feat: Add SEV measurements to ReplicaVersionRecord (#5966)

NODE-1670

- Replace the deprecated `guest_launch_measurement_sha256_hex` field
with a new `GuestLaunchMeasurements` message in `ReplicateVersionRecord`
and the corresponding proposal.
- Add logic in IC-OS build to calculate the SEV measurement.
- Add code in ic-admin to read the generated measurement json and
populate the measurement in the proposal.
- Propagate the SEV measurement to system tests.
- Update various tests to be compatible with the changes.

Design doc:
https://docs.google.com/document/d/1sowOFzE6HtOsc8Vfpo8Sa3GcJNhy_x6EAroYgGAThic/edit?tab=t.3exr0kbb2lvq

Author: frankdavid

ic-os/BUILD.bazel

@@ -1,6 +1,14 @@
+load("@rules_python//python/entry_points:py_console_script_binary.bzl", "py_console_script_binary")
+
 exports_files([
     "vuln-scan/vuln-scan.sh",
     "vuln-scan/vuln-scan.html",
     "dev-tools/launch-remote-vm.sh",
     "dev-tools/build-setupos-config-image.sh",
 ])
+
+py_console_script_binary(
+    name = "sev-snp-measure",
+    pkg = "@python_deps//sev_snp_measure",
+    visibility = ["//ic-os:__subpackages__"],
+)

ic-os/defs.bzl

@@ -132,6 +132,23 @@ def icos_build(
         tags = ["manual"],
     )
 
+    # Extract initrd and kernel for SEV measurement
+    tar_extract(
+        name = "extracted_initrd.img",
+        src = "rootfs-tree.tar",
+        path = "boot/initrd.img-*",
+        wildcards = True,
+        tags = ["manual"],
+    )
+
+    tar_extract(
+        name = "extracted_vmlinuz",
+        src = "rootfs-tree.tar",
+        path = "boot/vmlinuz-*",
+        wildcards = True,
+        tags = ["manual"],
+    )
+
     # -------------------- Extract root and boot partitions --------------------
 
     # NOTE: e2fsdroid does not support filenames with spaces, fortunately,
@@ -161,6 +178,7 @@ def icos_build(
         version_txt = "version" + test_suffix + ".txt"
         boot_args = "boot" + test_suffix + "_args"
         extra_boot_args = "extra_boot" + test_suffix + "_args"
+        launch_measurements = "launch-measurements" + test_suffix + ".json"
 
         ext4_image(
             name = partition_root_unsigned_tzst,
@@ -260,6 +278,28 @@ def icos_build(
                 tags = ["manual"],
             )
 
+        if image_deps.get("generate_launch_measurements", False):
+            native.genrule(
+                name = "generate-" + launch_measurements,
+                outs = [launch_measurements],
+                srcs = ["//ic-os/components/ovmf:ovmf_sev", boot_args, ":extracted_initrd.img", ":extracted_vmlinuz"],
+                visibility = visibility,
+                tools = ["//ic-os:sev-snp-measure"],
+                cmd = r"""
+                    source $(execpath """ + boot_args + """)
+                    # Create GuestLaunchMeasurements JSON
+                    (for cmdline in "$$BOOT_ARGS_A" "$$BOOT_ARGS_B"; do
+                        hex=$$($(execpath //ic-os:sev-snp-measure) --mode snp --vcpus 64 --ovmf "$(execpath //ic-os/components/ovmf:ovmf_sev)" --vcpu-type=EPYC-v4 --append "$$cmdline" --initrd "$(location extracted_initrd.img)" --kernel "$(location extracted_vmlinuz)")
+                        # Convert hex string to decimal list, e.g. "abcd" ->  171\\n205
+                        measurement=$$(echo -n "$$hex" | fold -w2 | sed "s/^/0x/" | xargs printf "%d\n")
+                        jq -na --arg cmd "$$cmdline" --arg m "$$measurement" '{
+                          measurement: ($$m | split("\n") | map(tonumber)),
+                          metadata: {kernel_cmdline: $$cmd}
+                        }'
+                    done) | jq -sc "{guest_launch_measurements: .}" > $@
+                """,
+            )
+
     component_file_references_test(
         name = name + "_component_file_references_test",
         image = ":partition-root-unsigned.tzst",
@@ -440,11 +480,20 @@ EOF
         tags = tags,
     )
 
-    icos_images = struct(
-        disk_image = ":disk-img.tar.zst",
-        update_image = ":update-img.tar.zst",
-        update_image_test = ":update-img-test.tar.zst",
-    )
+    if image_deps.get("generate_launch_measurements", False):
+        icos_images = struct(
+            disk_image = ":disk-img.tar.zst",
+            update_image = ":update-img.tar.zst",
+            update_image_test = ":update-img-test.tar.zst",
+            launch_measurements = ":launch-measurements.json",
+            launch_measurements_test = ":launch-measurements-test.json",
+        )
+    else:
+        icos_images = struct(
+            disk_image = ":disk-img.tar.zst",
+            update_image = ":update-img.tar.zst",
+            update_image_test = ":update-img-test.tar.zst",
+        )
     return icos_images
 
