Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package sevctl for openSUSE:Factory checked 
in at 2023-03-15 18:54:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sevctl (Old)
 and      /work/SRC/openSUSE:Factory/.sevctl.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "sevctl"

Wed Mar 15 18:54:28 2023 rev:4 rq:1071848 version:0.3.2+git.255d370

Changes:
--------
--- /work/SRC/openSUSE:Factory/sevctl/sevctl.changes    2023-02-16 
16:56:45.746918992 +0100
+++ /work/SRC/openSUSE:Factory/.sevctl.new.31432/sevctl.changes 2023-03-15 
18:54:44.760459456 +0100
@@ -1,0 +2,10 @@
+Tue Mar 14 15:25:33 UTC 2023 - Caleb Crane <caleb.cr...@suse.com>
+
+- Update to v0.3.2 + git commit 255d370
+     dependency: Enable vendored feature for openssl
+     Add show commands for identifier, SNP status and VCEK URL.
+     readme: Add some basic provisioning instructions
+     Update sev library to version 1.1.0
+     ok: Find singular model and family on processor ID
+
+-------------------------------------------------------------------

Old:
----
  sevctl-0.3.2+git.e37c4d6.tar.xz

New:
----
  sevctl-0.3.2+git.255d370.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sevctl.spec ++++++
--- /var/tmp/diff_new_pack.THbs4e/_old  2023-03-15 18:54:45.516463478 +0100
+++ /var/tmp/diff_new_pack.THbs4e/_new  2023-03-15 18:54:45.524463520 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           sevctl
-Version:        0.3.2+git.e37c4d6
+Version:        0.3.2+git.255d370
 Release:        0
 Summary:        Administrative utility for AMD SEV
 Group:          Development/Libraries/Rust

++++++ _service ++++++
--- /var/tmp/diff_new_pack.THbs4e/_old  2023-03-15 18:54:45.552463669 +0100
+++ /var/tmp/diff_new_pack.THbs4e/_new  2023-03-15 18:54:45.556463691 +0100
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/virtee/sevctl.git</param>
     <param name="scm">git</param>
     <param name="filename">sevctl</param>
-    <param name="revision">e37c4d6868b8144b547ade68eff6062771c67eb0</param>
+    <param name="revision">255d370</param>
     <param name="version">0.3.2</param>
     <param name="versionformat">0.3.2+git.%h</param>
   </service>

++++++ sevctl-0.3.2+git.e37c4d6.tar.xz -> sevctl-0.3.2+git.255d370.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/Cargo.lock 
new/sevctl-0.3.2+git.255d370/Cargo.lock
--- old/sevctl-0.3.2+git.e37c4d6/Cargo.lock     2023-01-24 20:51:41.000000000 
+0100
+++ new/sevctl-0.3.2+git.255d370/Cargo.lock     2023-03-03 04:21:10.000000000 
+0100
@@ -276,9 +276,9 @@
 
 [[package]]
 name = "kvm-ioctls"
-version = "0.11.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "97422ba48d7ffb66fd4d18130f72ab66f9bbbf791fb7a87b9291cdcfec437593"
+checksum = "b8f8dc9c1896e5f144ec5d07169bc29f39a047686d29585a91f30489abfaeb6b"
 dependencies = [
  "kvm-bindings",
  "libc",
@@ -375,6 +375,15 @@
 checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
 
 [[package]]
+name = "openssl-src"
+version = "111.25.0+1.1.1t"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "3173cd3626c43e3854b1b727422a276e568d9ec5fe8cec197822cf52cfb743d6"
+dependencies = [
+ "cc",
+]
+
+[[package]]
 name = "openssl-sys"
 version = "0.9.73"
 source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -383,6 +392,7 @@
  "autocfg",
  "cc",
  "libc",
+ "openssl-src",
  "pkg-config",
  "vcpkg",
 ]
@@ -576,10 +586,11 @@
 
 [[package]]
 name = "sev"
-version = "1.0.1"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "343ca80f0f064f0f293a6066e81c2977e819e909b348634701ab8fe4304e7749"
+checksum = "a8c8ec2a5131be61bba9ffad92aead45bd27805c9701d265b7196d4914299b98"
 dependencies = [
+ "bincode",
  "bitfield",
  "bitflags",
  "codicon",
@@ -591,6 +602,7 @@
  "serde-big-array",
  "serde_bytes",
  "static_assertions",
+ "uuid",
 ]
 
 [[package]]
@@ -758,9 +770,9 @@
 
 [[package]]
 name = "uuid"
-version = "1.1.2"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index";
-checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f"
+checksum = "1674845326ee10d37ca60470760d4288a6f80f304007d92e5c53bab78c9cfd79"
 
