Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Linux kernel 6.x to fetch attestation report #1886

Merged
merged 2 commits into from
Nov 13, 2023
Merged

Add support for Linux kernel 6.x to fetch attestation report #1886

merged 2 commits into from
Nov 13, 2023

Conversation

takuro-sato
Copy link
Contributor

@takuro-sato takuro-sato commented Sep 5, 2023
edited
Loading

Add support for Linux kernel 6.x to fetch attestation report.
Because I can't add tests which require SNP VM under amdsevsnp package, I tested the change in the following way.

Build test for fetching report

git apply --ignore-space-change <<EOF
diff --git a/pkg/amdsevsnp/report_test.go b/pkg/amdsevsnp/report_test.go
index e42af6de..65acbc91 100644
--- a/pkg/amdsevsnp/report_test.go
+++ b/pkg/amdsevsnp/report_test.go
@@ -4,6 +4,7 @@
 package amdsevsnp
 
 import (
+       "encoding/hex"
        "testing"
 )
 
@@ -51,3 +52,24 @@ func Test_Mirror_Nil_Slice(t *testing.T) {
                t.Fatalf("expected nil slice, got: %+v", result)
        }
 }
+
+func Test_Fetch_Report(t *testing.T) {
+       const REPORT_DATA_SIZE = 64
+       const REPORT_DATA_OFFSET = 80
+       // Report data for test
+       reportData := [REPORT_DATA_SIZE]byte{}
+       for i := 0; i < REPORT_DATA_SIZE; i++ {
+               reportData[i] = byte(i)
+       }
+       reportBytes, err := FetchRawSNPReport(reportData[:])
+       if err != nil {
+               t.Fatalf("fetching report failed: %v", err)
+       }
+       expectedByteString := hex.EncodeToString(reportData[:])
+
+       if expectedByteString != hex.EncodeToString(reportBytes[REPORT_DATA_OFFSET:REPORT_DATA_OFFSET+REPORT_DATA_SIZE]) {
+               t.Fatalf("report data doesn't match: expected: %s, actual: %s", expectedByteString, hex.EncodeToString(reportBytes[REPORT_DATA_OFFSET:REPORT_DATA_OFFSET+REPORT_DATA_SIZE]))
+       }
+
+       t.Logf("Report contents: %s\n", hex.EncodeToString(reportBytes))
+}
EOF

cd pkg/amdsevsnp/
CGO_ENABLED=0 go test -c

Run test

Copy amdsevsnp.test to a SNV VM first.

./amdsevsnp.test -test.v

It was tested in both 5.x and 6.x

@takuro-sato
Add support for Linux kernel 6.x to fetch attestation report
ef405b8 
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
@takuro-sato takuro-sato requested a review from a team as a code owner September 5, 2023 12:54
@takuro-sato takuro-sato marked this pull request as draft September 5, 2023 12:55
@takuro-sato takuro-sato marked this pull request as ready for review September 5, 2023 13:55
KenGordon
KenGordon reviewed Sep 7, 2023
View reviewed changes
internal/guest/linux/ioctl.go Outdated
@@ -46,3 +46,10 @@ func Ioctl(f *os.File, command int, dataPtr unsafe.Pointer) error {
}
return nil
}

// Ported from _IOWR macro.
// Returns value for `command` parameter in Ioctl().
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't have this function as it may be construed as a derived work.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hard wire the results. We will get rid of the 5.15 path very soon.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Tested it again in in both 5.x and 6.x.

@takuro-sato
Hard code ioctl code
e9faf43 
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
KenGordon
KenGordon approved these changes Sep 7, 2023
View reviewed changes
Copy link
Collaborator

@KenGordon KenGordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me.

helsaawy
helsaawy reviewed Sep 18, 2023
View reviewed changes
Copy link
Contributor

@helsaawy helsaawy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add Test_Fetch_Report regardless and add a skip to the start of it:

func Test_Fetch_Report(t *testing.T) {
    if !isSNPVM6() {
        t.Skip("SNP is required")
    }
 
   // ...
}

that way we have the test if we ever set up SNP VMs, or want to test for regressions

pkg/amdsevsnp/report.go Show resolved Hide resolved
KenGordon added a commit to KenGordon/hcsshim that referenced this pull request Oct 24, 2023
@KenGordon
PR microsoft#1886 changes which are required or gcs cannot start on 6.1
27d4acc 
Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
darracott pushed a commit to KenGordon/hcsshim that referenced this pull request Oct 30, 2023
@KenGordon @darracott
PR microsoft#1886 changes which are required or gcs cannot start on 6.1
e12464a 
Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>
@helsaawy helsaawy merged commit 654620c into microsoft:main Nov 13, 2023
16 checks passed
helsaawy pushed a commit that referenced this pull request Dec 28, 2023
@darracott @KenGordon
SNP Direct DM-Verity Boot (#1952)
4fd5f02 
* Working DM-Verity boot using 5..15 kernel

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Working to boot 6.1 or 5.15 kernels with vhd supplied userland and merkle tree.

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* PR #1886 changes which are required or gcs cannot start on 6.1

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Use "modern" igvm tooling from github repo.

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up Makefile

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Add boot doc

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Remove startup_2 as it is now redundant

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Tidying

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* print opts

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* debug

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* debug

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Remove extra err

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Rm fmt

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up startups

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Kick CI

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Add HvSock port annotation

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up merge

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Mark ups pre-rebasing

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* gofmt

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* More concise Makefile snp target

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Apply nits

Signed-off-by: Joe Powell <joepowell@microsoft.com>

---------

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>
Co-authored-by: Ken Gordon <Ken.Gordon@microsoft.com>
princepereira pushed a commit to princepereira/hcsshim that referenced this pull request Aug 29, 2024
@darracott @KenGordon
SNP Direct DM-Verity Boot (microsoft#1952)
318b9dd 
* Working DM-Verity boot using 5..15 kernel

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Working to boot 6.1 or 5.15 kernels with vhd supplied userland and merkle tree.

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* PR microsoft#1886 changes which are required or gcs cannot start on 6.1

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Use "modern" igvm tooling from github repo.

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up Makefile

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Add boot doc

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Remove startup_2 as it is now redundant

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Tidying

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* print opts

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* debug

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* debug

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Remove extra err

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Rm fmt

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up startups

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Kick CI

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Add HvSock port annotation

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Clean up merge

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Mark ups pre-rebasing

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* gofmt

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* More concise Makefile snp target

Signed-off-by: Joe Powell <joepowell@microsoft.com>

* Apply nits

Signed-off-by: Joe Powell <joepowell@microsoft.com>

---------

Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Joe Powell <joepowell@microsoft.com>
Co-authored-by: Ken Gordon <Ken.Gordon@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KenGordon KenGordon KenGordon approved these changes

@anmaxvl anmaxvl anmaxvl approved these changes

@helsaawy helsaawy helsaawy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@takuro-sato @anmaxvl @KenGordon @helsaawy