From ebb0aab17c23b3327d5d97e2ff38639d48f1f7ed Mon Sep 17 00:00:00 2001 From: conradgrobler <58467069+conradgrobler@users.noreply.github.com> Date: Fri, 19 Jan 2024 10:48:59 +0000 Subject: [PATCH] Log Stage 0 measurement digests in hex (#4676) --- stage0/src/lib.rs | 54 ++++++++++++++++++++++++++++-------------- stage0_dice/src/lib.rs | 36 ++++++++++++++-------------- 2 files changed, 54 insertions(+), 36 deletions(-) diff --git a/stage0/src/lib.rs b/stage0/src/lib.rs index 23fc1a9b258..c0b4511521e 100644 --- a/stage0/src/lib.rs +++ b/stage0/src/lib.rs @@ -206,7 +206,7 @@ pub fn rust64_start(encrypted: u64) -> ! { // point will fail. allocator::init_global_allocator(zero_page.e820_table()); - let setup_data_measurement = zero_page + let setup_data_sha2_256_digest = zero_page .try_fill_hdr_from_setup_data(&mut fwcfg) .unwrap_or_default(); @@ -231,7 +231,7 @@ pub fn rust64_start(encrypted: u64) -> ! { } let cmdline = kernel::try_load_cmdline(&mut fwcfg).unwrap_or_default(); - let cmdline_measurement = measure_byte_slice(cmdline.as_bytes()); + let cmdline_sha2_256_digest = measure_byte_slice(cmdline.as_bytes()); let kernel_info = kernel::try_load_kernel_image(&mut fwcfg, zero_page.e820_table()).unwrap_or_default(); @@ -259,8 +259,8 @@ pub fn rust64_start(encrypted: u64) -> ! { let rsdp = acpi::build_acpi_tables(&mut fwcfg, &mut acpi_digest).unwrap(); zero_page.set_acpi_rsdp_addr(PhysAddr::new(rsdp as *const _ as u64)); let acpi_digest = acpi_digest.finalize(); - let mut acpi_measurement = Measurement::default(); - acpi_measurement[..].copy_from_slice(&acpi_digest[..]); + let mut acpi_sha2_256_digest = Measurement::default(); + acpi_sha2_256_digest[..].copy_from_slice(&acpi_digest[..]); if let Err(err) = smp::bootstrap_aps(rsdp) { log::warn!( @@ -289,7 +289,7 @@ pub fn rust64_start(encrypted: u64) -> ! { } } - let ram_disk_measurement = + let ram_disk_sha2_256_digest = initramfs::try_load_initial_ram_disk(&mut fwcfg, zero_page.e820_table(), &kernel_info) .map(|ram_disk| { zero_page.set_initial_ram_disk(ram_disk); @@ -297,22 +297,40 @@ pub fn rust64_start(encrypted: u64) -> ! { }) .unwrap_or_default(); - let memory_map_measurement = measure_byte_slice(zero_page.e820_table().as_bytes()); + let memory_map_sha2_256_digest = measure_byte_slice(zero_page.e820_table().as_bytes()); - log::debug!("Kernel image digest: {:?}", kernel_info.measurement); - log::debug!("Kernel setup data digest: {:?}", setup_data_measurement); - log::debug!("Kernel image digest: {:?}", cmdline_measurement); - log::debug!("Initial RAM disk digest: {:?}", ram_disk_measurement); - log::debug!("ACPI table generation digest: {:?}", acpi_measurement); - log::debug!("E820 table digest: {:?}", memory_map_measurement); + log::debug!( + "Kernel image digest: sha2-256:{}", + hex::encode(kernel_info.measurement) + ); + log::debug!( + "Kernel setup data digest: sha2-256:{}", + hex::encode(setup_data_sha2_256_digest) + ); + log::debug!( + "Kernel image digest: sha2-256:{}", + hex::encode(cmdline_sha2_256_digest) + ); + log::debug!( + "Initial RAM disk digest: sha2-256:{}", + hex::encode(ram_disk_sha2_256_digest) + ); + log::debug!( + "ACPI table generation digest: sha2-256:{}", + hex::encode(acpi_sha2_256_digest) + ); + log::debug!( + "E820 table digest: sha2-256:{}", + hex::encode(memory_map_sha2_256_digest) + ); let measurements = oak_stage0_dice::Measurements { - acpi_measurement, - kernel_measurement: kernel_info.measurement, - cmdline_measurement, - ram_disk_measurement, - setup_data_measurement, - memory_map_measurement, + acpi_sha2_256_digest, + kernel_sha2_256_digest: kernel_info.measurement, + cmdline_sha2_256_digest, + ram_disk_sha2_256_digest, + setup_data_sha2_256_digest, + memory_map_sha2_256_digest, }; let dice_data = Box::leak(Box::new_in( diff --git a/stage0_dice/src/lib.rs