Skip to content

Commit

Permalink
Merge pull request #22 from slp/sev-es-lm
Browse files Browse the repository at this point in the history
utils: generate SEV-ES measurements
  • Loading branch information
slp authored Aug 8, 2022
2 parents b7b6746 + 49550e7 commit dde85c5
Show file tree
Hide file tree
Showing 2 changed files with 130 additions and 64 deletions.
189 changes: 125 additions & 64 deletions utils/sev_launch_measurement.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,77 +3,138 @@
#include <stdio.h>
#include <dlfcn.h>
#include <openssl/sha.h>
#include <unistd.h>

#include "vmsa.h"


int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n,
unsigned char *md);
unsigned char *md);

char * (*krunfw_get_kernel) (size_t *load_addr, size_t *size);
char * (*krunfw_get_initrd) (size_t *size);
char * (*krunfw_get_qboot) (size_t *size);


void measurement_sev_es(int num_cpus)
{
char *payload_addr;
size_t payload_size;
size_t load_addr;
SHA256_CTX shactx;
char digest[33];
int i;

SHA256_Init(&shactx);

payload_addr = krunfw_get_qboot(&payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_kernel(&load_addr, &payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_initrd(&payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

SHA256_Update(&shactx, &VMSA_BP, 4096);
for (i = 1; i < num_cpus; i++) {
SHA256_Update(&shactx, &VMSA_AP, sizeof(VMSA_BP));
}

SHA256_Final(&digest[0], &shactx);

printf("SEV-ES (%d CPUs): ", num_cpus);
for (i = 0; i < 32; ++i) {
printf("%02lx", digest[i] & 0xFFl);
}
printf("\n");
}

void measurement_sev()
{
char *payload_addr;
size_t payload_size;
size_t load_addr;
SHA256_CTX shactx;
char digest[33];
int i;

SHA256_Init(&shactx);

payload_addr = krunfw_get_qboot(&payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_kernel(&load_addr, &payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_initrd(&payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

SHA256_Final(&digest[0], &shactx);

printf("SEV: ");
for (i = 0; i < 32; ++i) {
printf("%02lx", digest[i] & 0xFFl);
}
printf("\n");
}

int main(int argc, char **argv)
{
char * (*krunfw_get_kernel) (size_t *load_addr, size_t *size);
char * (*krunfw_get_initrd) (size_t *size);
char * (*krunfw_get_qboot) (size_t *size);
char *payload_addr;
size_t payload_size;
size_t load_addr;
void *handle;
SHA256_CTX shactx;
char digest[33];
int i;

if (argc != 2) {
printf("Usage: %s LIBKRUNFW_SO\n", argv[0]);
exit(-1);
}

handle = dlopen(argv[1], RTLD_NOW);
if (handle == NULL) {
perror("Couldn't open library");
exit(-1);
}

krunfw_get_kernel = dlsym(handle, "krunfw_get_kernel");
if (krunfw_get_kernel == NULL) {
perror("Couldn't find krunfw_get_kernel symbol");
exit(-1);
}

krunfw_get_initrd = dlsym(handle, "krunfw_get_initrd");
if (krunfw_get_initrd == NULL) {
perror("Couldn't find krunfw_get_initrd symbol");
exit(-1);
}

krunfw_get_qboot = dlsym(handle, "krunfw_get_qboot");
if (krunfw_get_qboot == NULL) {
perror("Couldn't find krunfw_get_qboot symbol");
exit(-1);
}

SHA256_Init(&shactx);

payload_addr = krunfw_get_qboot(&payload_size);
printf("qboot: 0x%x, %lu\n", payload_addr, payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_kernel(&load_addr, &payload_size);
printf("kernel: 0x%x, %lu\n", payload_addr, payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

payload_addr = krunfw_get_initrd(&payload_size);
printf("initrd: 0x%x, %lu\n", payload_addr, payload_size);
SHA256_Update(&shactx, payload_addr, payload_size);

SHA256_Final(&digest[0], &shactx);

for (i = 0; i < 32; ++i) {
printf("%02lx", digest[i] & 0xFFl);
}

printf("\n");

return 0;
void *handle;
char *library;
int opt;
int num_cpus = 1;

while((opt = getopt(argc, argv, ":c:")) != -1)
{
switch(opt)
{
case 'c':
if ((num_cpus = atoi(optarg)) == 0) {
printf("Invalid number of CPUs\n");
}
break;
}
}

library = NULL;
if (optind >= argc) {
printf("Usage: %s [-c NUM_CPUS] LIBKRUNFW_SO\n", argv[0]);
exit(-1);
} else {
library = argv[optind];
}

handle = dlopen(library, RTLD_NOW);
if (handle == NULL) {
perror("Couldn't open library");
exit(-1);
}

krunfw_get_kernel = dlsym(handle, "krunfw_get_kernel");
if (krunfw_get_kernel == NULL) {
perror("Couldn't find krunfw_get_kernel symbol");
exit(-1);
}

krunfw_get_initrd = dlsym(handle, "krunfw_get_initrd");
if (krunfw_get_initrd == NULL) {
perror("Couldn't find krunfw_get_initrd symbol");
exit(-1);
}

krunfw_get_qboot = dlsym(handle, "krunfw_get_qboot");
if (krunfw_get_qboot == NULL) {
perror("Couldn't find krunfw_get_qboot symbol");
exit(-1);
}

measurement_sev();
measurement_sev_es(num_cpus);

return 0;
}
Loading

0 comments on commit dde85c5

Please sign in to comment.