feat: Add Azure CVM Emulation (AzCVMEmu) support for development and testing #529
Conversation
bodzhang
force-pushed
the
azcvmemu-for-upstream
branch
from
a2d7385 to
15b1460
Compare
| @@ -0,0 +1,136 @@ | |||
| # TDX TDCALL TCP Emulation for Azure CVM | |||
|
|
|||
| This crate provides a drop-in replacement for the original `tdx-tdcall` crate that emulates TDX VMCALL operations using TCP transport. This enables MigTD development and testing in non-TDX environments. | |||
There was a problem hiding this comment.
I am thinking if we should add td-shim-AzCVMEmu to td-shim project, instead of MigTD project.
There was a problem hiding this comment.
td-shim-AzCVMEmu layer does not fully emulate tdshim interface, only the interfaces used by MigTD in vmcall-raw transport mode. In my opinion, adding partial emulation in tdshim project will cause confusion.
There was a problem hiding this comment.
Ok, that means, if some other projects are using td-shim, it cannot benefit from this?
Please forgive my ignorance, here is a general question:
Can a developer do the emulation by himself/herself, by implementing emulated content? Or he/she must rely on MSFT to implement the emulated content?
There was a problem hiding this comment.
A developer can definitely implement his/her own emulation for certain tdshim interfaces. In this PR, the implementation of emulating MigTD REPORT/QUOTE with Azure TDX CVM virtual firmware REPORT/QUOTE utilizes Azure TDX CVM specific vTPM and IMDS (http endpoint) interfaces. The interface definition is published. Emulation of other supported tdshim interfaces in this PR do not have Azure-specific dependency.
There was a problem hiding this comment.
I see the contradiction here.
On one hand, you want to use CVM to handle REPORT/QUOTE.
On the other hand, you say that CVM cannot emulate REPORT because REPORTDATA is handled in a different way and you want to skip.
Question: Is this a MUST that we have to use CVM to emulate REPORT/QUOTE and no other way? Why we stick to CVM?
Or, do you think if it is possible to use the same CVM way to verify REPORT, e.g. append something to original REPORTDTA? With this, we do not skip, but use emulation-specific way to verify. The benefit that the original logic can still be validated.
There was a problem hiding this comment.
Emulating MigTD REPORT/QUOTE with Azure TDX CVM firmware REPORT/QUOTE gives us a simple way to exercise significant portion of MigTD code logic related to Quote generation/verification and Policy enforcement in the emulation environment. Even if the Emulation mode can't support some of the MigTD code logic related to REPORTDATA check or RTMR check, I still see the benefit of excising verify_quote_with_collaterals() code flow and platform tcbdate related Policy enforcement code flow. Adding Azure CVM REPORTDATA specific verification code in emulation mode can be done, but it still does not exercise the HW-mode MigTD code for REPORTDATA verification.
src/migtd/src/spdm/spdm_req.rs
Outdated
|
|
||
| #[cfg(not(feature = "test_disable_ra_and_accept_all"))] |
There was a problem hiding this comment.
Is this related to Azure CVM?
Or is it only a bug for test_disable_ra_and_accept_all feature?
If later, I think we need a dedicated PR. Please don't mix all good work in one (big) patch.
There was a problem hiding this comment.
This is required to pass AzCVMEmu mode PR pipeline test when spdm_attestation feature is enabled. AzCVMEmu mode PE pipeline test runs on standard Github Linux VM, using mock REPORT/QUOTE, and requires test_disable_ra_and_accept_all flag. The changes are not general, to enable test_disable_ra_and_accept_all in spdm_attestation, not directly related to AzCVMEmu mode. We can move them to a separate PR.
There was a problem hiding this comment.
Removed the file from this PR
| let mut additional_data = [0u8; 64]; | ||
| additional_data[..hash.len()].copy_from_slice(hash.as_ref()); | ||
| let td_report = tdx_tdcall::tdreport::tdcall_report(&additional_data)?; | ||
|
|
There was a problem hiding this comment.
Likely a missed extra format change. Will remove from the PR.
There was a problem hiding this comment.
Addressed in the update of the PR.
| if cfg!(feature = "AzCVMEmu") { | ||
| // In AzCVMEmu mode, REPORTDATA is constructed differently. | ||
| // Bypass public key hash check in this development environment. | ||
| log::warn!( | ||
| "AzCVMEmu mode: Skipping public key verification in TD report. This is NOT secure for production use.\n" | ||
| ); | ||
| return Ok(()); | ||
| } |
There was a problem hiding this comment.
I don't understand the comment. Why it is constructed differently?
Why we cannot use the original way?
There was a problem hiding this comment.
