New tee type: CCA (Confidential Compute Architecture)

The evidence is currently loaded from disk, it's actually a placeholder and should be updated if there is way available to get back the real evidence. Signed-off-by: Dave Chen <[email protected]>
confidential-containers · May 17, 2023 · 76b9457 · 76b9457
1 parent bb69943
commit 76b9457
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 4 deletions.
diff --git a/attester/Cargo.toml b/attester/Cargo.toml
@@ -18,8 +18,9 @@ tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimit
 
 [features]
 default = ["all-attesters"]
-all-attesters = ["tdx-attester", "occlum-attester", "az-snp-vtpm-attester"]
+all-attesters = ["tdx-attester", "occlum-attester", "az-snp-vtpm-attester", "cca-attester"]
 
 tdx-attester = ["tdx-attest-rs"]
 occlum-attester = ["occlum_dcap"]
 az-snp-vtpm-attester = ["az-snp-vtpm"]
+cca-attester = []
diff --git a/attester/src/cca/cca-claims-without-realm-challenge.json b/attester/src/cca/cca-claims-without-realm-challenge.json
@@ -0,0 +1,50 @@
+{
+  "cca-platform-token": {
+    "cca-platform-profile": "http://arm.com/CCA-SSD/1.0.0",
+    "cca-platform-implementation-id": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+    "cca-platform-instance-id": "AQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC",
+    "cca-platform-config": "AQID",
+    "cca-platform-lifecycle": 12288,
+    "cca-platform-sw-components": [
+      {
+          "measurement-type": "BL",
+          "measurement-value": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "3.4.2"
+        },
+        {
+          "measurement-type": "M1",
+          "measurement-value": "CwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.2.0"
+        },
+        {
+          "measurement-type": "M2",
+          "measurement-value": "DwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.2.3"
+        },
+        {
+          "measurement-type": "M3",
+          "measurement-value": "EwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "signer-id": "BwYFBAMCAQAPDg0MCwoJCBcWFRQTEhEQHx4dHBsaGRg=",
+          "version": "1.0.0"
+      }
+  ],
+    "cca-platform-service-indicator": "https://veraison.example/v1/challenge-response",
+    "cca-platform-hash-algo-id": "sha-256"
+  },
+  "cca-realm-delegated-token": {
+    "cca-realm-personalization-value": "QURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBREFEQURBRA==",
+    "cca-realm-initial-measurement": "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+    "cca-realm-extensible-measurements": [
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw==",
+      "Q0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQw=="
+    ],
+    "cca-realm-hash-algo-id": "sha-256",
+    "cca-realm-public-key": "BIL70TKptcOWh5+7FTQNkFCXjlXHnVJ5oroOlYVPN+IM0vZPO3K1cLvXc+7iznaEJe31Re2+if+v4OlrvUbicPIHlsRIuY2vRqdk0nRC5ubthPjOyBfm7ManHTo959Z+zQ==",
+    "cca-realm-public-key-hash-algo-id": "sha-512"
+  }
+}
diff --git a/attester/src/cca/mod.rs b/attester/src/cca/mod.rs
@@ -0,0 +1,44 @@
+// Copyright (c) 2023 Arm Ltd.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+use super::Attester;
+use anyhow::*;
+use std::env;
+
+// If the environment variable "CCA_ATTESTER" is set,
+// the TEE platform is considered as "CCA".
+
+// TODO: update the logic to detect the platform by the system path like "/sys/class/cca", "/sys/drivers/virtual/cca_attestation"
+// or the kernel config for the feature enablement.
+pub fn detect_platform() -> bool {
+    env::var("CCA_ATTESTER").is_ok()
+}
+
+#[derive(Debug, Default)]
+pub struct CCAAttester {}
+
+// NOTE: If we sign the evidence here rather by a veraison proxy (proxy to veraison verifier), we need to rustify the cbor lib to support the logic around signature.
+// TODO: Try crates cbor (https://crates.io/crates/cbor) to get rid of the proxy to the verasion service.
+#[allow(unused_variables)]
+impl Attester for CCAAttester {
+    fn get_evidence(&self, data: String) -> Result<String> {
+        let s = std::include_str!("cca-claims-without-realm-challenge.json").as_bytes();
+        let evidence = String::from_utf8_lossy(s);
+        log::info!("evidence: {}", evidence);
+        serde_json::to_string(&evidence).map_err(|_| anyhow!("Serialize evidence failed"))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_cca_get_evidence() {
+        let attester = CCAAttester::default();
+        let evidence = attester.get_evidence("".to_string());
+        assert!(evidence.is_ok());
+    }
+}
diff --git a/attester/src/lib.rs b/attester/src/lib.rs
@@ -12,18 +12,20 @@ pub mod sample;
 