 [[package]]
 name = "vcpkg"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/Cargo.toml 
new/sevctl-0.3.2+git.255d370/Cargo.toml
--- old/sevctl-0.3.2+git.e37c4d6/Cargo.toml     2023-01-24 20:51:41.000000000 
+0100
+++ new/sevctl-0.3.2+git.255d370/Cargo.toml     2023-03-03 04:21:10.000000000 
+0100
@@ -22,7 +22,7 @@
 is-it-maintained-open-issues = { repository = "virtee/sevctl" }
 
 [dependencies]
-sev = { version = "1.0.1", features = ["openssl"] }
+sev = { version = "1.1.0", features = ["openssl"] }
 serde = { version = "1.0", features = ["derive"] }
 # serde_json is just for the example, not required in general
 serde_json = "1.0"
@@ -35,7 +35,7 @@
 native-tls = "0.2"
 url = "2.2"
 base64 = "0.13.0"
-openssl = "0.10"
+openssl = { version = "0.10", features = ["vendored"] }
 uuid = "1.1.2"
 anyhow = "1.0.57"
 log = "0.4"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/README.md 
new/sevctl-0.3.2+git.255d370/README.md
--- old/sevctl-0.3.2+git.e37c4d6/README.md      2023-01-24 20:51:41.000000000 
+0100
+++ new/sevctl-0.3.2+git.255d370/README.md      2023-03-03 04:21:10.000000000 
+0100
@@ -8,6 +8,21 @@
 `sevctl` is a command line utility for managing the AMD Secure Encrypted 
Virtualization (SEV) platform.
 It currently supports the entire management API for the Naples generation of 
processors.
 
+In order to provision a new server using a self-signed Owner's Certificate
+Authority (OCA), you would typically perform a sequence similar to:
+
+```console
+$ sevctl generate oca.cert oca.key
+$ sevctl provision oca.cert oca.key
+$ sevctl export --full /opt/sev/cert_chain.cert
+```
+
+After these steps, running the `sevctl verify` subcommand should show the whole
+certificate chain, and `sevctl show flags` should indicate that the platform is
+`owned`. Note that you can only provision once. Should you need to 
re-provision,
+you will need to use `sevctl reset` first.
+
+
 ## Usage
 
 ### help
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/docs/sevctl.1.adoc 
new/sevctl-0.3.2+git.255d370/docs/sevctl.1.adoc
--- old/sevctl-0.3.2+git.e37c4d6/docs/sevctl.1.adoc     2023-01-24 
20:51:41.000000000 +0100
+++ new/sevctl-0.3.2+git.255d370/docs/sevctl.1.adoc     2023-03-03 
04:21:10.000000000 +0100
@@ -112,11 +112,14 @@
 *sevctl show*::
         usage: sevctl show [flags || guests]
 
-        This command describes the state of the SEV platform. There are two
+        This command describes the state of the SEV platform. There are several
         platform details to describe:
 
-        SEV platform flags:     sevctl show flags
-        SEV guest inforation:   sevctl show guests
+        SEV platform flags:        sevctl show flags
+        SEV guest inforation:      sevctl show guests
+        SEV platform identifier:   sevctl show identifier
+        SEV SNP status:            sevctl show snp-status
+        SEV SNP VCEK URL:          sevctl show veck-url
 
  options:
     -h, --help          Show a help message
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/src/main.rs 
new/sevctl-0.3.2+git.255d370/src/main.rs
--- old/sevctl-0.3.2+git.e37c4d6/src/main.rs    2023-01-24 20:51:41.000000000 
+0100
+++ new/sevctl-0.3.2+git.255d370/src/main.rs    2023-03-03 04:21:10.000000000 
+0100
@@ -16,7 +16,10 @@
 use codicon::*;
 
 use ::sev::certs::*;
-use ::sev::firmware::host::{types::Status, Firmware, PlatformStatusFlags};
+use ::sev::firmware::host::{
+    types::{PlatformStatusFlags, SnpStatus, Status},
+    Firmware,
+};
 use ::sev::Generation;
 
 use std::fs::File;
@@ -186,6 +189,13 @@
         .context("unable to fetch platform status")
 }
 
+fn snp_platform_status() -> Result<SnpStatus> {
+    firmware()?
+        .snp_platform_status()
+        .map_err(|e| anyhow::anyhow!(format!("{:?}", e)))
+        .context("unable to fetch snp platform status")
+}
+
 fn chain() -> Result<sev::Chain> {
     const CEK_SVC: &str = "https://kdsintf.amd.com/cek/id";;
 
@@ -270,6 +280,15 @@
         #[structopt(about = "Show the current number of guests")]
         Guests,
 
