Eventlog Implementation for Stage 0

Change-Id: I7191f049dd814c4a721c02603655fa8a79de9300
project-oak · May 23, 2024 · ec10ad8 · ec10ad8
1 parent 783966f
commit ec10ad8
Show file tree

Hide file tree

Showing 14 changed files with 678 additions and 17 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/enclave_apps/Cargo.lock b/enclave_apps/Cargo.lock
diff --git a/micro_rpc_workspace_test/Cargo.lock b/micro_rpc_workspace_test/Cargo.lock
diff --git a/oak_ml_transparency/runner/Cargo.lock b/oak_ml_transparency/runner/Cargo.lock
diff --git a/oak_proto_rust/BUILD b/oak_proto_rust/BUILD
@@ -29,6 +29,7 @@ rust_library(
         ":build",
         "//micro_rpc",
         "@oak_crates_index//:prost",
+        "@oak_crates_index//:prost-types",
     ],
 )
 
@@ -45,6 +46,7 @@ cargo_build_script(
         "//proto/attestation:attachment_proto",
         "//proto/attestation:dice_proto",
         "//proto/attestation:endorsement_proto",
+        "//proto/attestation:eventlog_proto",
         "//proto/attestation:evidence_proto",
         "//proto/attestation:expected_value_proto",
         "//proto/attestation:reference_value_proto",

diff --git a/oak_proto_rust/Cargo.toml b/oak_proto_rust/Cargo.toml
@@ -9,15 +9,17 @@ default = []
 std = []
 # Generate code to support proto3 JSON mappings with serde, allowing protos to
 # be serialized to JSON.
-json = ["pbjson", "pbjson-build", "serde", "std"]
+json = ["pbjson", "pbjson-types", "pbjson-build", "serde", "std"]
 
 [dependencies]
 micro_rpc = { workspace = true }
 prost = { workspace = true, default-features = false, features = [
   "prost-derive",
 ] }
 pbjson = { version = "*", optional = true }
+pbjson-types = { version = "*", optional = true }
 serde = { version = "*", features = ["derive"], optional = true }
+prost-types = { version = "*", default-features = false }
 
 [build-dependencies]
 micro_rpc_build = { workspace = true }

diff --git a/oak_proto_rust/build.rs b/oak_proto_rust/build.rs
@@ -14,13 +14,32 @@
 // limitations under the License.
 //
 
+const INCLUDED_PROTOS: [&str; 13] = [
+    "..",
+    // We need to include the well-known protos ourselves
+    // From: https://github.com/grpc/grpc/blob/cac1f2727e6975d6bb7426898c97916faa91bdaa/bazel/protobuf.bzl#L21C1-L21C24
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/any_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/api_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/compiler_plugin_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/duration_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/empty_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/field_mask_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/source_context_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/struct_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/timestamp_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/type_proto",
+    "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/wrappers_proto",
+];
+
 fn main() -> Result<(), Box<dyn std::error::Error>> {
     let proto_paths = [
         "../proto/crypto/crypto.proto",
         "../proto/attestation/attachment.proto",
         "../proto/attestation/dice.proto",
         "../proto/attestation/endorsement.proto",
         "../proto/attestation/expected_value.proto",
+        "../proto/attestation/eventlog.proto",
         "../proto/attestation/evidence.proto",
         "../proto/attestation/reference_value.proto",
         "../proto/attestation/verification.proto",
@@ -36,6 +55,8 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     config.btree_map(["."]);
 
+    println!("cargo:rerun-if-env-changed=CARGO_FEATURE_JSON");
+
     #[cfg(feature = "json")]
     let descriptor_path =
         std::path::PathBuf::from(std::env::var("OUT_DIR").expect("could not get OUT_DIR"))
@@ -49,14 +70,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .compile_well_known_types()
         .extern_path(".google.protobuf", "::pbjson_types");
 
-    config
-        .compile_protos(&proto_paths, &[
-            "..",
-            // We need to include the well-known protos ourselves
-            "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/empty_proto",
-            "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto",
-        ])
-        .expect("proto compilation failed");
+    config.compile_protos(&proto_paths, &INCLUDED_PROTOS).expect("proto compilation failed");
 
     #[cfg(feature = "json")]
     pbjson_build::Builder::new()
@@ -68,11 +82,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     micro_rpc_build::compile(
         &["../proto/oak_functions/testing.proto", "../proto/crypto/crypto.proto"],
-        &[
-            "..",
-            // We need to include the well-known protos ourselves
-            "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto",
-        ],
+        &INCLUDED_PROTOS,
         Default::default(),
     );
 

diff --git a/oak_proto_rust/src/lib.rs b/oak_proto_rust/src/lib.rs
@@ -1,3 +1,4 @@
+//
 // Copyright 2024 The Project Oak Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,6 +42,28 @@ pub mod oak {
     pub mod attestation {
         pub mod v1 {
             include_proto!("oak.attestation.v1");
+            extern crate alloc;
+            use alloc::{format, string::String};
+
+            use prost::Name;
+
+            const PACKAGE: &str = "oak.attestation.v1";
+
+            /// Compute the type URL for the given `oak.attestation.v1` type,
+            /// using `type.googleapis.com` as the authority for the
+            /// URL.
+            fn type_url_for<T: Name>() -> String {
+                format!("type.googleapis.com/{}.{}", T::PACKAGE, T::NAME)
+            }
+
+            impl Name for Stage0Measurements {
+                const PACKAGE: &'static str = PACKAGE;
+                const NAME: &'static str = "Stage0";
+
+                fn type_url() -> String {
+                    type_url_for::<Self>()
+                }
+            }
         }
     }
 
