Lib.rs

Cryptographyaz-cvm-vtpm
#azure #tdx #tpm #virtualization

bin+lib az-tdx-vtpm

vTPM based TDX attestation for Azure Confidential VMs

by Magnus Kulke, Suraj Deshmukh and 4 contributors

9 unstable releases (3 breaking)

0.7.1 Nov 18, 2024
0.7.0 Sep 6, 2024
0.6.0 Jul 8, 2024
0.5.3 May 14, 2024
0.4.0 Nov 28, 2023

#779 in Cryptography

Download history 571/week @ 2024-08-20 780/week @ 2024-08-27 868/week @ 2024-09-03 899/week @ 2024-09-10 293/week @ 2024-09-17 542/week @ 2024-09-24 568/week @ 2024-10-01 490/week @ 2024-10-08 520/week @ 2024-10-15 456/week @ 2024-10-22 693/week @ 2024-10-29 650/week @ 2024-11-05 711/week @ 2024-11-12 875/week @ 2024-11-19 507/week @ 2024-11-26 518/week @ 2024-12-03

2,733 downloads per month

MIT license

41KB
772 lines

az-tdx-vtpm

Rust Crate Docs

This library enables guest attestation and verification for TDX CVMs on Azure.

Build & Install

cargo b --release -p az-tdx-vtpm
scp ../target/release/tdx-vtpm azureuser@$CONFIDENTIAL_VM:

Run Binary

On the TDX CVM, retrieve a TD Quote and write it to disk:

sudo ./tdx-vtpm

Integration Tests

The integration test suite can run on a TDX CVM. It needs to be executed as root and the tests have to run sequentially.

sudo -E env "PATH=$PATH" cargo t --features integration_test -- --test-threads 1

lib.rs:

This library enables guest attestation flows for TDX CVMs on Azure.

A TD report can be retrieved in parsed form using report::get_report() function, or as raw bytes including the hcl envelope using vtpm::get_report(). The library provides a function to retrieve the TD quote from the Azure Instance Metadata Service (IMDS) using imds::get_td_quote(), produce returning a quote signed by a TDX Quoting Enclave.

Variable Data is part of the HCL envelope and holds the public part of the vTPM Attestation Key (AK). A hash of the Variable Data block is included in the TD report as reportdata. TPM quotes retrieved with vtpm::get_quote() should be signed by this AK. A verification function would need to check this to ensure the TD report is linked to this unique TDX CVM.

use az_tdx_vtpm::{hcl, imds, report, tdx, vtpm};
use openssl::pkey::{PKey, Public};
use std::error::Error;

fn main() -> Result<(), Box<dyn Error>> {
  let td_report = report::get_report()?;
  let td_quote_bytes = imds::get_td_quote(&td_report)?;
  std::fs::write("td_quote.bin", td_quote_bytes)?;

  let bytes = vtpm::get_report()?;
  let hcl_report = hcl::HclReport::new(bytes)?;
  let var_data_hash = hcl_report.var_data_sha256();
  let ak_pub = hcl_report.ak_pub()?;

  let td_report: tdx::TdReport = hcl_report.try_into()?;
  assert!(var_data_hash == td_report.report_mac.reportdata[..32]);
  let nonce = "a nonce".as_bytes();

  let tpm_quote = vtpm::get_quote(nonce)?;
  let der = ak_pub.key.try_to_der()?;
  let pub_key = PKey::public_key_from_der(&der)?;
  tpm_quote.verify(&pub_key, nonce)?;

  Ok(())
}

Dependencies

~6–18MB
~189K SLoC