feat: implement first phase of TDX Measurement Extensions #162
Conversation
yogeshbdeshpande
force-pushed
the
tdx-profile
branch
2 times, most recently
from
cd06383 to
2c3a227
Compare
yogeshbdeshpande
changed the title
- Define TDX Extension code points in the Comid Measurement Value Extension Slot - Provide Examples of TDX Platform(SEAM), Provisioning Certification Enclave(PCE) and TDX Quoting Enclace(QE) Reference Values - Implement CBOR and JSON Encoding and Decoding of TDX Extension Points to generate TDX CoMIDs The implementation adheres to https://datatracker.ietf.org/doc/draft-cds-rats-intel-corim-profile/ Signed-off-by: Yogesh Deshpande <[email protected]>
yogeshbdeshpande
force-pushed
the
tdx-profile
branch
from
d1cae5c to
ea4c4da
Compare
| return nil | ||
| } | ||
|
|
||
| func extractPCEMeasurements(meas *comid.Measurements) error { |
There was a problem hiding this comment.
Given the non-trivial operations invoved in extracting PCE values, is it worth adding some exported helper functions that would remove the need for thise internal functions?
| // -----END PUBLIC KEY----- | ||
| } | ||
|
|
||
| func extractQERefVals(c *comid.Comid) error { |
There was a problem hiding this comment.
ditto for QE values -- it seems it would be useful to export this helper function, modified to return the actual extracted values.
| @@ -37,3 +37,4 @@ and giving it a new type or a value (for enums). | |||
| Please see [extensions documentation](extensions/README.md) for details. | |||
|
|
|||
|
|
|||
|
|
|||
| @@ -441,7 +441,9 @@ func (o Mval) Valid() error { | |||
| o.UEID == nil && | |||
| o.UUID == nil && | |||
| o.IntegrityRegisters == nil && | |||
|
|
|||
| // that you own. | ||
|
|
||
| func init() { | ||
| profileID, err := eat.NewProfile("http://intel.com/tdx-profile") |
There was a problem hiding this comment.
It's not versioned? And it's not https? And isn't CoRIM specific? I'd expect there to be an EAT profile for TDX as well that would clash.
Ned needs to add a /v1 or and ensure it's https-protected.
| return &TeeISVProdID{val: t} | ||
| case int: | ||
| if t < 0 { | ||
| return nil |
There was a problem hiding this comment.
nil as error value is an anti-pattern. Can you not return (*TeeISVProdID, error)?
|
|
||
| import "fmt" | ||
|
|
||
| const MaxSVNCount = 16 |
There was a problem hiding this comment.
Exported variables should be commented, generally throughout this PR.
comid/tdx-profile/test_vars.go
Outdated
There was a problem hiding this comment.
Why do none of these CoRIMs use the TDX profile identifier? That's what's needed to interpret the profile-specific values..
There was a problem hiding this comment.
This is the CoMID construction, so you do not see the Intel Profile. Yes, once I produce the CoRIM Template, there will be Intel Profile Identifier!
Signed-off-by: Yogesh Deshpande <[email protected]>
Signed-off-by: Yogesh Deshpande <[email protected]>
Signed-off-by: Yogesh Deshpande <[email protected]>
See Issue #163