Skip to content

Commit

Permalink
Google TPM: initial commit to support Google vTPM
Browse files Browse the repository at this point in the history
Signed-off-by: Linda <[email protected]>
  • Loading branch information
lindaO0O committed May 22, 2024
1 parent a64ef00 commit 9ecf1db
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 11 deletions.
33 changes: 23 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ This SDK simplifies the process of creating secure and trusted virtual machines
## 2. Features

- Support Attestation through Integrity Measurement Architecture (IMA): Ensure the integrity of Confidential Virtual Machine (CVM) instances through robust attestation mechanisms leveraging Integrity Measurement Architecture (IMA). It provides trusted primitives (measurement, eventlog, quote) of CVM. All below steps are supposed to run in a CVM, such as Intel® TD.

- Support `cloud-init` for seamless initial state setting for CVMs: Utilize `cloud-init` for effortless setup of initial states for Confidential Virtual Machines (CVMs), ensuring a smooth and consistent bootstrapping process.

- Support `Terraform`-alike deployment: Facilitate easy and efficient deployment of Confidential Virtual Machines (CVMs) with support for Terraform-like infrastructure provisioning.

- Support seamless Transformation of Ubuntu and Debian Images into CVM Images: Effortlessly convert regular Ubuntu and Debian images into secure and trusted Confidential Virtual Machine (CVM) images, ensuring compatibility and reliability.

- Support Rust and Python modes
Expand All @@ -27,8 +27,9 @@ This SDK simplifies the process of creating secure and trusted virtual machines

## 3. Getting Started

VMSDK is supposed to provide VM image rewrite to CVM image, and provide trusted primitives (measurement, eventlog, quote) of CVM.
All below steps are supposed to run in a CVM, such as Intel® TD.
VMSDK is supposed to provide VM image rewrite to CVM image, and provide trusted primitives (measurement, eventlog, quote)
of CVM.
All below steps are supposed to run in a CVM, such as Intel® TD with native CCEL and RTMR as trusted foundation.

### Installation

Expand All @@ -48,7 +49,7 @@ $ source setupenv.sh

### Run CLI tool

It provides 3 CLI tools for quick usage of Python VMSDK.
It provides 3 CLI tools for quick usage of Python VMSDK.

- [cc_event_log_cli.py](./src/python/cc_event_log_cli.py): Print event log of CVM.
- [cc_imr_cli.py](./src/python/cc_imr_cli.py): Print algorithm and hash od Integrity Measurement Registers (IMR).
Expand Down Expand Up @@ -85,14 +86,26 @@ $ python3 -m pytest -v ./src/python/tests/test_sdk.py

_NOTE: The tests need to run via root user._

### Test the CVM image

```
$ ./qemu-test.sh -i /path-to-your-cvm-qcow2/td.qcow2 -k /path-to-your-td-guest-os/vmlinuz -r /dev/vda1
```
## 4. Run in Google TDX VM environment with vTPM

Google TDX VM does not support CCEL and RTMR yet, but only support vTPM. So this
SDK will get event log and integrated measurement register from vTPM by default.

Please install following pre-requisite for Google TDVM with Ubuntu 22.04 distro:

``
sudo apt install libtss-dev

Check warning on line 98 in README.md

View workflow job for this annotation

GitHub Actions / scan_doc

Unknown word (libtss)
sudo python3 -m pip install tpm2-pytss

Check warning on line 99 in README.md

View workflow job for this annotation

GitHub Actions / scan_doc

Unknown word (pytss)
``

- Dump the PCR (IMR) in Google' TDX instance as follows:
![](/docs/gogle_tdx_tpm_dump_imr.png)

- Dump the TPM event log in Google's TDX instance as follows:
![](/docs/gogle_tdx_tpm_dump_eventlog.png)

## 4. License
## 5. License
This project is licensed under the Apache 2.0 License.

## 5. Contact
Expand Down
Binary file added docs/gogle_tdx_tpm_dump_eventlog.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/gogle_tdx_tpm_dump_imr.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion src/python/cc_event_log_cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def main():
LOG.info("Replayed result of collected event logs:")
# pylint: disable-next=C0201
for key in res.keys():
LOG.info("RTMR[%d]: ", key)
LOG.info("IMR[%d]: ", key)
LOG.info(" %s", res.get(key).get(12).hex())

LOG.info("Dump collected event logs:")
Expand Down
41 changes: 41 additions & 0 deletions src/python/cctrusted_vm/cvm.py
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ def detect_cc_type():
for devpath in TdxVM.DEVICE_NODE_PATH.values():
if os.path.exists(devpath):
return CCTrustedApi.TYPE_CC_TDX
if os.path.exists(TpmVM.DEFAULT_TPM_DEVICE_NODE):
return CCTrustedApi.TYPE_CC_TPM
return CCTrustedApi.TYPE_CC_NONE

@abstractmethod
Expand Down Expand Up @@ -233,6 +235,8 @@ def inst():
cc_type = ConfidentialVM.detect_cc_type()
if cc_type is CCTrustedApi.TYPE_CC_TDX:
obj = TdxVM()
elif cc_type is CCTrustedApi.TYPE_CC_TPM:
obj = TpmVM()
else:
LOG.error("Unsupported confidential environment.")
return None
Expand All @@ -243,6 +247,43 @@ def inst():
LOG.error("Fail to initialize the confidential VM.")
return ConfidentialVM._inst

from tpm2_pytss import ESAPI
from cctrusted_base.tpm.pcr import TpmPCR

class TpmVM(ConfidentialVM):

DEFAULT_TPM_DEVICE_NODE="/dev/tpm0"
BIOS_MEAUSREMENT="/sys/kernel/security/tpm0/binary_bios_measurements"

def __init__(self, dev_node=DEFAULT_TPM_DEVICE_NODE):
ConfidentialVM.__init__(self, CCTrustedApi.TYPE_CC_TPM)
self._dev_node = dev_node
self._esapi = ESAPI("device:" + dev_node)

@property
def default_algo_id(self):
return TcgAlgorithmRegistry.TPM_ALG_SHA256

def process_cc_report(self, report_data=None) -> bool:
"""
For TPM, we do not need to get integrited measurement register
"""
for index in range(24):
_, _, digests = self._esapi.pcr_read("sha256:%d" % index)
assert digests.count == 1
self._imrs[index] = TpmPCR(index, bytes.fromhex(str(digests.digests[0])))
return True

def process_eventlog(self) -> bool:
try:
with open(TpmVM.BIOS_MEAUSREMENT, "rb") as f:
self._boot_time_event_log = f.read()
assert len(self._boot_time_event_log) > 0
except (PermissionError, OSError):
LOG.error("Need root permission to open file %s", TdxVM.BIOS_MEAUSREMENT)
return False
return True

class TdxVM(ConfidentialVM):

DEVICE_NODE_PATH = {
Expand Down
1 change: 1 addition & 0 deletions src/python/requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
cctrusted_base
pytest
tpm2-pytss

0 comments on commit 9ecf1db

Please sign in to comment.