google · alexmwu · Nov 17, 2021 · Nov 17, 2021 · Jul 1, 2022 · Jul 1, 2022
diff --git a/internal/test/eventlogs/cos-101-amd-sev.bin b/internal/test/eventlogs/cos-101-amd-sev.bin
diff --git a/internal/test/test_data.go b/internal/test/test_data.go
@@ -22,6 +22,15 @@ var (
 	Cos85AmdSevEventLog []byte
 	//go:embed eventlogs/cos-93-amd-sev.bin
 	Cos93AmdSevEventLog []byte
+	//go:embed eventlogs/cos-101-amd-sev.bin
+	Cos101AmdSevEventLog []byte
+)
+
+// Kernel command lines from event logs.
+var (
+	Cos85AmdSevCmdline  = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16\"\x00"
+	Cos93AmdSevCmdline  = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44\"\x00"
+	Cos101AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab\"\x00"
 )
 
 // Attestation .pb files.

diff --git a/proto/attest.proto b/proto/attest.proto
@@ -71,6 +71,36 @@ message GrubState {
   // and kernel modules.
   repeated string commands = 2;
 }
+
+// DmVerityState exposes the cryptographic properties of a verity block device.
+// It does not include per-machine specifics, like the device containing the
+// or the device containing the hash tree. Users should build a dm-verity
+// device and extract its root hash prior to validating the state here.
+//
+// Currently, we only support ChromiumOS-style dm-verity command line flags
+// versus upstream kernel flags.
+// See (respectively):
+// https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/installer/chromeos_setimage.cc
+// vs
+// https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html
+message DmVerityState {
+  // The hash algorithm used for the dm-verity device.
+  tpm.HashAlgo hash_alg = 1;
+  // The root digest used for the dm-verity device.
+  bytes root_digest = 2;
+  // The cryptographic salt applied to the final digest.
+  bytes salt = 3;
+}
+
+// The state of the Linux kernel.
+// At the moment, parsing LinuxKernelState relies on parsing the GrubState.
+// To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState.
+message LinuxKernelState {
+  // The kernel command line.
+  string command_line = 1;
+  // The dm-verity configuration extracted from the kernel command line.
+  repeated DmVerityState verity = 2;
+}
 
 // A parsed event from the TCG event log
 message Event {
@@ -189,7 +219,7 @@ message MachineState {
 
   GrubState grub = 5;
 
-  // LinuxKernelState linux_kernel = 6;
+  LinuxKernelState linux_kernel = 6;
 
   AttestedCosState cos = 7;
 }