Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add task to calculate launch digest #15

Merged
merged 1 commit into from
Sep 29, 2023
Merged

Add task to calculate launch digest #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ ansible>=8.4.0
black>=23.9.1
invoke>=2.1.0
python-language-server[all]
sev-snp-measure>=0.0.7
2 changes: 2 additions & 0 deletions tasks/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from . import knative
from . import kubeadm
from . import operator
from . import sev

ns = Collection(
apps,
Expand All @@ -24,4 +25,5 @@
knative,
kubeadm,
operator,
sev,
)
58 changes: 58 additions & 0 deletions tasks/sev.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
from invoke import task
from json import loads as json_loads
from os.path import join
from sevsnpmeasure import guest
from sevsnpmeasure.sev_mode import SevMode
from sevsnpmeasure.vmm_types import VMMType
from sevsnpmeasure.vcpu_types import cpu_sig as sev_snp_cpu_sig
from subprocess import run
from tasks.util.env import KATA_CONFIG_DIR
from tasks.util.toml import read_value_from_toml


@task
def get_launch_digest(ctx, mode="sev"):
"""
Calculate the SEV launch digest from the CoCo configuration file

To calculate the launch digest we use the sev-snp-measure tool:
https://github.com/virtee/sev-snp-measure
"""
# Get CPU information
cpu_json_str = (
run("lscpu --json", shell=True, check=True, capture_output=True)
.stdout.decode("utf-8")
.strip()
)
cpu_json = json_loads(cpu_json_str)
cpu_fields = {"CPU family:": None, "Model:": None, "Stepping:": None}
for field in cpu_fields:
data = next(
filter(
lambda _dict: _dict["field"] == field,
[entry for entry in cpu_json["lscpu"]],
),
None,
)["data"]
cpu_fields[field] = data
cpu_sig = sev_snp_cpu_sig(
int(cpu_fields["CPU family:"]),
int(cpu_fields["Model:"]),
int(cpu_fields["Stepping:"]),
)

# Pick the right configuration file
toml_path = join(KATA_CONFIG_DIR, "configuration-qemu-{}.toml".format(mode))

# Finally, calculate the launch digest
ld = guest.calc_launch_digest(
mode=SevMode.SEV,
vcpus=read_value_from_toml(toml_path, "hypervisor.qemu.default_vcpus"),
vcpu_sig=cpu_sig,
ovmf_file=read_value_from_toml(toml_path, "hypervisor.qemu.firmware"),
kernel=read_value_from_toml(toml_path, "hypervisor.qemu.kernel"),
initrd=read_value_from_toml(toml_path, "hypervisor.qemu.initrd"),
append=read_value_from_toml(toml_path, "hypervisor.qemu.kernel_params"),
vmm_type=VMMType.QEMU,
)
print("Calculated measurement:", ld.hex())