@@ -70,3 +93,31 @@ pub mod oak {
         }
     }
 }
+
+/// Well known proto messages use a different type depending on whether JSON
+/// mappings are enabled. This can cause type checking issues when this crate
+/// is used. To address this we export relevant utilites whose implementation
+/// depends on which feature is set for this crate.
+/// This is similiar to the approach taken by serde for an analogous issue: https://docs.rs/serde/1.0.186/src/serde/integer128.rs.html#71-75
+pub mod well_known {
+    // Copied implementation from prost types: https://github.com/tokio-rs/prost/blob/d42c85e790263f78f6c626ceb0dac5fda0edcb41/prost-types/src/any.rs#L4
+    // as pbjson-types's Any does not implenment a similiar function.
+    #[cfg(feature = "json")]
+    pub fn any_from_msg<M>(msg: &M) -> Result<pbjson_types::Any, prost::EncodeError>
+    where
+        M: prost::Name,
+    {
+        let type_url = M::type_url();
+        let mut value = Vec::new();
+        prost::Message::encode(msg, &mut value)?;
+        Ok(pbjson_types::Any { type_url, value: value.into() })
+    }
+
+    #[cfg(not(feature = "json"))]
+    pub fn any_from_msg<M>(msg: &M) -> Result<prost_types::Any, prost::EncodeError>
+    where
+        M: prost::Name,
+    {
+        prost_types::Any::from_msg(msg)
+    }
+}
diff --git a/oak_restricted_kernel_bin/Cargo.lock b/oak_restricted_kernel_bin/Cargo.lock
diff --git a/proto/attestation/BUILD b/proto/attestation/BUILD
@@ -146,6 +146,17 @@ java_proto_library(
     deps = [":verification_proto"],
 )
 
+proto_library(
+    name = "eventlog_proto",
+    srcs = ["eventlog.proto"],
+    deps = ["@com_google_protobuf//:any_proto"],
+)
+
+cc_proto_library(
+    name = "eventlog_cc_proto",
+    deps = [":eventlog_proto"],
+)
+
 build_test(
     name = "build_test",
     targets = [
@@ -155,6 +166,8 @@ build_test(
         ":dice_proto",
         ":dice_cc_proto",
         ":dice_java_proto",
+        ":eventlog_proto",
+        ":eventlog_cc_proto",
         ":endorsement_proto",
         ":endorsement_cc_proto",
         ":endorsement_java_proto",

diff --git a/proto/attestation/eventlog.proto b/proto/attestation/eventlog.proto
@@ -0,0 +1,60 @@
+//
+// Copyright 2024 The Project Oak Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+syntax = "proto3";
+
+package oak.attestation.v1;
+
+import "google/protobuf/any.proto";
+
+option go_package = "proto/oak/attestation/v1";
+option java_multiple_files = true;
+option java_package = "com.google.oak.attestation.v1";
+
+// All the related measurements for Stage 0.
+message Stage0Measurements {
+  // Kernel setup data digest.
+  bytes setup_data_digest = 1;
+  // Kernel digest.
+  bytes kernel_measurement = 2;
+  // Initial RAM disk digest.
+  bytes ram_disk_digest = 3;
+  // E820 table digest.
+  bytes memory_map_digest = 4;
+  // ACPI table generation digest
+  bytes acpi_digest = 5;
+  // Kernel Command line.
+  string kernel_cmdline = 6;
+}
+
+// Represents an event intended for inclusion in attestation.
+// For example, in an attested measured boot, each event is a reference to the
+// code identity of the boot layer being launched next.
+// An Event message contain what's necessary for an attestation verifier to
+// verify the Event against a Reference Value.
+// TODO: b/333748757 - Make other CB layers use this definition.
+message Event {
+  // Represents what is contained in the event. For example, the tag for
+  // TaskConfig for the Layer 2 is "layer2".
+  // TODO: b/333748757 - Consider making the tag a UUID instead of string.
+  string tag = 1;
+  google.protobuf.Any event = 2;
+}
+
+// A sequence of Events intended for inclusion in attestation evidence.
+message EventLog {
+  repeated Event events = 1;
+}
diff --git a/stage0/Cargo.toml b/stage0/Cargo.toml
@@ -17,9 +17,11 @@ oak_core = { path = "../oak_core", default-features = false }
 oak_dice = { workspace = true }
 oak_stage0_dice = { workspace = true }
 oak_linux_boot_params = { path = "../oak_linux_boot_params" }
+oak_proto_rust = { workspace = true }
 oak_sev_guest = { workspace = true, features = ["rust-crypto"] }
 oak_sev_snp_attestation_report = { workspace = true }
 p256 = { version = "*", default-features = false, features = ["ecdsa"] }
+prost = { version = "*", default-features = false, features = ["prost-derive"] }
 rand_core = { version = "*", default-features = false, features = [
   "getrandom",
 ] }