b/stage0_dice/src/lib.rs index 004d5d0107b..9347a9c8239 100644 --- a/stage0_dice/src/lib.rs +++ b/stage0_dice/src/lib.rs @@ -50,17 +50,17 @@ pub const REPORT_DATA_SIZE: usize = 64; #[derive(Default)] pub struct Measurements { /// The measurement of the kernel image. - pub kernel_measurement: [u8; 32], + pub kernel_sha2_256_digest: [u8; 32], /// The measurement of the kernel command-line. - pub cmdline_measurement: [u8; 32], + pub cmdline_sha2_256_digest: [u8; 32], /// The measurement of the kernel setup data. - pub setup_data_measurement: [u8; 32], + pub setup_data_sha2_256_digest: [u8; 32], /// The measurement of the initial RAM disk. - pub ram_disk_measurement: [u8; 32], + pub ram_disk_sha2_256_digest: [u8; 32], /// The measurement of the physical memory map. - pub memory_map_measurement: [u8; 32], + pub memory_map_sha2_256_digest: [u8; 32], /// The concatenated measurement of the command used for building the ACPI tables. - pub acpi_measurement: [u8; 32], + pub acpi_sha2_256_digest: [u8; 32], } /// Generates an ECA certificate for use by the next boot stage (Stage 1). @@ -78,42 +78,42 @@ fn generate_stage1_certificate( Value::Integer(KERNEL_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.kernel_measurement.into()), + Value::Bytes(measurements.kernel_sha2_256_digest.into()), )]), ), ( Value::Integer(KERNEL_COMMANDLINE_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.cmdline_measurement.into()), + Value::Bytes(measurements.cmdline_sha2_256_digest.into()), )]), ), ( Value::Integer(SETUP_DATA_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.setup_data_measurement.into()), + Value::Bytes(measurements.setup_data_sha2_256_digest.into()), )]), ), ( Value::Integer(INITRD_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.ram_disk_measurement.into()), + Value::Bytes(measurements.ram_disk_sha2_256_digest.into()), )]), ), ( Value::Integer(MEMORY_MAP_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.memory_map_measurement.into()), + Value::Bytes(measurements.memory_map_sha2_256_digest.into()), )]), ), ( Value::Integer(ACPI_MEASUREMENT_ID.into()), Value::Map(alloc::vec![( Value::Integer(SHA2_256_ID.into()), - Value::Bytes(measurements.acpi_measurement.into()), + Value::Bytes(measurements.acpi_sha2_256_digest.into()), )]), ), ]), @@ -160,14 +160,14 @@ pub fn generate_dice_data< .expect("couldn't serialize stage 1 ECA certificate"); // Use the SHA2-256 digest of the serialized ECA verifying key as the report data. - let eca_measurement = { + let eca_sha2_256_digest = { let mut digest = Sha256::default(); digest.update(&stage0_eca_verifying_key); digest.finalize() }; let mut report_data = [0u8; REPORT_DATA_SIZE]; - report_data[..eca_measurement.len()].copy_from_slice(&eca_measurement[..]); + report_data[..eca_sha2_256_digest.len()].copy_from_slice(&eca_sha2_256_digest[..]); let report = get_attestation(report_data).expect("couldn't get attestation report."); let report_bytes = report.as_bytes(); @@ -178,10 +178,10 @@ pub fn generate_dice_data< // Mix in the measurements of the kernel, the kernel command-line, the kernel setup data and the // initial RAM disk when deriving the CDI for Layer 1. let mut salt: Vec = Vec::with_capacity(128); - salt.extend_from_slice(&measurements.kernel_measurement[..]); - salt.extend_from_slice(&measurements.cmdline_measurement[..]); - salt.extend_from_slice(&measurements.setup_data_measurement[..]); - salt.extend_from_slice(&measurements.ram_disk_measurement[..]); + salt.extend_from_slice(&measurements.kernel_sha2_256_digest[..]); + salt.extend_from_slice(&measurements.cmdline_sha2_256_digest[..]); + salt.extend_from_slice(&measurements.setup_data_sha2_256_digest[..]); + salt.extend_from_slice(&measurements.ram_disk_sha2_256_digest[..]); let hkdf = Hkdf::::new(Some(&salt), &ikm[..]); result.magic = STAGE0_MAGIC;