 #[cfg(feature = "az-snp-vtpm-attester")]
 pub mod az_snp_vtpm;
-#[cfg(feature = "tdx-attester")]
-pub mod tdx;
-
+#[cfg(feature = "cca-attester")]
+pub mod cca;
 #[cfg(feature = "occlum-attester")]
 pub mod sgx_occlum;
+#[cfg(feature = "tdx-attester")]
+pub mod tdx;
 
 /// The supported TEE types:
 /// - Tdx: TDX TEE.
 /// - SgxOcclum: SGX TEE with Occlum Libos.
 /// - AzSnpVtpm: SEV-SNP TEE for Azure CVMs.
 /// - Sevsnp: SEV-SNP TEE.
 /// - Sample: A dummy TEE that used to test/demo the KBC functionalities.
+/// - Cca: Arm Confidential Compute Architecture TEE.
 #[derive(Debug, EnumString, Display)]
 #[strum(ascii_case_insensitive, serialize_all = "lowercase")]
 pub enum Tee {
@@ -33,13 +35,16 @@ pub enum Tee {
     Sevsnp,
     AzSnpVtpm,
     Sample,
+    Cca,
     Unknown,
 }
 
 impl Tee {
     pub fn to_attester(&self) -> Result<Box<dyn Attester + Send + Sync>> {
         match self {
             Tee::Sample => Ok(Box::<sample::SampleAttester>::default()),
+            #[cfg(feature = "cca-attester")]
+            Tee::Cca => Ok(Box::<cca::CCAAttester>::default()),
             #[cfg(feature = "tdx-attester")]
             Tee::Tdx => Ok(Box::<tdx::TdxAttester>::default()),
             #[cfg(feature = "occlum-attester")]
@@ -76,5 +81,10 @@ pub fn detect_tee_type() -> Tee {
         return Tee::AzSnpVtpm;
     }
 
+    #[cfg(feature = "cca-attester")]
+    if cca::detect_platform() {
+        return Tee::Cca;
+    }
+
     Tee::Unknown
 }
diff --git a/kbc/Cargo.toml b/kbc/Cargo.toml
@@ -41,6 +41,7 @@ all-attesters = ["kbs_protocol/all-attesters"]
 tdx-attester = ["kbs_protocol/tdx-attester"]
 occlum-attester = ["kbs_protocol/occlum-attester"]
 az-snp-vtpm-attester= ["kbs_protocol/az-snp-vtpm-attester"]
+cca-attester = ["kbs_protocol/cca-attester"]
 
 sample_kbc = []
 eaa_kbc = ["foreign-types"]

diff --git a/kbs_protocol/Cargo.toml b/kbs_protocol/Cargo.toml
@@ -25,6 +25,7 @@ all-attesters = ["attester/all-attesters"]
 tdx-attester = ["attester/tdx-attester"]
 occlum-attester = ["attester/occlum-attester"]
 az-snp-vtpm-attester = ["attester/az-snp-vtpm-attester"]
+cca-attester = ["attester/cca-attester"]
 
 rust-crypto = ["reqwest", "reqwest?/rustls-tls", "crypto/rust-crypto"]
 openssl = ["reqwest", "reqwest?/native-tls-vendored", "crypto/openssl"]