Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add eventlog parse logics for memory monitoring #404

Merged
merged 1 commit into from
Jan 12, 2024
Merged

Add eventlog parse logics for memory monitoring #404

merged 1 commit into from
Jan 12, 2024

Conversation

yawangwang
Copy link
Collaborator

@yawangwang yawangwang commented Dec 21, 2023
edited
Loading

Adding eventlog parse logics for memory monitoring.

@yawangwang yawangwang force-pushed the measure-monitor branch 2 times, most recently from 860a4aa to f812084 Compare December 21, 2023 23:37
@yawangwang yawangwang changed the title Measure memory monitoring into Memory monitoring measurement Dec 23, 2023
@yawangwang
Copy link
Collaborator Author

/gcbrun

@jkl73
Copy link
Contributor

jkl73 commented Jan 4, 2024

We can split the change to 2 PRs, we first merge the eventlog parsing logic, and wait for it to deploy to the service. And then merge the measuring logic PR, so the image test can pass here.

@yawangwang
Copy link
Collaborator Author

/gcbrun

@yawangwang
Copy link
Collaborator Author

We can split the change to 2 PRs, we first merge the eventlog parsing logic, and wait for it to deploy to the service. And then merge the measuring logic PR, so the image test can pass here.

Looks like confidential space VMs failed to start due to unknown COS event type errors returned by VerifyAttestation if we add measuring logics to this PR.
Done.

@yawangwang
Copy link
Collaborator Author

/gcbrun

@yawangwang yawangwang changed the title Memory monitoring measurement Add eventlog parse logics for memory monitoring Jan 5, 2024
@yawangwang
Copy link
Collaborator Author

/gcbrun

jkl73
jkl73 reviewed Jan 11, 2024
View reviewed changes
server/eventlog.go Outdated
@@ -198,6 +199,10 @@ func getVerifiedCosState(coscel cel.CEL) (*pb.AttestedCosState, error) {
cosState.Container.OverriddenEnvVars[envName] = envVal
case cel.LaunchSeparatorType:
seenSeparator = true
case cel.MemoryMonitorType:
if len(cosTlv.EventContent) > 0 && cosTlv.EventContent[0] == uint8(1) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be more definitive here, by making sure the len(cosTlv.EventContent) == 1

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And for failsafe, I think the default value for cosState.HealthMonitoring.MemoryEnabled should be true, and when we see the eventContent == 0 here, we can turn it to false

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be more definitive here, by making sure the len(cosTlv.EventContent) == 1

Done.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And for failsafe, I think the default value for cosState.HealthMonitoring.MemoryEnabled should be true, and when we see the eventContent == 0 here, we can turn it to false

Discussed offline, we agree to keep the default value as false.

@yawangwang
Copy link
Collaborator Author

/gcbrun

@yawangwang yawangwang requested a review from jkl73 January 11, 2024 23:05
@yawangwang
Copy link
Collaborator Author

/gcbrun

@yawangwang
Copy link
Collaborator Author

/gcbrun

@yawangwang yawangwang merged commit 912a436 into google:main Jan 12, 2024
11 checks passed
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Feb 22, 2024
@alexmwu
Release v0.4.3
a4942dc 
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
@alexmwu alexmwu mentioned this pull request Feb 22, 2024
Merged
alexmwu added a commit that referenced this pull request Feb 22, 2024
@alexmwu
Release v0.4.3 (#416)
acbae2f 
New Features:
[launcher] Add TEE server IPC implementation #367
[launcher] Enable memory monitoring in CS #391
Use TDX quote provider to attest and verify #405
Integrate nonce verification as part of the TDX quote validation procedure. #395
Add RISC V support #407
[launcher] Use resizable integrity-fs with in-memory tags #412

Bug Fixes:
[launcher] Fix launcher exit code #384
[launcher] Handle exit code checking during deferral evaluation #392
[cmd] Skip tests that call setGCEAKTemplate #402
[launcher] Fix teeserver context reset issue & add container signature cache #397
Set all unused parameters as _ to fix CI lint failure #411
[launcher] Make customtoken test sleep to mitigate clock skew #413

Other Changes:
Add eventlog parse logics for memory monitoring #404
[launcher]: Add memory monitor measurement logics #408
Update go-tdx-guest version to v0.3.1 #414

New Contributors:
@KeithMoyer in #392
@vbalain in #405
@aimixsaka in #407
alexmwu added a commit to alexmwu/go-tpm-tools that referenced this pull request Mar 29, 2024
@alexmwu
Release v0.4.3
f4ddf5c 
New Features:
[launcher] Add TEE server IPC implementation google#367
[launcher] Enable memory monitoring in CS google#391
Use TDX quote provider to attest and verify google#405
Integrate nonce verification as part of the TDX quote validation procedure. google#395
Add RISC V support google#407
[launcher] Use resizable integrity-fs with in-memory tags google#412

Bug Fixes:
[launcher] Fix launcher exit code google#384
[launcher] Handle exit code checking during deferral evaluation google#392
[cmd] Skip tests that call setGCEAKTemplate google#402
[launcher] Fix teeserver context reset issue & add container signature cache google#397
Set all unused parameters as _ to fix CI lint failure google#411
[launcher] Make customtoken test sleep to mitigate clock skew google#413

Other Changes:
Add eventlog parse logics for memory monitoring google#404
[launcher]: Add memory monitor measurement logics google#408
Update go-tdx-guest version to v0.3.1 google#414

New Contributors:
@KeithMoyer in google#392
@vbalain in google#405
@aimixsaka in google#407
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkl73 jkl73 jkl73 approved these changes

@alexmwu alexmwu Awaiting requested review from alexmwu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yawangwang @jkl73