-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Linux kernel 6.x to fetch attestation report #1886
Conversation
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
internal/guest/linux/ioctl.go
Outdated
@@ -46,3 +46,10 @@ func Ioctl(f *os.File, command int, dataPtr unsafe.Pointer) error { | |||
} | |||
return nil | |||
} | |||
|
|||
// Ported from _IOWR macro. | |||
// Returns value for `command` parameter in Ioctl(). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can't have this function as it may be construed as a derived work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hard wire the results. We will get rid of the 5.15 path very soon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Tested it again in in both 5.x and 6.x.
Signed-off-by: Takuro Sato <takurosato@microsoft.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add Test_Fetch_Report
regardless and add a skip to the start of it:
func Test_Fetch_Report(t *testing.T) {
if !isSNPVM6() {
t.Skip("SNP is required")
}
// ...
}
that way we have the test if we ever set up SNP VMs, or want to test for regressions
Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com>
Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com>
* Working DM-Verity boot using 5..15 kernel Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Working to boot 6.1 or 5.15 kernels with vhd supplied userland and merkle tree. Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * PR #1886 changes which are required or gcs cannot start on 6.1 Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Use "modern" igvm tooling from github repo. Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up Makefile Signed-off-by: Joe Powell <joepowell@microsoft.com> * Add boot doc Signed-off-by: Joe Powell <joepowell@microsoft.com> * Remove startup_2 as it is now redundant Signed-off-by: Joe Powell <joepowell@microsoft.com> * Tidying Signed-off-by: Joe Powell <joepowell@microsoft.com> * print opts Signed-off-by: Joe Powell <joepowell@microsoft.com> * debug Signed-off-by: Joe Powell <joepowell@microsoft.com> * debug Signed-off-by: Joe Powell <joepowell@microsoft.com> * Remove extra err Signed-off-by: Joe Powell <joepowell@microsoft.com> * Rm fmt Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up startups Signed-off-by: Joe Powell <joepowell@microsoft.com> * Kick CI Signed-off-by: Joe Powell <joepowell@microsoft.com> * Add HvSock port annotation Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up merge Signed-off-by: Joe Powell <joepowell@microsoft.com> * Mark ups pre-rebasing Signed-off-by: Joe Powell <joepowell@microsoft.com> * gofmt Signed-off-by: Joe Powell <joepowell@microsoft.com> * More concise Makefile snp target Signed-off-by: Joe Powell <joepowell@microsoft.com> * Apply nits Signed-off-by: Joe Powell <joepowell@microsoft.com> --------- Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> Co-authored-by: Ken Gordon <Ken.Gordon@microsoft.com>
* Working DM-Verity boot using 5..15 kernel Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Working to boot 6.1 or 5.15 kernels with vhd supplied userland and merkle tree. Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * PR microsoft#1886 changes which are required or gcs cannot start on 6.1 Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Use "modern" igvm tooling from github repo. Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up Makefile Signed-off-by: Joe Powell <joepowell@microsoft.com> * Add boot doc Signed-off-by: Joe Powell <joepowell@microsoft.com> * Remove startup_2 as it is now redundant Signed-off-by: Joe Powell <joepowell@microsoft.com> * Tidying Signed-off-by: Joe Powell <joepowell@microsoft.com> * print opts Signed-off-by: Joe Powell <joepowell@microsoft.com> * debug Signed-off-by: Joe Powell <joepowell@microsoft.com> * debug Signed-off-by: Joe Powell <joepowell@microsoft.com> * Remove extra err Signed-off-by: Joe Powell <joepowell@microsoft.com> * Rm fmt Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up startups Signed-off-by: Joe Powell <joepowell@microsoft.com> * Kick CI Signed-off-by: Joe Powell <joepowell@microsoft.com> * Add HvSock port annotation Signed-off-by: Joe Powell <joepowell@microsoft.com> * Clean up merge Signed-off-by: Joe Powell <joepowell@microsoft.com> * Mark ups pre-rebasing Signed-off-by: Joe Powell <joepowell@microsoft.com> * gofmt Signed-off-by: Joe Powell <joepowell@microsoft.com> * More concise Makefile snp target Signed-off-by: Joe Powell <joepowell@microsoft.com> * Apply nits Signed-off-by: Joe Powell <joepowell@microsoft.com> --------- Signed-off-by: Ken Gordon <Ken.Gordon@microsoft.com> Signed-off-by: Joe Powell <joepowell@microsoft.com> Co-authored-by: Ken Gordon <Ken.Gordon@microsoft.com>
Add support for Linux kernel 6.x to fetch attestation report.
Because I can't add tests which require SNP VM under amdsevsnp package, I tested the change in the following way.
Build test for fetching report
Run test
Copy
amdsevsnp.test
to a SNV VM first.It was tested in both 5.x and 6.x