In AzCVMEmu mode Azure TDX CVM firmware's REPORT/QUOTE are used to simulate MigTD QUOTE. The API to get Azure TDX CVM firmware REPORT does support passing in data to be included in REPORTDATA, but the API automatically append extra data to the passed in data, hash them all together, then set REPORTDATA. As the result, the public key hash check against REPORTDATA of the simulated QUOTE will always fail.
There was a problem hiding this comment.
My question is why it cannot pass the REPORTDATA, which is a fundamental feature for TDREPORT generation. Or why it has to "automatically append extra data"?
For emulation, I hope to emulate as much as possible to reduce the change the real code.
Otherwise, we must patch here and there. And it is easy broken.
There was a problem hiding this comment.
To verify the public key hash with Azure TDX CVM firmware QUOTE, the verification code will be significantly different from the HW-mode code. The verification code would need to get the extra data the Azure TDX CVM API appended to the datablob whose digest is REPORTDATA. The extra data appended to calculate the digest is not part of REPORT/QUOTE. The extra data is part of higher layer lib Azure provides. What's more, the Azure TDX CVM environment does not support extending RTMR, so it's not possible to use the exact same verification code logic in the AzCVMEmu mode as in HW mode.
There was a problem hiding this comment.
OK. Then I think the description "MigTD Quote emulation by Azure TDX CVM virtual FW Quote, or mock TD REPORT and Quote" is very confusing.
It seems REPORT and Quote are NOT supported at all, if the right REPORTDATA cannot be passed in.
There was a problem hiding this comment.
I recommend to list a set of feature not supported, to remind people the limitation.
Otherwise, people will think a feature is validated, but actually it is NOT.
There was a problem hiding this comment.
Will add a limitation section in the AzCVMEmu doc.
| #[cfg(not(feature = "AzCVMEmu"))] | ||
| use tdx_tdcall; | ||
| #[cfg(feature = "AzCVMEmu")] | ||
| use tdx_tdcall_emu as tdx_tdcall; |
There was a problem hiding this comment.
Can we merge this into td-shim project and let td-shim project control that?
There was a problem hiding this comment.
d-shim-AzCVMEmu layer does not fully emulate tdshim interface, only the interfaces used by MigTD in vmcall-raw transport mode. In my opinion, adding partial emulation in tdshim project will cause confusion.
There was a problem hiding this comment.
Partial interface should be fine. We can document the scope of emulation.
My point is that: the change should be in right place to benefit all consumers.
| #[cfg(not(feature = "AzCVMEmu"))] | ||
| use td_payload::acpi::get_acpi_tables; | ||
| #[cfg(feature = "AzCVMEmu")] | ||
| use td_shim_emu::event_log::{get_acpi_tables, MockCcel as Ccel}; | ||
| #[cfg(not(feature = "AzCVMEmu"))] | ||
| use td_shim_interface::acpi::Ccel; | ||
| #[cfg(not(feature = "AzCVMEmu"))] | ||
| use tdx_tdcall::tdx; | ||
| #[cfg(feature = "AzCVMEmu")] | ||
| use tdx_tdcall_emu::tdx; |
There was a problem hiding this comment.
Can we merge this into td-shim project and let td-shim project control that?
|
|
||
| #[cfg(not(feature = "AzCVMEmu"))] | ||
| use td_shim_interface::td_uefi_pi::{fv, pi}; | ||
| #[cfg(feature = "AzCVMEmu")] | ||
| use td_shim_interface_emu::td_uefi_pi::{fv, pi}; |
There was a problem hiding this comment.
Can we merge this into td-shim project and let td-shim project control that?
|
|
||
| // Conditionally compile collateral for AzCVMEmu mode | ||
| #[cfg(feature = "AzCVMEmu")] | ||
| mod collateral; |
There was a problem hiding this comment.
Why we need collateral for AzCVMEmu?
There was a problem hiding this comment.
In Azure environment, getting Quote Verification Collateral such as TCBINFO, QEIdentity at run time is not supported. For v1-policy build, this hardcoded Collateral is needed. With v2-policy build, Collateral will be from the v2 Policy file, and hardcoded Collateral is not required.
There was a problem hiding this comment.
I am not clear on this part. Quote verification should be "software only". It is not related to hardware. What prevents the Quote verification in emulation mode?
There was a problem hiding this comment.
Quote verification process uses the Collateral. For v1-policy build, the HW-mode implementation of MigTD retrieves the Collateral from outside of MigTD. The mechanism is not supported in Azure environment.
There was a problem hiding this comment.
If you worry V1-policy, can we drop V1-policy in emulation mode, and only support V2-policy in emulation mode?
I think we only support test_disable_ra_and_accept_all and raw-data, it is fine to add one more constrain.
There was a problem hiding this comment.
Once AzCVMEmu emulation support for v2-policy is ready, removing v1-policy support in AzCVMEmu mode to avoid code deviation from HW mode is an option.
