Skip to content

Commit

Permalink
Log Stage 0 measurement digests in hex (#4676)
Browse files Browse the repository at this point in the history
  • Loading branch information
conradgrobler authored Jan 19, 2024
1 parent 9bcda0b commit ebb0aab
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 36 deletions.
54 changes: 36 additions & 18 deletions stage0/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ pub fn rust64_start(encrypted: u64) -> ! {
// point will fail.
allocator::init_global_allocator(zero_page.e820_table());

let setup_data_measurement = zero_page
let setup_data_sha2_256_digest = zero_page
.try_fill_hdr_from_setup_data(&mut fwcfg)
.unwrap_or_default();

Expand All @@ -231,7 +231,7 @@ pub fn rust64_start(encrypted: u64) -> ! {
}

let cmdline = kernel::try_load_cmdline(&mut fwcfg).unwrap_or_default();
let cmdline_measurement = measure_byte_slice(cmdline.as_bytes());
let cmdline_sha2_256_digest = measure_byte_slice(cmdline.as_bytes());

let kernel_info =
kernel::try_load_kernel_image(&mut fwcfg, zero_page.e820_table()).unwrap_or_default();
Expand Down Expand Up @@ -259,8 +259,8 @@ pub fn rust64_start(encrypted: u64) -> ! {
let rsdp = acpi::build_acpi_tables(&mut fwcfg, &mut acpi_digest).unwrap();
zero_page.set_acpi_rsdp_addr(PhysAddr::new(rsdp as *const _ as u64));
let acpi_digest = acpi_digest.finalize();
let mut acpi_measurement = Measurement::default();
acpi_measurement[..].copy_from_slice(&acpi_digest[..]);
let mut acpi_sha2_256_digest = Measurement::default();
acpi_sha2_256_digest[..].copy_from_slice(&acpi_digest[..]);

if let Err(err) = smp::bootstrap_aps(rsdp) {
log::warn!(
Expand Down Expand Up @@ -289,30 +289,48 @@ pub fn rust64_start(encrypted: u64) -> ! {
}
}

let ram_disk_measurement =
let ram_disk_sha2_256_digest =
initramfs::try_load_initial_ram_disk(&mut fwcfg, zero_page.e820_table(), &kernel_info)
.map(|ram_disk| {
zero_page.set_initial_ram_disk(ram_disk);
measure_byte_slice(ram_disk)
})
.unwrap_or_default();

let memory_map_measurement = measure_byte_slice(zero_page.e820_table().as_bytes());
let memory_map_sha2_256_digest = measure_byte_slice(zero_page.e820_table().as_bytes());

log::debug!("Kernel image digest: {:?}", kernel_info.measurement);
log::debug!("Kernel setup data digest: {:?}", setup_data_measurement);
log::debug!("Kernel image digest: {:?}", cmdline_measurement);
log::debug!("Initial RAM disk digest: {:?}", ram_disk_measurement);
log::debug!("ACPI table generation digest: {:?}", acpi_measurement);
log::debug!("E820 table digest: {:?}", memory_map_measurement);
log::debug!(
"Kernel image digest: sha2-256:{}",
hex::encode(kernel_info.measurement)
);
log::debug!(
"Kernel setup data digest: sha2-256:{}",
hex::encode(setup_data_sha2_256_digest)
);
log::debug!(
"Kernel image digest: sha2-256:{}",
hex::encode(cmdline_sha2_256_digest)
);
log::debug!(
"Initial RAM disk digest: sha2-256:{}",
hex::encode(ram_disk_sha2_256_digest)
);
log::debug!(
"ACPI table generation digest: sha2-256:{}",
hex::encode(acpi_sha2_256_digest)
);
log::debug!(
"E820 table digest: sha2-256:{}",
hex::encode(memory_map_sha2_256_digest)
);

let measurements = oak_stage0_dice::Measurements {
acpi_measurement,
kernel_measurement: kernel_info.measurement,
cmdline_measurement,
ram_disk_measurement,
setup_data_measurement,
memory_map_measurement,
acpi_sha2_256_digest,
kernel_sha2_256_digest: kernel_info.measurement,
cmdline_sha2_256_digest,
ram_disk_sha2_256_digest,
setup_data_sha2_256_digest,
memory_map_sha2_256_digest,
};

