diff --git a/.github/auto_assign-issues.yml b/.github/auto_assign-issues.yml old mode 100644 new mode 100755 diff --git a/.github/auto_assign.yml b/.github/auto_assign.yml old mode 100644 new mode 100755 diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml old mode 100644 new mode 100755 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml old mode 100644 new mode 100755 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml old mode 100644 new mode 100755 diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 diff --git a/Cargo.lock b/Cargo.lock old mode 100644 new mode 100755 diff --git a/Cargo.toml b/Cargo.toml old mode 100644 new mode 100755 index 0d454ab..ec2928a --- a/Cargo.toml +++ b/Cargo.toml @@ -18,6 +18,7 @@ rust-version = "1.70" default = [] hyperv = ["tss-esapi"] + [dependencies] clap = { version = "<4.5", features = [ "derive" ] } env_logger = "0.10.0" @@ -26,7 +27,7 @@ sev = { version = "^3.1.1", default-features = false, features = ['openssl','snp nix = "^0.23" serde = { version = "1.0", features = ["derive"] } bincode = "^1.2.1" -openssl = { version = "^0.10", features = ["vendored"]} +openssl = { version = "^0.10", features = ["vendored"] } reqwest = { version="0.11.10", features = ["blocking"] } hex = "0.4" x509-parser = { version="^0.14", features=["verify"] } @@ -36,3 +37,4 @@ tss-esapi = { version = "7.2", optional=true } msru = "0.2.0" colorful = "0.2.2" bitfield = "0.13.2" +clap = { version = "4.5.4", features = ["derive"] } diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/docs/extended.PNG b/docs/extended.PNG old mode 100644 new mode 100755 diff --git a/docs/regular.PNG b/docs/regular.PNG old mode 100644 new mode 100755 diff --git a/docs/snpguest.1.adoc b/docs/snpguest.1.adoc old mode 100644 new mode 100755 diff --git a/src/certs.rs b/src/certs.rs old mode 100644 new mode 100755 diff --git a/src/display.rs b/src/display.rs old mode 100644 new mode 100755 diff --git a/src/fetch.rs b/src/fetch.rs old mode 100644 new mode 100755 diff --git a/src/hyperv/mod.rs b/src/hyperv/mod.rs old mode 100644 new mode 100755 diff --git a/src/key.rs b/src/key.rs old mode 100644 new mode 100755 diff --git a/src/main.rs b/src/main.rs old mode 100644 new mode 100755 index 1e9624e..d73ce16 --- a/src/main.rs +++ b/src/main.rs @@ -8,6 +8,7 @@ mod key; mod ok; mod report; mod verify; +mod measure; #[cfg(feature = "hyperv")] mod hyperv; @@ -18,6 +19,7 @@ use fetch::FetchCmd; use key::KeyArgs; use report::ReportArgs; use verify::VerifyCmd; +use measure::MeasureArgs; use anyhow::{Context, Result}; use clap::{arg, Parser, Subcommand, ValueEnum}; @@ -61,6 +63,11 @@ enum SnpGuestCmd { /// Probe system for SEV-SNP support. #[command(subcommand)] Ok, + + #[structopt(about = "Use the guest's attributes to create a pre calculated measurement.")] + Measure(MeasureArgs), + + } fn main() -> Result<()> { @@ -82,6 +89,7 @@ fn main() -> Result<()> { SnpGuestCmd::Display(subcmd) => display::cmd(subcmd, snpguest.quiet), SnpGuestCmd::Key(args) => key::get_derived_key(args), SnpGuestCmd::Ok => ok::cmd(snpguest.quiet), + SnpGuestCmd::Measure(args) => measure::cmd(args), }; if let Err(ref e) = status { diff --git a/src/measure.rs b/src/measure.rs new file mode 100755 index 0000000..204dc47 --- /dev/null +++ b/src/measure.rs @@ -0,0 +1,121 @@ +use super::*; +use sev::measurement::{self, gctx, ovmf, sev_hashes, snp::{self, SnpMeasurementArgs}, vcpu_types, vmsa}; +use std::{fmt, str::FromStr}; +use anyhow::{anyhow, Result}; + + +use serde::{Deserialize, Serialize}; +use structopt::StructOpt; +use std::path::{Path, PathBuf}; +use clap::{Args, Parser, builder, Subcommand}; + + +#[derive(Parser, Debug, , Subcommand)] +#[command(author, version, about, long_about = None)] +pub struct MeasureArgs{ + +#[arg(short, long, help = "Kernel command line to calculate hash from (use with --kernel)")] +pub append: u64, + + +} + + + +pub fn cmd(args: MeasureArgs) -> Result<()>{ + let mut args = MeasureArgs::parse(); + println!