From 82cbf6ffa412194af44749baf25203f92e16a979 Mon Sep 17 00:00:00 2001 From: "Yang, Longlong" Date: Fri, 17 Nov 2023 11:37:20 -0500 Subject: [PATCH] add seperator extend support for tee info hash tool. fix #621 Signed-off-by: Yang, Longlong --- .../src/bin/td-shim-tee-info-hash/main.rs | 11 +++++++++++ .../src/bin/td-shim-tee-info-hash/readme.md | 5 +++-- td-shim-tools/src/tee_info_hash.rs | 18 ++++++++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/td-shim-tools/src/bin/td-shim-tee-info-hash/main.rs b/td-shim-tools/src/bin/td-shim-tee-info-hash/main.rs index a7e5618d..be964514 100644 --- a/td-shim-tools/src/bin/td-shim-tee-info-hash/main.rs +++ b/td-shim-tools/src/bin/td-shim-tee-info-hash/main.rs @@ -28,6 +28,8 @@ struct Config { pub output: PathBuf, // Log level pub log_level: String, + // Seperator for populating rtmr + pub seperator: u32, } #[derive(Debug)] @@ -61,6 +63,12 @@ impl Config { .default_value("info") .action(ArgAction::Set), ) + .arg( + arg!(-s --seperator "seperator format should be u32 type, like: 0") + .required(true) + .value_parser(value_parser!(u32)) + .action(ArgAction::Set), + ) .get_matches(); // Safe to unwrap() because they are mandatory or have default values. @@ -76,12 +84,14 @@ impl Config { }; let manifest = matches.get_one::("manifest").unwrap().clone(); let log_level = matches.get_one::("log-level").unwrap().clone(); + let seperator = matches.get_one::("seperator").unwrap().clone(); Ok(Self { manifest, image, output, log_level, + seperator, }) } } @@ -124,6 +134,7 @@ fn main() -> io::Result<()> { }; tee_info.build_mrtd(&mut image, image_size); + tee_info.build_rtmr_with_seperator(config.seperator); log::info!("{}", &tee_info); log::info!( diff --git a/td-shim-tools/src/bin/td-shim-tee-info-hash/readme.md b/td-shim-tools/src/bin/td-shim-tee-info-hash/readme.md index f628527e..ecbc54b9 100644 --- a/td-shim-tools/src/bin/td-shim-tee-info-hash/readme.md +++ b/td-shim-tools/src/bin/td-shim-tee-info-hash/readme.md @@ -8,7 +8,7 @@ A json format td manifest file is required and includes informations: attributes ``` USAGE: - td-shim-tee-info-hash [OPTIONS] --image --manifest + td-shim-tee-info-hash [OPTIONS] --image --manifest --seperator 0 OPTIONS: -h, --help Print help information @@ -18,9 +18,10 @@ OPTIONS: -m, --manifest td manifest -o, --out_bin output tee info hash binary -V, --version Print version information + -s, --seperator The seperator to be extended into rtmr ``` example:
``` -cargo run -p td-shim-tools --bin td-shim-tee-info-hash --features tee -- --manifest --image --out_bin +cargo run -p td-shim-tools --bin td-shim-tee-info-hash --features tee -- --manifest --image --out_bin --seperator 0 ``` diff --git a/td-shim-tools/src/tee_info_hash.rs b/td-shim-tools/src/tee_info_hash.rs index fad6a45c..11cd655d 100644 --- a/td-shim-tools/src/tee_info_hash.rs +++ b/td-shim-tools/src/tee_info_hash.rs @@ -328,6 +328,24 @@ impl TdInfoStruct { let hash = sha384hasher.finalize(); self.mrtd.copy_from_slice(hash.as_slice()); } + + pub fn build_rtmr_with_seperator(&mut self, seperator: u32) { + let seperator = u32::to_le_bytes(seperator); + + let mut sha384hasher = Sha384::new(); + sha384hasher.update(seperator); + let hash = sha384hasher.finalize(); + + let mut concat_input = [0u8; SHA384_DIGEST_SIZE * 2]; + concat_input[SHA384_DIGEST_SIZE..].copy_from_slice(hash.as_slice()); + + let mut sha384hasher = Sha384::new(); + sha384hasher.update(concat_input); + let hash = sha384hasher.finalize(); + + self.rtmr0.copy_from_slice(hash.as_slice()); + self.rtmr1.copy_from_slice(hash.as_slice()); + } } fn fill_buffer128_with_mem_page_add(buf: &mut [u8; MRTD_EXTENSION_BUFFER_SIZE], gpa: u64) {