feat(sev_attestation): move sev_attestation test

The sev_attestation test can be reduced to a enarx_exec_tests bin. Signed-off-by: Harald Hoyer <harald@profian.com>
enarx · Jul 14, 2022 · 4d368d9 · 4d368d9
1 parent 6383fef
commit 4d368d9
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 55 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -32,10 +32,6 @@ updates:
   directory: "tests/crates/enarx_syscall_tests"
   schedule:
     interval: "daily"
-- package-ecosystem: "cargo"
-  directory: "tests/crates/sev_attestation"
-  schedule:
-    interval: "daily"
 - package-ecosystem: "cargo"
   directory: "tests/crates/enarx_wasm_tests"
   schedule:

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -88,7 +88,6 @@ enarx_wasm_tests  = { path = "tests/crates/enarx_wasm_tests", artifact = "bin",
 [target.'cfg(all(target_os = "linux", target_arch = "x86_64"))'.dev-dependencies]
 enarx_exec_tests = { path = "tests/crates/enarx_exec_tests", artifact = "bin", target = "x86_64-unknown-linux-musl", default-features = false }
 enarx_syscall_tests = { path = "tests/crates/enarx_syscall_tests", artifact = "bin", target = "x86_64-unknown-none", default-features = false }
-sev_attestation = { path = "tests/crates/sev_attestation", artifact = "bin", target = "x86_64-unknown-linux-musl", default-features = false }
 
 [target.'cfg(not(windows))'.dev-dependencies]
 async-h1 = { version = "2.3.3", default-features = false }

diff --git a/tests/crates/enarx_exec_tests/Cargo.toml b/tests/crates/enarx_exec_tests/Cargo.toml
@@ -7,3 +7,6 @@ license = "Apache-2.0"
 [dependencies]
 libc = { version = "0.2.102", default-features = false }
 sallyport = { path = "../../../crates/sallyport", default-features = false }
+
+[dev-dependencies]
+testaso = { version = "0.1", default-features = false }
diff --git a/tests/crates/sev_attestation/src/main.rs → ...arx_exec_tests/src/bin/sev_attestation.rs b/tests/crates/sev_attestation/src/main.rs → ...arx_exec_tests/src/bin/sev_attestation.rs
@@ -2,16 +2,38 @@
 
 #![feature(core_ffi_c)]
 
+use enarx_exec_tests::musl_fsbase_fix;
+
 use std::arch::asm;
 use std::convert::TryFrom;
 use std::mem::size_of;
 
 use sallyport::item::enarxcall::SYS_GETATT;
-use sallyport::item::syscall::ARCH_SET_FS;
-use sallyport::libc::SYS_arch_prctl;
+
+musl_fsbase_fix!();
 
 pub const MAX_AUTHTAG_LEN: usize = 32;
 
+/// TcbVersion represents the version of the firmware.
+///
+/// (Chapter 2.2; Table 3)
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+#[repr(C)]
+pub struct TcbVersion {
+    /// Current bootloader version.
+    /// SVN of PSP bootloader.
+    pub bootloader: u8,
+    /// Current PSP OS version.
+    /// SVN of PSP operating system.
+    pub tee: u8,
+    pub _reserved: [u8; 4],
+    /// Version of the SNP firmware.
+    /// Security Version Number (SVN) of SNP firmware.
+    pub snp: u8,
+    /// Lowest current patch level of all the cores.
+    pub microcode: u8,
+}
+
 #[repr(C)]
 pub struct SnpGuestMsgHdr {
     pub authtag: [u8; MAX_AUTHTAG_LEN],
@@ -53,7 +75,7 @@ struct SnpReportData {
     pub image_id: [u8; 16],
     pub vmpl: u32,
     pub sig_algo: u32,
-    pub current_tcb: u64,
+    pub current_tcb: TcbVersion,
     pub plat_info: u64,
     pub author_key_en: u32,
     rsvd1: u32,
@@ -64,10 +86,10 @@ struct SnpReportData {
     pub author_key_digest: [u8; 48],
     pub report_id: [u8; 32],
     pub report_id_ma: [u8; 32],
-    pub reported_tcb: u64,
+    pub reported_tcb: TcbVersion,
     rsvd2: [u8; 24],
     pub chip_id: [u8; 64],
-    pub committed_tcb: u64,
+    pub committed_tcb: TcbVersion,
     pub current_build: u8,
     pub current_minor: u8,
     pub current_major: u8,
@@ -105,31 +127,6 @@ impl TryFrom<u64> for TeeTech {
     }
 }
 
-/// Set FSBASE
-///
-/// Overwrite the only location in musl, which uses the `arch_prctl` syscall
-#[no_mangle]
-pub extern "C" fn __set_thread_area(p: *mut core::ffi::c_void) -> core::ffi::c_int {
-    let mut rax: usize = 0;
-    if unsafe { core::arch::x86_64::__cpuid(7).ebx } & 1 == 1 {
-        unsafe {
-            std::arch::asm!("wrfsbase {}", in(reg) p);
-        }
-    } else {
-        unsafe {
-            std::arch::asm!(
-            "syscall",
-            inlateout("rax")  SYS_arch_prctl => rax,
-            in("rdi") ARCH_SET_FS,
-            in("rsi") p,
-            lateout("rcx") _, // clobbered
-            lateout("r11") _, // clobbered
-            );
-        }
-    }
-    rax as _
-}
-
 pub fn get_att_syscall(
     nonce: Option<&mut [u8]>,
     buf: Option<&mut [u8]>,
@@ -284,7 +281,10 @@ fn get_att(mut nonce: [u8; 64]) -> std::io::Result<()> {
     assert_eq!(report.version, 2);
     assert_eq!(nonce, report.report_data);
 
+    eprintln!("report_buf: {:?}", report_buf);
+
     eprintln!("report: {:?}", report);
+
     eprintln!("vcek: {:?}", vcek_buf);
     Ok(())
 }

diff --git a/tests/crates/sev_attestation/Cargo.toml b/tests/crates/sev_attestation/Cargo.toml
diff --git a/tests/exec/mod.rs b/tests/exec/mod.rs
@@ -84,7 +84,7 @@ fn rust_sev_attestation() {
             return;
         }
     }
-    let bin = env!("CARGO_BIN_FILE_SEV_ATTESTATION_sev_attestation");
+    let bin = env!("CARGO_BIN_FILE_ENARX_EXEC_TESTS_sev_attestation");
     run_test(bin, 0, None, None, None);
 }