az-snp/tdx-vtpm-verifier: add PCRs to claims map #334
Conversation
mkulke
force-pushed
the
mkulke/add-pcrs-to-vtpm-claim
branch
from
bbf9843 to
e832896
Compare
| }; | ||
|
|
||
| let mut tpm_values = serde_json::Map::new(); | ||
| for (i, pcr) in quote.pcrs_sha256().enumerate() { |
There was a problem hiding this comment.
Where's pcrs_sha256 coming from? I couldn't track it down.
There was a problem hiding this comment.
https://docs.rs/az-snp-vtpm/latest/az_snp_vtpm/vtpm/struct.Quote.html#method.pcrs_sha256
those are the measurement digests from the CVM's vTPM. The launch measurements in TD/SNP reports do not tell us much beyond the HW state of the guest here, since the reports are fetched at early boot. Measurement of e.g. kernel, initrd, rootfs and more is deferred to the TPM registers. So we will have reference values for, say quote.tpm.pcr11, to verify the UKI of the confidential guest.
There was a problem hiding this comment.
Thanks @mkulke, that info is helpful. Yeah I was sanity-checking the element iteration/ordering when I asked this question, I believe. LGTM, nice PR.
mkulke
force-pushed
the
mkulke/add-pcrs-to-vtpm-claim
branch
from
e832896 to
7b908df
Compare
There was a problem hiding this comment.
LGTM. I've merged confidential-containers/guest-components#486
Do we need to bump the version in the client Cargo file to pick that up?
mkulke
force-pushed
the
mkulke/add-pcrs-to-vtpm-claim
branch
from
7b908df to
8c5c470
Compare
PCR values are added in a `"tpm": { "pcr0": ..., "pcrN": ... }`
hierarchy, to the claims map so they can be compared to reference
values.
Signed-off-by: Magnus Kulke <[email protected]>
mkulke
force-pushed
the
mkulke/add-pcrs-to-vtpm-claim
branch
from
8c5c470 to
d155be0
Compare
PCR values are added in a
"tpm": { "pcr0": ..., "pcrN": ... }hierarchy to the claims map so they can be compared to reference values.