diff --git i/stage0/src/lib.rs w/stage0/src/lib.rs index 738e661129..eca200f99e 100644 --- i/stage0/src/lib.rs +++ w/stage0/src/lib.rs @@ -111,7 +111,7 @@ pub fn rust64_start() -> ! { P::early_initialize_platform(); logging::init_logging::

(); - log::info!("starting..."); + log::info!("starting (no attestation)..."); // Safety: we assume there won't be any other hardware devices using the fw_cfg // IO ports. let mut fwcfg = unsafe { fw_cfg::FwCfg::new(&BOOT_ALLOC) }.expect("fw_cfg device not found!"); @@ -196,11 +196,11 @@ pub fn rust64_start() -> ! { // Use the root derived key as the UDS (unique device secret) for deriving // sealing keys. - let mut uds: DerivedKey = P::get_derived_key().expect("couldn't get derived key"); + //let mut uds: DerivedKey = P::get_derived_key().expect("couldn't get derived key"); - let mut cdi = derive_sealing_cdi(&uds, &stage0_event_proto); + //let mut cdi = derive_sealing_cdi(&uds, &stage0_event_proto); // Zero out the UDS. - uds.zeroize(); + //uds.zeroize(); // Generate Stage0 Event Log data. let stage0_event = oak_stage0_dice::encode_stage0_event(stage0_event_proto); @@ -238,9 +238,9 @@ pub fn rust64_start() -> ! { .eca_private_key .zeroize(); - attestation_data_struct.layer_1_cdi.cdi[..].copy_from_slice(&cdi[..]); + //attestation_data_struct.layer_1_cdi.cdi[..].copy_from_slice(&cdi[..]); // Zero out the copy of the sealing CDIs. - cdi.zeroize(); + //cdi.zeroize(); let attestation_data = Box::leak(Box::new_in(attestation_data_struct, &crate::BOOT_ALLOC)); diff --git i/stage0_sev/src/platform/dice_attestation.rs w/stage0_sev/src/platform/dice_attestation.rs index 842ed3dc2e..75cec40bef 100644 --- i/stage0_sev/src/platform/dice_attestation.rs +++ w/stage0_sev/src/platform/dice_attestation.rs @@ -46,10 +46,10 @@ pub fn init_guest_message_encryptor() -> Result<(), &'static str> { // Once the we have read VMPCK0 we wipe it so that later boot stages cannot // request attestation reports or derived sealing keys for VMPL0. This stops // later boot stages from creating counterfeit DICE chains. - key.zeroize(); + //key.zeroize(); // The sev-guest driver in the upstream kernel does not initialize with such // an empty vmpck. So we fill it up with 0xFF. - key.fill(0xFF); + //key.fill(0xFF); Ok(()) } @@ -88,7 +88,7 @@ pub fn get_attester() -> Result { } fn get_attestation(report_data: [u8; REPORT_DATA_SIZE]) -> Result { - if super::sev_status().contains(SevStatus::SNP_ACTIVE) { + if false { // super::sev_status().contains(SevStatus::SNP_ACTIVE) { let mut report_request = AttestationRequest::new(); report_request.report_data = report_data; let attestation_response: AttestationResponse = send_guest_message_request(report_request)?;