Skip to content

Commit

Permalink
Verifier: IBM SE implementation PoC
Browse files Browse the repository at this point in the history
Signed-off-by: Qi Feng Huo <[email protected]>
  • Loading branch information
Qi Feng Huo committed May 23, 2024
1 parent 708167d commit 0deabc5
Show file tree
Hide file tree
Showing 6 changed files with 386 additions and 81 deletions.
5 changes: 5 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ prost = "0.11.0"
regorus = { version = "0.1.2", default-features = false, features = ["regex", "base64", "time"] }
rstest = "0.18.1"
serde = { version = "1.0", features = ["derive"] }
serde_with = { version = "1.11.0", features = ["base64"] }
serde_json = "1.0.89"
serial_test = "0.9.0"
sha2 = "0.10"
Expand All @@ -47,3 +48,7 @@ tokio = { version = "1.23.0", features = ["full"] }
tempfile = "3.4.0"
tonic = "0.8.1"
tonic-build = "0.8.0"

[patch.crates-io]
s390_pv = { path = "/root/src/tmp_pv_crate/rust/pv" }
s390_pv_core = { path = "/root/src/tmp_pv_crate/rust/pv_core" }
8 changes: 6 additions & 2 deletions attestation-service/attestation-service/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ version = "0.1.0"
edition = "2021"

[features]
default = [ "restful-bin", "rvps-grpc", "rvps-builtin", "all-verifier" ]
default = [ "restful-bin", "rvps-grpc", "rvps-builtin" ]
all-verifier = [ "verifier/all-verifier" ]
tdx-verifier = [ "verifier/tdx-verifier" ]
sgx-verifier = [ "verifier/sgx-verifier" ]
Expand Down Expand Up @@ -63,7 +63,11 @@ thiserror = { workspace = true, optional = true }
tokio.workspace = true
tonic = { workspace = true, optional = true }
uuid = { version = "1.1.2", features = ["v4"] }
verifier = { path = "../verifier", default-features = false }
[target.'cfg(not(target_arch = "s390x"))'.dependencies]
verifier = { path = "../verifier", default-features = false, features = ["all-verifier"] }

[target.'cfg(target_arch = "s390x")'.dependencies]
verifier = { path = "../verifier", default-features = false, features = ["se-verifier"] }

[build-dependencies]
shadow-rs.workspace = true
Expand Down
7 changes: 6 additions & 1 deletion attestation-service/docs/parsed_claims.md
Original file line number Diff line number Diff line change
Expand Up @@ -94,4 +94,9 @@ The claim inherit the fields from the SEV-SNP claim with and additional `tpm` hi
Note: The TD Report and TD Quote are fetched during early boot in this TEE. Kernel, Initrd and rootfs are measured into the vTPM's registers.

## IBM Secure Execution (SE)
TBD
- `se.version`: The version this quote structure.
- `se.cuid`: The config uid.
- `se.hdr.seht`: SE Header Tag (seht)
- `se.image.phkh`: SE image Public host key hash
- `se.attestation.phkh`: SE attestation Public host key hash
- `se.user_data`: Custom attestation key owner data.
7 changes: 7 additions & 0 deletions attestation-service/verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,12 @@ jsonwebtoken = { workspace = true, default-features = false, optional = true }
kbs-types.workspace = true
log.workspace = true
openssl = { version = "0.10.55", optional = true }
pv = { version = "0.10.0", package = "s390_pv" }
scroll = { version = "0.11.0", default-features = false, features = ["derive"], optional = true }
serde.workspace = true
serde_json.workspace = true
serde_with.workspace = true
serde_yaml = "0.9.0"
sev = { version = "1.2.0", features = ["openssl", "snp"], optional = true }
sgx-dcap-quoteverify-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.16", optional = true }
strum.workspace = true
Expand All @@ -55,3 +58,7 @@ assert-json-diff.workspace = true
rstest.workspace = true
serial_test.workspace = true
tokio.workspace = true

[patch.crates-io]
s390_pv = { path = "/root/src/tmp_pv_crate/rust/pv" }
s390_pv_core = { path = "/root/src/tmp_pv_crate/rust/pv_core" }
Loading

0 comments on commit 0deabc5

Please sign in to comment.