From 923dc9775795b9a6c4c421fa43408d5d25092d34 Mon Sep 17 00:00:00 2001
From: Tom Binder <tbinder@google.com>
Date: Fri, 24 May 2024 10:31:36 +0000
Subject: [PATCH] Simplify justfile

---
 .github/workflows/build.yaml                  |  2 ++
 buildconfigs/oak_containers_kernel.sh         |  2 +-
 ...ed_kernel_simple_io_init_rd_wrapper_bin.sh |  3 +--
 justfile                                      | 25 ++++++++-----------
 oak_restricted_kernel_bin/Cargo.lock          |  1 +
 5 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 2a9c88426e6..0b70bf93eb2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -95,6 +95,8 @@ jobs:
         run: |
           echo "${{ steps.parse.outputs.binary-path }}"
           ls -la "${{ steps.parse.outputs.binary-path }}"
+          echo "${{ steps.parse.outputs.subject-path }}"
+          ls -la "${{ steps.parse.outputs.subject-path }}"
 
       - name: Attest
         id: attest
diff --git a/buildconfigs/oak_containers_kernel.sh b/buildconfigs/oak_containers_kernel.sh
index 56cce9ff54e..db8aa69d90d 100644
--- a/buildconfigs/oak_containers_kernel.sh
+++ b/buildconfigs/oak_containers_kernel.sh
@@ -16,4 +16,4 @@ export BUILD_COMMAND=(
 )
 
 export BINARY_PATH=oak_containers_kernel/target/bzImage
-export SUBJECT_PATH="oak_containers_kernel/bin/subjects/*"
+export SUBJECT_PATH="oak_containers_kernel/target/subjects/*"
diff --git a/buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.sh b/buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.sh
index 0b634bef9b0..3633f390d73 100644
--- a/buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.sh
+++ b/buildconfigs/oak_restricted_kernel_simple_io_init_rd_wrapper_bin.sh
@@ -2,7 +2,6 @@
 #
 # Build configuration for oak_restricted_kernel_simple_io_init_rd_wrapper_bin.
 #
-# TODO: b/333745447 - Replace this file with its counterparts in ./buildconfigs_full_provenance.
 export PACKAGE_NAME=oak_restricted_kernel_simple_io_init_rd_wrapper_bin
 
 export BUILD_COMMAND=(
@@ -15,4 +14,4 @@ export BUILD_COMMAND=(
 )
 
 export BINARY_PATH=oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_simple_io_init_rd_wrapper_bin
-export SUBJECT_PATH="${BINARY_PATH}"
+export SUBJECT_PATH="oak_restricted_kernel_wrapper/target/oak_restricted_kernel_simple_io_init_rd/subjects/*"
diff --git a/justfile b/justfile
index 00f40fef3c7..5557f11301d 100644
--- a/justfile
+++ b/justfile
@@ -39,23 +39,19 @@ restricted_kernel_bzimage_and_provenance_subjects kernel_bin_prefix:
         oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/oak_restricted_kernel_wrapper \
         oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/{{kernel_bin_prefix}}_wrapper_bin
     just bzimage_provenance_subjects \
-        {{kernel_bin_prefix}} \
-        ./oak_restricted_kernel_wrapper/bin/{{kernel_bin_prefix}}/subjects \
-        oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/{{kernel_bin_prefix}}_wrapper_bin
+        oak_restricted_kernel_wrapper/target/x86_64-unknown-none/release/{{kernel_bin_prefix}}_wrapper_bin \
+        oak_restricted_kernel_wrapper/target/{{kernel_bin_prefix}}/subjects
 
 # Create provenance subjects for a kernel bzImage, by extracting the setup data
 # and image from it. Places them alongside the bzImage in the output directory.
-bzimage_provenance_subjects kernel_name output_dir_provenance_subjects bzimage_path:
-    rm --recursive --force {{output_dir_provenance_subjects}}
-    mkdir --parents {{output_dir_provenance_subjects}}
+bzimage_provenance_subjects bzimage_path output_dir:
+    rm --recursive --force {{output_dir}}
+    mkdir --parents {{output_dir}}
     cargo run --package=oak_kernel_measurement -- \
         --kernel={{bzimage_path}} \
-        --kernel-setup-data-output="{{output_dir_provenance_subjects}}/{{kernel_name}}_setup_data" \
-        --kernel-image-output="{{output_dir_provenance_subjects}}/{{kernel_name}}_image"
-    cp \
-        --preserve=timestamps \
-        {{bzimage_path}} \
-        {{output_dir_provenance_subjects}}/{{kernel_name}}_bzimage
+        --kernel-setup-data-output={{output_dir}}/kernel_setup_data \
+        --kernel-image-output={{output_dir}}/kernel_image
+    cp --preserve=timestamps {{bzimage_path}} {{output_dir}}/bzImage
 
 oak_restricted_kernel_wrapper: oak_restricted_kernel_bin
     just restricted_kernel_bzimage_and_provenance_subjects oak_restricted_kernel
@@ -84,9 +80,8 @@ stage1_cpio:
 oak_containers_kernel:
     env --chdir=oak_containers_kernel make
     just bzimage_provenance_subjects \
-        oak_containers_kernel \
-        oak_containers_kernel/bin/subjects \
-        oak_containers_kernel/target/bzImage
+        oak_containers_kernel/target/bzImage \
+        oak_containers_kernel/target/subjects
 
 oak_containers_launcher:
     env cargo build --release --package='oak_containers_launcher'
diff --git a/oak_restricted_kernel_bin/Cargo.lock b/oak_restricted_kernel_bin/Cargo.lock
index 5dbeb3212b4..27d8a3d5315 100644
--- a/oak_restricted_kernel_bin/Cargo.lock
+++ b/oak_restricted_kernel_bin/Cargo.lock
@@ -681,6 +681,7 @@ dependencies = [
 name = "oak_crypto"
 version = "0.1.0"
 dependencies = [
+ "aead",
  "aes-gcm",
  "anyhow",
  "async-trait",