attester: tdx: use TSM reports to generate quotes

Move tdx attester to primarily use TSM reports to get the quotes generated. The ioctl() based get-quote mechanisms have never been upstreamed so they can be considered 'deprecated'. However, a feature switch is added to keep the old functionality available for now. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Jan 22, 2024 · 0c531b0 · 0c531b0
1 parent 15a144c
commit 0c531b0
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 14 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
@@ -13,6 +13,7 @@ az-tdx-vtpm = { version = "0.4", default-features = false, features = ["attester
 base64.workspace = true
 kbs-types.workspace = true
 log.workspace = true
+cfg-if.workspace = true
 nix = {version = "0.26.2", optional = true }
 occlum_dcap = { git = "https://github.com/occlum/occlum", tag = "v0.29.7", optional = true }
 serde.workspace = true
@@ -44,7 +45,8 @@ all-attesters = ["tdx-attester", "sgx-attester", "az-snp-vtpm-attester", "az-tdx
 # quotes. It's an unconditional dependency for tdx-attester since that is the only way to
 # generate TDX quotes with upstream kernels.
 tsm-report = ["tempfile"]
-tdx-attester = ["tdx-attest-rs"]
+tdx-attester = ["tsm-report", "tdx-getquote-ioctl"]
+tdx-getquote-ioctl = ["tdx-attest-rs"]
 sgx-attester = ["occlum_dcap"]
 az-snp-vtpm-attester = ["az-snp-vtpm"]
 az-tdx-vtpm-attester = ["az-tdx-vtpm"]

diff --git a/attestation-agent/attester/src/tdx/mod.rs b/attestation-agent/attester/src/tdx/mod.rs
@@ -3,17 +3,48 @@
 // SPDX-License-Identifier: Apache-2.0
 //
 
+use super::tsm_report::*;
 use super::Attester;
 use anyhow::*;
 use base64::Engine;
 use serde::{Deserialize, Serialize};
 use std::path::Path;
+use std::result::Result::Ok;
+
+#[cfg(feature = "tdx-getquote-ioctl")]
 use tdx_attest_rs;
 
 const CCEL_PATH: &str = "/sys/firmware/acpi/tables/data/CCEL";
 
+fn tdx_getquote_ioctl_is_available() -> bool {
+    if cfg!(feature = "tdx-getquote-ioctl") {
+        Path::new("/dev/tdx-attest").exists() || Path::new("/dev/tdx-guest").exists()
+    } else {
+        false
+    }
+}
+
+cfg_if::cfg_if! {
+    if #[cfg(feature = "tdx-getquote-ioctl")] {
+        fn try_getquote_ioctl_or_fail(_e: TsmReportError, report_data: Vec<u8>) -> Result<Vec<u8>> {
+            let tdx_report_data = tdx_attest_rs::tdx_report_data_t {
+                d: report_data.as_slice().try_into()?,
+            };
+
+            match tdx_attest_rs::tdx_att_get_quote(Some(&tdx_report_data), None, None, 0) {
+                (tdx_attest_rs::tdx_attest_error_t::TDX_ATTEST_SUCCESS, Some(q)) => Ok(q),
+                (error_code, _) => bail!("TDX getquote ioctl failed. Error code: {:?}", error_code),
+            }
+        }
+    } else {
+        fn try_getquote_ioctl_or_fail(e: TsmReportError, _report_data: Vec<u8>) -> Result<Vec<u8>> {
+            Err(anyhow!("{}", e))
+        }
+    }
+}
+
 pub fn detect_platform() -> bool {
-    Path::new("/dev/tdx-attest").exists() || Path::new("/dev/tdx-guest").exists()
+    tsm_report_provider_is(TsmReportProvider::Tdx) || tdx_getquote_ioctl_is_available()
 }
 
 #[derive(Serialize, Deserialize)]
@@ -37,20 +68,15 @@ impl Attester for TdxAttester {
 
         report_data.resize(64, 0);
 
-        let tdx_report_data = tdx_attest_rs::tdx_report_data_t {
-            d: report_data.as_slice().try_into()?,
+        let quote_bytes = match TsmReportPath::new() {
+            Ok(tsm) => match tsm.attestation_report(TsmReportData::Tdx(report_data)) {
+                Ok(bytes) => bytes,
+                Err(e) => bail!("TDX Attester: {}", e),
+            },
+            Err(e) => try_getquote_ioctl_or_fail(e, report_data)?,
         };
-
         let engine = base64::engine::general_purpose::STANDARD;
-        let quote = match tdx_attest_rs::tdx_att_get_quote(Some(&tdx_report_data), None, None, 0) {
-            (tdx_attest_rs::tdx_attest_error_t::TDX_ATTEST_SUCCESS, Some(q)) => engine.encode(q),
-            (error_code, _) => {
-                return Err(anyhow!(
-                    "TDX Attester: Failed to get TD quote. Error code: {:?}",
-                    error_code
-                ));
-            }
-        };
+        let quote = engine.encode(quote_bytes);
 
         let cc_eventlog = match std::fs::read(CCEL_PATH) {
             Result::Ok(el) => Some(engine.encode(el)),
@@ -66,6 +92,7 @@ impl Attester for TdxAttester {
             .map_err(|e| anyhow!("Serialize TDX evidence failed: {:?}", e))
     }
 
+    #[cfg(feature = "tdx-getquote-ioctl")]
     async fn extend_runtime_measurement(
         &self,
         events: Vec<Vec<u8>>,