SYS-OSS/FRET-qemu
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
FRET-qemu/include/hw/virtio/virtio-nsm.h
Dorjoy Chowdhury bb154e3e0c device/virtio-nsm: Support for Nitro Secure Module device 
Nitro Secure Module (NSM)[1] device is used in AWS Nitro Enclaves[2]
for stripped down TPM functionality like cryptographic attestation.
The requests to and responses from NSM device are CBOR[3] encoded.

This commit adds support for NSM device in QEMU. Although related to
AWS Nitro Enclaves, the virito-nsm device is independent and can be
used in other machine types as well. The libcbor[4] library has been
used for the CBOR encoding and decoding functionalities.

[1] https://lists.oasis-open.org/archives/virtio-comment/202310/msg00387.html
[2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
[3] http://cbor.io/
[4] https://libcbor.readthedocs.io/en/latest/

Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
Reviewed-by: Alexander Graf <graf@amazon.com>
Link: https://lore.kernel.org/r/20241008211727.49088-3-dorjoychy111@gmail.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-10-31 18:28:32 +01:00

50 lines
1.2 KiB
C
Raw Blame History

/*
* AWS Nitro Secure Module (NSM) device
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef QEMU_VIRTIO_NSM_H
#define QEMU_VIRTIO_NSM_H
#include "crypto/hash.h"
#include "hw/virtio/virtio.h"
#include "qom/object.h"
#define NSM_MAX_PCRS 32
#define TYPE_VIRTIO_NSM "virtio-nsm-device"
OBJECT_DECLARE_SIMPLE_TYPE(VirtIONSM, VIRTIO_NSM)
#define VIRTIO_NSM_GET_PARENT_CLASS(obj) \
OBJECT_GET_PARENT_CLASS(obj, TYPE_VIRTIO_NSM)
struct PCRInfo {
bool locked;
uint8_t data[QCRYPTO_HASH_DIGEST_LEN_SHA384];
};
struct VirtIONSM {
VirtIODevice parent_obj;
/* Only one vq - guest puts request and response buffers on it */
VirtQueue *vq;
/* NSM State */
uint16_t max_pcrs;
struct PCRInfo pcrs[NSM_MAX_PCRS];
char *digest;
char *module_id;
uint8_t version_major;
uint8_t version_minor;
uint8_t version_patch;
bool (*extend_pcr)(VirtIONSM *vnsm, int ind, uint8_t *data, uint16_t len);
void (*lock_pcr)(VirtIONSM *vnsm, int ind);
};
#endif
Reference in New Issue View Git Blame Copy Permalink