diff --git a/attestation-agent/attester/src/tdx/mod.rs b/attestation-agent/attester/src/tdx/mod.rs index 4e2a265a3..efaa8daf1 100644 --- a/attestation-agent/attester/src/tdx/mod.rs +++ b/attestation-agent/attester/src/tdx/mod.rs @@ -14,6 +14,7 @@ use base64::Engine; use log::debug; use scroll::Pread; use serde::{Deserialize, Serialize}; +use std::fs; use std::path::Path; use tdx_attest_rs::tdx_report_t; @@ -59,6 +60,8 @@ fn runtime_measurement_extend_available() -> bool { true } +pub const DEFAULT_EVENTLOG_PATH: &str = "/run/attestation-agent/eventlog"; + #[derive(Serialize, Deserialize)] struct TdxEvidence { // Base64 encoded CC Eventlog ACPI table @@ -66,6 +69,8 @@ struct TdxEvidence { cc_eventlog: Option, // Base64 encoded TD quote. quote: String, + // Eventlog of Attestation Agent + aa_eventlog: Option, } #[derive(Debug, Default)] @@ -102,7 +107,19 @@ impl Attester for TdxAttester { } }; - let evidence = TdxEvidence { cc_eventlog, quote }; + let aa_eventlog = match fs::read_to_string(DEFAULT_EVENTLOG_PATH) { + Result::Ok(el) => Some(el), + Result::Err(e) => { + log::warn!("Read AA Eventlog failed: {:?}", e); + None + } + }; + + let evidence = TdxEvidence { + cc_eventlog, + quote, + aa_eventlog, + }; serde_json::to_string(&evidence).context("Serialize TDX evidence failed") }