("{:?}", args); + + // let vcpu_type = vcpu_types::CpuType::from_str(args.vcpu_type.as_str())?; + + + + // let collected_args:SnpMeasurementArgs = measurement::snp+:SnpMeasurementArgs { + // vcpus: args.vcpus, + // vcpu_type: args.vcpu_type, + // ovmf_file: args.ovmf_path, + // guest_features: vmsa::GuestFeatures(args.guest_features), + // kernel_file: args.kernel, + // initrd_file: args.initrd, + // append: Some(&*args.append), + // ovmf_hash_str: Some(args.snp_ovmf_hash.as_str()), + // vmm_type: Some(measurement::vmsa::VMMType::try_from(args.vmm_type)?) + // }; + + + // match sev::measurement::snp::snp_calc_launch_digest(collected_args) { + // Ok(ld) => println!("{:?}", ld), + // Err(_) => return Err(anyhow!("Error calculating the measurement.")) + // }; + + Ok(()) + + + + +} + + + + + + + +// #[clap(long, help = "Show program's version number and exit")] +// pub version: String, + +// #[arg(long, help = "{snp,snp:ovmf-hash,snp:svsm}", value_parser = builder::PossibleValuesParser::new(["snp", "snp:ovmf-hash", "snp:svsm"]) )] +// pub mode: String, + +// #[arg(long, help = "Number of guest vcpus")] +// pub vcpus: u32, + +// #[arg(long, help = "Type of guest vcpu (EPYC, EPYC-v1, EPYC-v2, EPYC-IBPB, EPYC-v3, EPYC-v4, +// EPYC-Rome, EPYC-Rome-v1, EPYC-Rome-v2, EPYC-Rome-v3, EPYC-Milan, EPYC- +// Milan-v1, EPYC-Milan-v2, EPYC-Genoa, EPYC-Genoa-v1)")] +// pub vcpu_type: String, + +// // #[arg(long, help = "Guest vcpu signature value")] +// // pub vcpu_sig: String, + +// // #[arg(long, help = "Guest vcpu family")] +// // pub vcpu_family: String, + +// // #[arg(long, help = "Guest vcpu model")] +// // pub vcpu_model: String, + +// #[arg(long, help = "Type of guest vmm (1 = QEMU, 2 = ec2, 3 = KRUN)", value_parser = builder::PossibleValuesParser::new(["1", "2", "3"]))] +// pub vmm_type: u8, + +// #[arg(long, help = "OVMF file to calculate hash from")] +// pub ovmf_path: PathBuf, + +// #[arg(long, help = "Hex representation of the guest kernel features expected to be included +// (defaults to 0x1); see README.md for possible values", default_value = "0x1")] +// pub guest_features: u64, + +// // #[arg(long, help = "Measurement output format {hex, base64}")] +// // pub output_format: String, + +// #[arg(long, help = "Precalculated hash of the OVMF binary (hex string)", value_parser)] +// pub snp_ovmf_hash: String, + +// // #[arg(long, help = "Write measured VMSAs to +vmsa.bin (seves, snp, and snp:svsm modes only)")] +// // pub dump_vmsa: String, + +// // #[arg(long, help = "SVSM binary", required_if = ("mode", "snp:svsm"))] +// // pub svsm_path: Option, + +// // #[arg(long, help = "Size of the OVMF_VARS file in bytes (conflicts with --vars-file)", +// // required_if = ("mode", "snp:svsm"))] +// // pub vars_size: u64, + +// // #[arg(long, help = "OVMF_VARS file (conflicts with --vars-size)", required_if = ("mode", "snp:svsm"))] +// // pub vars_file: Option +// #[arg(long, help = "Initrd file to calculate hash from (use with --kernel)")] +// pub initrd: Option, + + +// #[arg(long, help = "Kernel file to calculate hash from", requires = ("append"), requires = ("initrd"))] +// pub kernel: Option, + diff --git a/src/ok.rs b/src/ok.rs old mode 100644 new mode 100755 diff --git a/src/report.rs b/src/report.rs old mode 100644 new mode 100755 diff --git a/src/verify.rs b/src/verify.rs old mode 100644 new mode 100755