 # end def icos_build
@@ -456,7 +505,8 @@ def _tar_extract_impl(ctx):
     ctx.actions.run_shell(
         inputs = [in_tar],
         outputs = [out],
-        command = "tar xOf %s --occurrence=1 %s > %s" % (
+        command = "tar %s -xOf %s --occurrence=1  %s > %s" % (
+            "--wildcards" if ctx.attr.wildcards else "",
             in_tar.path,
             ctx.attr.path,
             out.path,
@@ -475,5 +525,9 @@ tar_extract = rule(
         "path": attr.string(
             mandatory = True,
         ),
+        "wildcards": attr.bool(
+            default = False,
+            doc = "If True, the path is treated as a glob pattern.",
+        ),
     },
 )

ic-os/guestos/defs.bzl

@@ -74,6 +74,7 @@ def image_deps(mode, malicious = False):
         "boot_args_template": Label("//ic-os/bootloader:guestos_boot_args.template"),
         # GuestOS requires dm-verity root partition signing
         "requires_root_signing": True,
+        "generate_launch_measurements": True,
     }
 
     dev_build_args = ["BUILD_TYPE=dev", "ROOT_PASSWORD=root"]

ic-os/guestos/envs/dev/BUILD.bazel

@@ -39,7 +39,10 @@ file_size_check(
 artifact_bundle(
     name = "bundle-disk",
     testonly = True,
-    inputs = [icos_images.disk_image],
+    inputs = [
+        icos_images.disk_image,
+        icos_images.launch_measurements,
+    ],
     prefix = "guest-os/disk-img-dev",
     visibility = ["//visibility:public"],
 )

ic-os/guestos/envs/prod/BUILD.bazel

@@ -41,6 +41,7 @@ artifact_bundle(
     inputs = [
         icos_images.update_image,
         icos_images.update_image_test,
+        icos_images.launch_measurements,
     ],
     prefix = "guest-os/update-img",
     visibility = ["//visibility:public"],

ic-os/guestos/envs/recovery/BUILD.bazel

@@ -42,6 +42,8 @@ artifact_bundle(
     inputs = [
         icos_images.update_image,
         icos_images.update_image_test,
+        icos_images.launch_measurements,
+        icos_images.launch_measurements_test,
     ],
     prefix = "guest-os/update-img-recovery",
     tags = [

requirements.in

@@ -25,6 +25,7 @@ pytest
 pytest-cov
 PyYAML>=6.0.2
 requests>=2.26.0
+sev-snp-measure
 simple-parsing
 tqdm
 uuid

requirements.txt

@@ -409,6 +409,7 @@ cryptography==45.0.4 \
     #   ansible-core
     #   paramiko
     #   pyjwt
+    #   sev-snp-measure
 cvss==3.4 \
     --hash=sha256:632353244ba3c58b53355466677edc968b9d7143c317b66271f9fd7939951ee8 \
     --hash=sha256:d9950613758e60820f7fac37ca5f35158712f8f2ea4f6629858a60c4984fe4ef
@@ -857,6 +858,10 @@ resolvelib==1.0.1 \
     --hash=sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309 \
     --hash=sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf
     # via ansible-core
+sev-snp-measure==0.0.11 \
+    --hash=sha256:1f1953b94cce43b08041aa7b0e804998f6d89a3d648395b40c447ecd470b1d54 \
+    --hash=sha256:579abfc6e9359b6bff4755a99d0704c3d2e2fd8fec16882d533192c1d5943c35
+    # via -r requirements.in
 simple-parsing==0.1.7 \
     --hash=sha256:225e6b35252d68f7894716101fe3bd7e6dd3d30ab7b1c3c023f77a42dbe1336f \
     --hash=sha256:5276e6c90c157362dd0173d1eecebe58361a66b457129cc9bba13b78a4e85092

rs/ic_os/dev_test_tools/launch-single-vm/src/main.rs

@@ -167,6 +167,7 @@ fn main() {
         None,
         None,
         None,
+        None,
         Vec::new(),
     );
     let initialized_ic = ic_config.initialize().unwrap();

rs/nns/integration_tests/src/upgrades_handler.rs

@@ -69,7 +69,7 @@ fn test_submit_and_accept_update_elected_replica_versions_proposal() {
                     .map(|_| vec!["http://release_package.tar.zst".to_string()])
                     .unwrap_or_default(),
                 replica_version_to_elect: elect,
-                guest_launch_measurement_sha256_hex: None,
+                guest_launch_measurements: None,
                 replica_versions_to_unelect: unelect.iter().map(|s| s.to_string()).collect(),
             };
         let bless_version_payload = |version_id: &str| -> ReviseElectedGuestosVersionsPayload {