Skip to content

Commit

Permalink
Add guestFeatures as arg for public functions
Browse files Browse the repository at this point in the history 
This implements the changes from upstream:
virtee/sev-snp-measure#32
  • Loading branch information
@derpsteb
derpsteb committed Feb 6, 2024
1 parent b550c75 commit 1d37c07
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 15 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/upstream-equivalence.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
repository: edgelesssys/sev-snp-measure-go.git
ref: main
ref: ${{ github.ref_name }}
path: sev-snp-measure-go

- name: Run sev-snp-measure
Expand Down
3 changes: 2 additions & 1 deletion e2e/upstream_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@ func TestCompatibility(t *testing.T) {
ovmfHash, err := guest.OVMFHash(ovmfObj)
require.NoError(err, "calculating OVMF hash: %s", err)

digest, err := guest.LaunchDigestFromOVMF(ovmfObj, entry.vcpus, ovmfHash)
// Documentation for guestFeatures value: https://github.com/virtee/sev-snp-measure/pull/32/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R126.
digest, err := guest.LaunchDigestFromOVMF(ovmfObj, 0x21, entry.vcpus, ovmfHash)
require.NoError(err, "calculating launch digest: %s", err)

assert.True(bytes.Equal(digest, entry.measurement), "expected hash %x, got %x", entry.measurement, digest)
Expand Down
12 changes: 6 additions & 6 deletions guest/guest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,17 @@ import (
)

// LaunchDigestFromOVMF calculates a launch digest from a MetadataWrapper object.
func LaunchDigestFromMetadataWrapper(wrapper ovmf.MetadataWrapper, vcpuCount int) ([]byte, error) {
return launchDigest(wrapper.MetadataItems, wrapper.ResetEIP, vcpuCount, wrapper.OVMFHash)
func LaunchDigestFromMetadataWrapper(wrapper ovmf.MetadataWrapper, guestFeatures uint64, vcpuCount int) ([]byte, error) {
return launchDigest(wrapper.MetadataItems, wrapper.ResetEIP, guestFeatures, vcpuCount, wrapper.OVMFHash)
}

// LaunchDigestFromOVMF calculates a launch digest from an OVMF object and an ovmfHash.
func LaunchDigestFromOVMF(ovmfObj ovmf.OVMF, vcpuCount int, ovmfHash []byte) ([]byte, error) {
func LaunchDigestFromOVMF(ovmfObj ovmf.OVMF, guestFeatures uint64, vcpuCount int, ovmfHash []byte) ([]byte, error) {
resetEIP, err := ovmfObj.SevESResetEIP()
if err != nil {
return nil, fmt.Errorf("getting reset EIP: %w", err)
}
return launchDigest(ovmfObj.MetadataItems(), resetEIP, vcpuCount, ovmfHash)
return launchDigest(ovmfObj.MetadataItems(), resetEIP, guestFeatures, vcpuCount, ovmfHash)
}

func OVMFHash(ovmfObj ovmf.OVMF) ([]byte, error) {
Expand All @@ -40,7 +40,7 @@ func OVMFHash(ovmfObj ovmf.OVMF) ([]byte, error) {
}

// launchDigest calculates the launch digest from metadata and ovmfHash for a SNP guest.
func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, vcpuCount int, ovmfHash []byte) ([]byte, error) {
func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, guestFeatures uint64, vcpuCount int, ovmfHash []byte) ([]byte, error) {
guestCtx := gctx.New(ovmfHash)

if err := snpUpdateMetadataPages(guestCtx, metadata, vmmtypes.EC2); err != nil {
Expand All @@ -49,7 +49,7 @@ func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, vcpuCount in

// Add support for flags {vcpus_family, vcpu_sig, vcpu_type} here, if relevant.
// Use cpuid pkg.
vmsaObj, err := vmsa.New(resetEIP, 0, vmmtypes.EC2)
vmsaObj, err := vmsa.New(resetEIP, guestFeatures, 0, vmmtypes.EC2)
if err != nil {
return nil, fmt.Errorf("creating VMSA: %w", err)
}
Expand Down
4 changes: 2 additions & 2 deletions guest/guest_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func TestLaunchDigestFromOVMF(t *testing.T) {
ovmfObj, err := ovmf.New(tc.ovmfPath)
require.NoError(err)

launchDigest, err := LaunchDigestFromOVMF(ovmfObj, tc.vcpuCount, hash)
launchDigest, err := LaunchDigestFromOVMF(ovmfObj, 0x1, tc.vcpuCount, hash)
if tc.wantErr {
assert.Error(err)
} else {
Expand Down Expand Up @@ -101,7 +101,7 @@ func TestLaunchDigestFromMetadataWrapper(t *testing.T) {
err = json.Unmarshal(data, &apiObject)
require.NoError(err)

launchDigest, err := LaunchDigestFromMetadataWrapper(apiObject, tc.vcpuCount)
launchDigest, err := LaunchDigestFromMetadataWrapper(apiObject, 0x1, tc.vcpuCount)
if tc.wantErr {
assert.Error(err)
} else {
Expand Down
10 changes: 5 additions & 5 deletions vmsa/vmsa.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ type SevEsSaveArea struct {
Unused [2448]uint8
}

func BuildSaveArea(eip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsSaveArea, error) {
func BuildSaveArea(eip uint32, guestFeatures uint64, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsSaveArea, error) {
var csFlags, ssFlags, trFlags uint16
var rdx uint64
switch vmmType {
Expand Down Expand Up @@ -185,7 +185,7 @@ func BuildSaveArea(eip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsS
Rip: uint64(eip & 0xffff),
GPat: 0x7040600070406, // PAT MSR: See AMD APM Vol 2, Section A.3.
Rdx: rdx,
SevFeatures: 0x1, // Make this configurable if we want to support other modes than SEV-SNP.
SevFeatures: guestFeatures, // Documentation: https://github.com/virtee/sev-snp-measure/pull/32/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R125.
Xcr0: 0x1,
}, nil
}
Expand All @@ -195,14 +195,14 @@ type VMSA struct {
ApSaveArea SevEsSaveArea
}

func New(apEip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (VMSA, error) {
bspSaveArea, err := BuildSaveArea(BspEIP, vcpuSig, vmmType)
func New(apEip uint32, guestFeatures uint64, vcpuSig uint64, vmmType vmmtypes.VMMType) (VMSA, error) {
bspSaveArea, err := BuildSaveArea(BspEIP, guestFeatures, vcpuSig, vmmType)
if err != nil {
return VMSA{}, err
}
var apSaveArea SevEsSaveArea
if apEip != 0 {
apSaveArea, err = BuildSaveArea(apEip, vcpuSig, vmmType)
apSaveArea, err = BuildSaveArea(apEip, guestFeatures, vcpuSig, vmmType)
if err != nil {
return VMSA{}, err
}
Expand Down

0 comments on commit 1d37c07

Please sign in to comment.