Update tdx code to new crate revision

Signed-off-by: Magnus Kulke <[email protected]>
confidential-containers · Nov 27, 2023 · f073d24 · f073d24
1 parent ea2f775
commit f073d24
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 42 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/attestation-agent/README.md b/attestation-agent/README.md
@@ -124,6 +124,7 @@ CC KBC supports different kinds of hardware TEE attesters, now
 | sgx-attester        | Intel SGX DCAP              |
 | snp-attester        | AMD SEV-SNP                 |
 | az-snp-vtpm-attester| Azure SEV-SNP CVM           |
+| az-tdx-vtpm-attester| Azure TDX CVM               |
 | cca-attester        | Arm Confidential Compute Architecture (CCA)  |
 
 To build cc kbc with all available attesters and install, use

diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
@@ -9,7 +9,7 @@ edition = "2021"
 anyhow.workspace = true
 async-trait.workspace = true
 az-snp-vtpm = { version = "0.3.0", default-features = false, features = ["attester"], optional = true }
-az-tdx-vtpm = { git = "https://github.com/mkulke/azure-cvm-tooling", rev = "88775fc", default-features = false, features = ["attester"], optional = true }
+az-tdx-vtpm = { git = "https://github.com/mkulke/azure-cvm-tooling", rev = "3601b59", default-features = false, features = ["attester"], optional = true }
 base64.workspace = true
 kbs-types.workspace = true
 log.workspace = true

diff --git a/attestation-agent/attester/src/az_tdx_vtpm/mod.rs b/attestation-agent/attester/src/az_tdx_vtpm/mod.rs
@@ -15,7 +15,7 @@ pub fn detect_platform() -> bool {
     match is_tdx_cvm() {
         Ok(tdx) => tdx,
         Err(err) => {
-            debug!("Failed to retrieve HCL report from TPM: {err}");
+            debug!("Couldn't perform Azure TDX platform detection: {err}");
             false
         }
     }
@@ -28,24 +28,23 @@ pub struct AzTdxVtpmAttester;
 struct Evidence {
     tpm_quote: TpmQuote,
     hcl_report: Vec<u8>,
-    tdx_quote: Vec<u8>,
+    td_quote: Vec<u8>,
 }
 
 #[async_trait::async_trait]
 impl Attester for AzTdxVtpmAttester {
     async fn get_evidence(&self, report_data: Vec<u8>) -> Result<String> {
         let hcl_report_bytes = vtpm::get_report()?;
         let hcl_report = hcl::HclReport::new(hcl_report_bytes.clone())?;
-        let tdx_report_slice = hcl_report.tdx_report_slice();
-        let report_body = imds::ReportBody::new(tdx_report_slice);
-        let tdx_quote_bytes = imds::get_td_quote(report_body)?;
+        let td_report = hcl_report.try_into()?;
+        let td_quote_bytes = imds::get_td_quote(&td_report)?;
 
         let tpm_quote = vtpm::get_quote(&report_data)?;
 
         let evidence = Evidence {
             tpm_quote,
             hcl_report: hcl_report_bytes,
-            tdx_quote: tdx_quote_bytes,
+            td_quote: td_quote_bytes,
         };
         Ok(serde_json::to_string(&evidence)?)
     }