-attester"] snp-attester = ["attester/snp-attester"] csv-attester = ["attester/csv-attester"] cca-attester = ["attester/cca-attester"] diff --git a/attestation-agent/lib/Cargo.toml b/attestation-agent/lib/Cargo.toml index fbf9d90d1..2aa5c7ce3 100644 --- a/attestation-agent/lib/Cargo.toml +++ b/attestation-agent/lib/Cargo.toml @@ -31,6 +31,7 @@ all-attesters = ["kbc/all-attesters", "kbs_protocol?/all-attesters", "attester/a tdx-attester = ["kbc/tdx-attester", "kbs_protocol/tdx-attester", "attester/tdx-attester"] sgx-attester = ["kbc/sgx-attester", "kbs_protocol/sgx-attester", "attester/sgx-attester"] az-snp-vtpm-attester = ["kbc/az-snp-vtpm-attester", "kbs_protocol/az-snp-vtpm-attester", "attester/az-snp-vtpm-attester"] +az-tdx-vtpm-attester = ["kbc/az-tdx-vtpm-attester", "kbs_protocol/az-tdx-vtpm-attester", "attester/az-tdx-vtpm-attester"] snp-attester = ["kbc/snp-attester", "kbs_protocol/snp-attester", "attester/snp-attester"] sample_kbc = ["kbc/sample_kbc"]