let dice_data = Box::leak(Box::new_in(
Expand Down
36 changes: 18 additions & 18 deletions stage0_dice/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,17 @@ pub const REPORT_DATA_SIZE: usize = 64;
#[derive(Default)]
pub struct Measurements {
/// The measurement of the kernel image.
pub kernel_measurement: [u8; 32],
pub kernel_sha2_256_digest: [u8; 32],
/// The measurement of the kernel command-line.
pub cmdline_measurement: [u8; 32],
pub cmdline_sha2_256_digest: [u8; 32],
/// The measurement of the kernel setup data.
pub setup_data_measurement: [u8; 32],
pub setup_data_sha2_256_digest: [u8; 32],
/// The measurement of the initial RAM disk.
pub ram_disk_measurement: [u8; 32],
pub ram_disk_sha2_256_digest: [u8; 32],
/// The measurement of the physical memory map.
pub memory_map_measurement: [u8; 32],
pub memory_map_sha2_256_digest: [u8; 32],
/// The concatenated measurement of the command used for building the ACPI tables.
pub acpi_measurement: [u8; 32],
pub acpi_sha2_256_digest: [u8; 32],
}

/// Generates an ECA certificate for use by the next boot stage (Stage 1).
Expand All @@ -78,42 +78,42 @@ fn generate_stage1_certificate(
Value::Integer(KERNEL_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.kernel_measurement.into()),
Value::Bytes(measurements.kernel_sha2_256_digest.into()),
)]),
),
(
Value::Integer(KERNEL_COMMANDLINE_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.cmdline_measurement.into()),
Value::Bytes(measurements.cmdline_sha2_256_digest.into()),
)]),
),
(
Value::Integer(SETUP_DATA_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.setup_data_measurement.into()),
Value::Bytes(measurements.setup_data_sha2_256_digest.into()),
)]),
),
(
Value::Integer(INITRD_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.ram_disk_measurement.into()),
Value::Bytes(measurements.ram_disk_sha2_256_digest.into()),
)]),
),
(
Value::Integer(MEMORY_MAP_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.memory_map_measurement.into()),
Value::Bytes(measurements.memory_map_sha2_256_digest.into()),
)]),
),
(
Value::Integer(ACPI_MEASUREMENT_ID.into()),
Value::Map(alloc::vec![(
Value::Integer(SHA2_256_ID.into()),
Value::Bytes(measurements.acpi_measurement.into()),
Value::Bytes(measurements.acpi_sha2_256_digest.into()),
)]),
),
]),
Expand Down Expand Up @@ -160,14 +160,14 @@ pub fn generate_dice_data<
.expect("couldn't serialize stage 1 ECA certificate");

// Use the SHA2-256 digest of the serialized ECA verifying key as the report data.
let eca_measurement = {
let eca_sha2_256_digest = {
let mut digest = Sha256::default();
digest.update(&stage0_eca_verifying_key);
digest.finalize()
};

let mut report_data = [0u8; REPORT_DATA_SIZE];
report_data[..eca_measurement.len()].copy_from_slice(&eca_measurement[..]);
report_data[..eca_sha2_256_digest.len()].copy_from_slice(&eca_sha2_256_digest[..]);

let report = get_attestation(report_data).expect("couldn't get attestation report.");
let report_bytes = report.as_bytes();
Expand All @@ -178,10 +178,10 @@ pub fn generate_dice_data<
// Mix in the measurements of the kernel, the kernel command-line, the kernel setup data and the
// initial RAM disk when deriving the CDI for Layer 1.
let mut salt: Vec<u8> = Vec::with_capacity(128);
salt.extend_from_slice(&measurements.kernel_measurement[..]);
salt.extend_from_slice(&measurements.cmdline_measurement[..]);
salt.extend_from_slice(&measurements.setup_data_measurement[..]);
salt.extend_from_slice(&measurements.ram_disk_measurement[..]);
salt.extend_from_slice(&measurements.kernel_sha2_256_digest[..]);
salt.extend_from_slice(&measurements.cmdline_sha2_256_digest[..]);
salt.extend_from_slice(&measurements.setup_data_sha2_256_digest[..]);
salt.extend_from_slice(&measurements.ram_disk_sha2_256_digest[..]);
let hkdf = Hkdf::<Sha256>::new(Some(&salt), &ikm[..]);

result.magic = STAGE0_MAGIC;
Expand Down

0 comments on commit ebb0aab

Please sign in to comment.