Re: [PATCH v3 4/5] machine/nitro-enclave: Add built-in Nitro Secure Module device

Tue, 13 Aug 2024 05:57:56 -0700 


On 10.08.24 18:45, Dorjoy Chowdhury wrote:

AWS Nitro Enclaves have built-in Nitro Secure Module (NSM) device which
is used for stripped down TPM functionality like attestation. This commit
adds the built-in NSM device in the nitro-enclave machine type.

In Nitro Enclaves, all the PCRs start in a known zero state and the first
16 PCRs are locked from boot and reserved. The PCR0, PCR1, PCR2 and PCR8
contain the SHA384 hashes related to the EIF file used to boot the
VM for validation.

A new optional nitro-enclave machine option 'id' has been added which will
be the enclave identifier reflected in the module-id of the NSM device.
Otherwise, the device will have a default id set.

Signed-off-by: Dorjoy Chowdhury <dorjoychy...@gmail.com>
---
  hw/core/eif.c                   | 205 +++++++++++++++++++++++++++++++-
  hw/core/eif.h                   |   5 +-
  hw/core/meson.build             |   4 +-
  hw/i386/Kconfig                 |   1 +
  hw/i386/nitro_enclave.c         |  85 ++++++++++++-
  include/hw/i386/nitro_enclave.h |  19 +++
  6 files changed, 310 insertions(+), 9 deletions(-)



[...]



@@ -87,10 +106,46 @@ static void nitro_enclave_machine_state_init(MachineState 
*machine)
      nitro_enclave_devices_init(ne_state);
  }

+static void nitro_enclave_machine_reset(MachineState *machine,
+                                        ShutdownCause reason)
+{
+    NitroEnclaveMachineClass *ne_class =
+        NITRO_ENCLAVE_MACHINE_GET_CLASS(machine);
+    NitroEnclaveMachineState *ne_state = NITRO_ENCLAVE_MACHINE(machine);
+
+    ne_class->parent_reset(machine, reason);
+
+    memset(ne_state->vnsm->pcrs, 0, sizeof(ne_state->vnsm->pcrs));
+
+    /* PCR0 */
+    ne_state->vnsm->extend_pcr(ne_state->vnsm, 0, ne_state->image_sha384,
+                               SHA384_BYTE_LEN);
+    /* PCR1 */
+    ne_state->vnsm->extend_pcr(ne_state->vnsm, 1, ne_state->bootstrap_sha384,
+                               SHA384_BYTE_LEN);
+    /* PCR2 */
+    ne_state->vnsm->extend_pcr(ne_state->vnsm, 2, ne_state->app_sha384,
+                               SHA384_BYTE_LEN);
What about PCR3 and PCR4? Both are just sha384 values of input strings[1]. Can you make these input strings NSM device as well as machine properties as well? 

[1] https://docs.aws.amazon.com/enclaves/latest/user/set-up-attestation.html



Alex




Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597

Reply via email to