AzCVMEmu mode does support exercising QUOTE generation/verification and policy enforcement, which are not exercised in test_disable_ra_and_accept_all. If test_disable_ra_and_accept_all is not enabled in AzCVMEmu mode, the emulation layer will retrieve and return Azure TDX CVM's virtual firmware REPORT/QUOTE to the emulation mode MigTD. MigTD code logic related to Quote generation/verification and Policy enforcement will all be exercised. With test_disable_ra_and_accept_all enabled in AzCVMEmu mode, the emulation mode MigTD skips QUOTE/Policy related code flow and can run on any Linux machine or VM.
|
I think it is a good feature. Some general comment:
|
| @@ -0,0 +1,16 @@ | |||
| use interrupt_emu as intr; | |||
There was a problem hiding this comment.
Addressed in the update of this PR.
| @@ -0,0 +1,30 @@ | |||
| // Interrupt emulation registry for AzCVMEmu. | |||
There was a problem hiding this comment.
Addressed in the update of this PR.
| @@ -0,0 +1,23 @@ | |||
| #![cfg_attr(not(test), no_std)] | |||
There was a problem hiding this comment.
Addressed in the update of this PR.
bodzhang
force-pushed
the
azcvmemu-for-upstream
branch
2 times, most recently
from
a86f430 to
8b1a590
Compare
|
Hi The rule to split the commit should be based on feature, but not how the code is developed. |
…testing This commit introduces comprehensive Azure CVM emulation capabilities to enable MigTD development and testing as a standard Rust application inside an Azure TDX CVM, while exercising almost all MigTDCore code and flows, including RA-TLS with TDX Quote and migration policy enforcement. **Emulation Infrastructure:** - Relevant td-shim interfaces emulation under `deps/td-shim-AzCVMEmu/` - Relevant TDX TDCALL emulation - MigTD Quote emulation by Azure TDX CVM virtual FW Quote, or mock TD REPORT and Quote - Event logging emulation with CCEL (CC Event Log) interface - Interrupt handling emulation - File-based policy and root CA configuration loading - TCP transport layer for source/destination communication **MigTDCore Integration:** - Conditional compilation support via `AzCVMEmu` feature flag - Command-line interface with argument parsing and help - Standard library (std) support for development workflows **Development and Testing Support:** - `migtdemu.sh` runner script with automatic environment detection - CI/CD integration with GitHub Actions workflow - Documentation in `doc/AzCVMEmu.md` - `test_disable_ra_and_accept_all` support for mock attestation, enabling build and integration test on generic Linux machine **Development/Testing (Azure TDX CVM + TPM2-TSS):** ```bash cargo build --no-default-features --features "AzCVMEmu" --bin migtd ``` **Development/Testing (any Linux system):** ```bash cargo build --no-default-features --features "AzCVMEmu,test_disable_ra_and_accept_all" --bin migtd ``` This implementation enables comprehensive end-to-end testing of MigTD's RATLS, policy enforcement, and migration workflows in a broadly available development environments. Special acknowledgments: - src/attestation/fixup-libservtd-attest-lib.sh: Investigation, design and implementation by Mike Brasher <[email protected]> Co-authored-by: Haitao Huang <[email protected]> Signed-off-by: Bo Zhang (ACC) <[email protected]>
bodzhang
force-pushed
the
azcvmemu-for-upstream
branch
from
4ac741c to
51cc38d
Compare
Thanks for pointing out the expectation. The PR is updated, with the second commit squashed with the first one. |
2 participants
This commit introduces comprehensive Azure CVM emulation capabilities to enable
MigTD development and testing as a standard Rust application inside an Azure TDX CVM,
while exercising almost all MigTDCore code and flows, including RA-TLS/SPDM with TDX Quote
and migration policy enforcement.
Key Features
Emulation Infrastructure:
deps/td-shim-AzCVMEmu/MigTDCore Integration:
AzCVMEmufeature flagDevelopment and Testing Support:
migtdemu.shrunner script with automatic environment detectiondoc/AzCVMEmu.mdtest_disable_ra_and_accept_allsupport for mock attestation, enabling build and integration test on generic Linux machineUsage Modes
Development/Testing (Azure TDX CVM + TPM2-TSS):
cargo build --no-default-features --features "AzCVMEmu" --bin migtdDevelopment/Testing (any Linux system):
cargo build --no-default-features --features "AzCVMEmu,test_disable_ra_and_accept_all" --bin migtdThis PR enables comprehensive end-to-end testing of MigTD's
RATLS/SPDM flow, v1-policy enforcement, and migration workflows in a broadly available development
environments. An follow-up PR will add emulation support for v2-policy.
Special acknowledgments:
Co-authored-by: Haitao Huang [email protected]
Signed-off-by: Bo Zhang (ACC) [email protected]