+        #[structopt(about = "Show the platform identifier")]
+        Identifier,
+
+        #[structopt(about = "Show the SNP platform status")]
+        SnpStatus,
+
+        #[structopt(about = "Show the VCEK DER download URL")]
+        VcekUrl,
+
         #[structopt(about = "Show the platform's firmware version")]
         Version,
     }
@@ -280,6 +299,26 @@
         match show {
             Show::Version => println!("{}", status.build),
             Show::Guests => println!("{}", status.guests),
+            Show::Identifier => {
+                let id = firmware()?
+                    .get_identifier()
+                    .map_err(|e| anyhow::anyhow!(format!("{:?}", e)))
+                    .context("error fetching identifier")?;
+                println!("{}", id);
+            }
+            Show::SnpStatus => {
+                let snp_status = snp_platform_status()?;
+                println!("{:#?}", snp_status);
+            }
+            Show::VcekUrl => {
+                let id = firmware()?
+                    .get_identifier()
+                    .map_err(|e| anyhow::anyhow!(format!("{:?}", e)))
+                    .context("error fetching identifier")?;
+                let snp_status = snp_platform_status()?;
+                
println!("https://kdsintf.amd.com/vcek/v1/Milan/{}?blSPL={:02}&teeSPL={:02}&snpSPL={:02}&ucodeSPL={:02}";,
+                         id, snp_status.tcb.platform_version.bootloader, 
snp_status.tcb.platform_version.tee, snp_status.tcb.platform_version.snp, 
snp_status.tcb.platform_version.microcode);
+            }
             Show::Flags => {
                 for f in [
                     PlatformStatusFlags::OWNED,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sevctl-0.3.2+git.e37c4d6/src/ok.rs 
new/sevctl-0.3.2+git.255d370/src/ok.rs
--- old/sevctl-0.3.2+git.e37c4d6/src/ok.rs      2023-01-24 20:51:41.000000000 
+0100
+++ new/sevctl-0.3.2+git.255d370/src/ok.rs      2023-03-03 04:21:10.000000000 
+0100
@@ -36,19 +36,27 @@
     // Get the SEV generation of the processor currently running on the 
machine.
     // To do this, we execute a CPUID (label 0x80000001) and read the EAX
     // register as an array of bytes (each byte representing 8 bits of a 32-bit
-    // value, thus the array is 4 bytes long). The formatting for this value is
+    // value, thus the array is 4 bytes long). The formatting for these values 
is
     // as follows:
     //
-    //  Base model:         4:7
-    //  Base family:        8:11
-    //  Extended model:     16:19
-    //  Extended family:    20:27
-    //
-    // Extract the bit values from the array, and compare them with known base
-    // model, base family, extended model, and extended family values for each
-    // SEV generation. Then, compare the values and return a SEV generation if
-    // its values match.
+    //  Base model:         bits 4:7
+    //  Base family:        bits 8:11
+    //  Extended model:     bits 16:19
+    //  Extended family:    bits 20:27
     //
+    // Extract the bit values from the array, and use them to calculate the 
MODEL
+    // and FAMILY of the processor.
+    //
+    // The family calculation is as follows:
+    //
+    //      FAMILY = Base family + Extended family
+    //
+    // The model calculation is a follows:
+    //
+    //      MODEL = Base model | (Extended model << 4)
+    //
+    // Compare these values with the models and families of known processor 
generations to
+    // determine which generation the current processor is a part of.
     fn current() -> Result<Self> {
         let cpuid = unsafe { x86_64::__cpuid(0x8000_0001) };
         let bytes: Vec<u8> = cpuid.eax.to_le_bytes().to_vec();
@@ -65,12 +73,15 @@
             low | high
         };
 
-        let id = (base_model, ext_model, base_family, ext_family);
+        let model = (ext_model << 4) | base_model;
+        let family = base_family + ext_family;
+
+        let id = (model, family);
 
-        let naples = (0x1, 0x0, 0xf, 0x8);
-        let rome = (0x1, 0x3, 0xf, 0x8);
-        let milan = (0x1, 0x0, 0xf, 0xa);
-        let genoa = (0x1, 0x1, 0xf, 0xa);
+        let naples = (1, 23);
+        let rome = (49, 23);
+        let milan = (1, 25);
+        let genoa = (17, 25);
 
         if id == naples {
             return Ok(SevGeneration::Sev);

++++++ sevctl.obsinfo ++++++
--- /var/tmp/diff_new_pack.THbs4e/_old  2023-03-15 18:54:45.652464201 +0100
+++ /var/tmp/diff_new_pack.THbs4e/_new  2023-03-15 18:54:45.652464201 +0100
@@ -1,5 +1,5 @@
 name: sevctl
-version: 0.3.2+git.e37c4d6
-mtime: 1674589901
-commit: e37c4d6868b8144b547ade68eff6062771c67eb0
+version: 0.3.2+git.255d370
+mtime: 1677813670
+commit: 255d370900f6c48fc50464fda4a03afe91286c0e
 

++++++ vendor.tar.xz ++++++
/work/SRC/openSUSE:Factory/sevctl/vendor.tar.xz 
/work/SRC/openSUSE:Factory/.sevctl.new.31432/vendor.tar.xz differ: char 27, 
line 1

Reply via email to