Add guestFeatures as arg for public functions

This implements the changes from upstream:
virtee/sev-snp-measure#32

Signed-off-by: Otto Bittner <[email protected]>

Author: derpsteb

.github/workflows/upstream-equivalence.yml

@@ -62,7 +62,7 @@ jobs:
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       with:
         repository: edgelesssys/sev-snp-measure-go.git
-        ref: main
+        ref: ${{ github.ref_name }}
         path: sev-snp-measure-go
 
     - name: Run sev-snp-measure

e2e/upstream_test.go

@@ -53,7 +53,8 @@ func TestCompatibility(t *testing.T) {
 		ovmfHash, err := guest.OVMFHash(ovmfObj)
 		require.NoError(err, "calculating OVMF hash: %s", err)
 
-		digest, err := guest.LaunchDigestFromOVMF(ovmfObj, entry.vcpus, ovmfHash)
+		// Documentation for guestFeatures value: https://github.com/virtee/sev-snp-measure/pull/32/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R126.
+		digest, err := guest.LaunchDigestFromOVMF(ovmfObj, 0x21, entry.vcpus, ovmfHash)
 		require.NoError(err, "calculating launch digest: %s", err)
 
 		assert.True(bytes.Equal(digest, entry.measurement), "expected hash %x, got %x", entry.measurement, digest)

guest/guest.go

@@ -18,17 +18,17 @@ import (
 )
 
 // LaunchDigestFromOVMF calculates a launch digest from a MetadataWrapper object.
-func LaunchDigestFromMetadataWrapper(wrapper ovmf.MetadataWrapper, vcpuCount int) ([]byte, error) {
-	return launchDigest(wrapper.MetadataItems, wrapper.ResetEIP, vcpuCount, wrapper.OVMFHash)
+func LaunchDigestFromMetadataWrapper(wrapper ovmf.MetadataWrapper, guestFeatures uint64, vcpuCount int) ([]byte, error) {
+	return launchDigest(wrapper.MetadataItems, wrapper.ResetEIP, guestFeatures, vcpuCount, wrapper.OVMFHash)
 }
 
 // LaunchDigestFromOVMF calculates a launch digest from an OVMF object and an ovmfHash.
-func LaunchDigestFromOVMF(ovmfObj ovmf.OVMF, vcpuCount int, ovmfHash []byte) ([]byte, error) {
+func LaunchDigestFromOVMF(ovmfObj ovmf.OVMF, guestFeatures uint64, vcpuCount int, ovmfHash []byte) ([]byte, error) {
 	resetEIP, err := ovmfObj.SevESResetEIP()
 	if err != nil {
 		return nil, fmt.Errorf("getting reset EIP: %w", err)
 	}
-	return launchDigest(ovmfObj.MetadataItems(), resetEIP, vcpuCount, ovmfHash)
+	return launchDigest(ovmfObj.MetadataItems(), resetEIP, guestFeatures, vcpuCount, ovmfHash)
 }
 
 func OVMFHash(ovmfObj ovmf.OVMF) ([]byte, error) {
@@ -40,7 +40,7 @@ func OVMFHash(ovmfObj ovmf.OVMF) ([]byte, error) {
 }
 
 // launchDigest calculates the launch digest from metadata and ovmfHash for a SNP guest.
-func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, vcpuCount int, ovmfHash []byte) ([]byte, error) {
+func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, guestFeatures uint64, vcpuCount int, ovmfHash []byte) ([]byte, error) {
 	guestCtx := gctx.New(ovmfHash)
 
 	if err := snpUpdateMetadataPages(guestCtx, metadata, vmmtypes.EC2); err != nil {
@@ -49,7 +49,7 @@ func launchDigest(metadata []ovmf.MetadataSection, resetEIP uint32, vcpuCount in
 
 	// Add support for flags {vcpus_family, vcpu_sig, vcpu_type} here, if relevant.
 	// Use cpuid pkg.
-	vmsaObj, err := vmsa.New(resetEIP, 0, vmmtypes.EC2)
+	vmsaObj, err := vmsa.New(resetEIP, guestFeatures, 0, vmmtypes.EC2)
 	if err != nil {
 		return nil, fmt.Errorf("creating VMSA: %w", err)
 	}

guest/guest_test.go

@@ -57,7 +57,7 @@ func TestLaunchDigestFromOVMF(t *testing.T) {
 			ovmfObj, err := ovmf.New(tc.ovmfPath)
 			require.NoError(err)
 
-			launchDigest, err := LaunchDigestFromOVMF(ovmfObj, tc.vcpuCount, hash)
+			launchDigest, err := LaunchDigestFromOVMF(ovmfObj, 0x1, tc.vcpuCount, hash)
 			if tc.wantErr {
 				assert.Error(err)
 			} else {
@@ -101,7 +101,7 @@ func TestLaunchDigestFromMetadataWrapper(t *testing.T) {
 			err = json.Unmarshal(data, &apiObject)
 			require.NoError(err)
 
-			launchDigest, err := LaunchDigestFromMetadataWrapper(apiObject, tc.vcpuCount)
+			launchDigest, err := LaunchDigestFromMetadataWrapper(apiObject, 0x1, tc.vcpuCount)
 			if tc.wantErr {
 				assert.Error(err)
 			} else {

vmsa/vmsa.go

@@ -145,7 +145,7 @@ type SevEsSaveArea struct {
 	Unused           [2448]uint8
 }
 
-func BuildSaveArea(eip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsSaveArea, error) {
+func BuildSaveArea(eip uint32, guestFeatures uint64, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsSaveArea, error) {
 	var csFlags, ssFlags, trFlags uint16
 	var rdx uint64
 	switch vmmType {
@@ -185,7 +185,7 @@ func BuildSaveArea(eip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (SevEsS
 		Rip:         uint64(eip & 0xffff),
 		GPat:        0x7040600070406, // PAT MSR: See AMD APM Vol 2, Section A.3.
 		Rdx:         rdx,
-		SevFeatures: 0x1, // Make this configurable if we want to support other modes than SEV-SNP.
+		SevFeatures: guestFeatures, // Documentation: https://github.com/virtee/sev-snp-measure/pull/32/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R125.
 		Xcr0:        0x1,
 	}, nil
 }
@@ -195,14 +195,14 @@ type VMSA struct {
 	ApSaveArea  SevEsSaveArea
 }
 
-func New(apEip uint32, vcpuSig uint64, vmmType vmmtypes.VMMType) (VMSA, error) {
-	bspSaveArea, err := BuildSaveArea(BspEIP, vcpuSig, vmmType)
+func New(apEip uint32, guestFeatures uint64, vcpuSig uint64, vmmType vmmtypes.VMMType) (VMSA, error) {
+	bspSaveArea, err := BuildSaveArea(BspEIP, guestFeatures, vcpuSig, vmmType)
 	if err != nil {
 		return VMSA{}, err
 	}
 	var apSaveArea SevEsSaveArea
 	if apEip != 0 {
-		apSaveArea, err = BuildSaveArea(apEip, vcpuSig, vmmType)
+		apSaveArea, err = BuildSaveArea(apEip, guestFeatures, vcpuSig, vmmType)
 		if err != nil {
 			return VMSA{}, err
 		}