aa/attester: IBM Secure Execution driver fix comments

Signed-off-by: Qi Feng Huo <[email protected]>

attestation-agent/attester/src/lib.rs

@@ -34,7 +34,6 @@ pub mod csv;
 pub mod tsm_report;
 
 #[cfg(feature = "se-attester")]
-#[cfg(target_arch = "s390x")]
 pub mod se;
 
 pub type BoxedAttester = Box<dyn Attester + Send + Sync>;
@@ -60,7 +59,6 @@ impl TryFrom<Tee> for BoxedAttester {
             #[cfg(feature = "csv-attester")]
             Tee::Csv => Box::<csv::CsvAttester>::default(),
             #[cfg(feature = "se-attester")]
-            #[cfg(target_arch = "s390x")]
             Tee::Se => Box::<se::SeAttester>::default(),
             _ => bail!("TEE is not supported!"),
         };
@@ -134,7 +132,6 @@ pub fn detect_tee_type() -> Tee {
     }
 
     #[cfg(feature = "se-attester")]
-    #[cfg(target_arch = "s390x")]
     if se::detect_platform() {
         return Tee::Se;
     }

attestation-agent/attester/src/se/mod.rs

@@ -7,6 +7,7 @@ use super::Attester;
 use anyhow::*;
 use log::debug;
 use pv::{
+    misc,
     request::BootHdrTags,
     uv::{AttestationCmd, ConfigUid, UvDevice},
 };
@@ -15,19 +16,10 @@ use serde_json;
 use serde_with::{base64::Base64, serde_as};
 
 pub fn detect_platform() -> bool {
-    // run always on s390x machine
-    let v = std::fs::read("/sys/firmware/uv/prot_virt_guest").unwrap_or_else(|_| vec![0]);
-    let v: u8 = String::from_utf8_lossy(&v[..1]).parse().unwrap_or(0);
-    v == 1
-}
-
-#[serde_as]
-#[derive(Clone, Debug, Serialize, Deserialize)]
-pub struct UserData {
-    #[serde_as(as = "Base64")]
-    image_btph: Vec<u8>,
+    misc::pv_guest_bit_set()
 }
 
+#[repr(C)]
 #[serde_as]
 #[derive(Debug, Serialize, Deserialize)]
 pub struct SeAttestationRequest {
@@ -43,8 +35,9 @@ pub struct SeAttestationRequest {
     image_hdr_tags: BootHdrTags,
 }
 
+#[repr(C)]
 #[serde_as]
-#[derive(Clone, Debug, Serialize, Deserialize)]
+#[derive(Debug, Serialize, Deserialize)]
 pub struct SeAttestationResponse {
     #[serde_as(as = "Base64")]
     measurement: Vec<u8>,
@@ -69,21 +62,21 @@ pub struct SeAttester {}
 impl Attester for SeAttester {
     async fn get_evidence(&self, req: Vec<u8>) -> Result<String> {
         // req is serialized SeAttestationRequest String bytes
-        // TODO, calculate optional userdata based on the boot partition etc.
-        let image_btph = "optional check";
-        let userdata = UserData {
-            image_btph: image_btph.into(),
-        };
-
-        debug!("userdata json: {userdata:#?}");
-        // req is serialized SeAttestationRequest String bytes
-        let request: SeAttestationRequest = serde_json::from_slice(req)?;
-        let user_data = serde_json::to_vec(&userdata)?;
+        let request: SeAttestationRequest = serde_json::from_slice(&req)?;
+        let SeAttestationRequest {
+            request_blob,
+            measurement_size,
+            additional_size,
+            encr_measurement_key,
+            encr_request_nonce,
+            image_hdr_tags,
+        } = request;
+        let user_data = vec![0];
         let mut uvc: AttestationCmd = AttestationCmd::new_request(
-            request.request_blob.clone().into(),
+            request_blob.into(),
             Some(user_data.to_vec()),
-            request.measurement_size,
-            request.additional_size,
+            measurement_size,
+            additional_size,
         )?;
         let uv = UvDevice::open()?;
         uv.send_cmd(&mut uvc)?;
@@ -96,9 +89,9 @@ impl Attester for SeAttester {
             additional_data,
             user_data,
             cuid: *cuid,
-            encr_measurement_key: request.encr_measurement_key,
-            encr_request_nonce: request.encr_request_nonce,
-            image_hdr_tags: request.image_hdr_tags,
+            encr_measurement_key,
+            encr_request_nonce,
+            image_hdr_tags,
         };
 
         debug!("response json: {response:#?}");