diff --git a/Cargo.lock b/Cargo.lock index c945b7f7805..8afb98060cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3026,8 +3026,10 @@ dependencies = [ "micro_rpc_build", "pbjson", "pbjson-build", + "pbjson-types", "prost", "prost-build", + "prost-types", "serde", ] @@ -3207,10 +3209,12 @@ dependencies = [ "oak_core", "oak_dice", "oak_linux_boot_params", + "oak_proto_rust", "oak_sev_guest", "oak_sev_snp_attestation_report", "oak_stage0_dice", "p256", + "prost", "rand_core", "sev_serial", "sha2", @@ -3502,6 +3506,21 @@ dependencies = [ "prost-types", ] +[[package]] +name = "pbjson-types" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18f596653ba4ac51bdecbb4ef6773bc7f56042dc13927910de1684ad3d32aa12" +dependencies = [ + "bytes", + "chrono", + "pbjson", + "pbjson-build", + "prost", + "prost-build", + "serde", +] + [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -3811,7 +3830,7 @@ checksum = "c55e02e35260070b6f716a2423c2ff1c3bb1642ddca6f99e1f26d06268a0e2d2" dependencies = [ "bytes", "heck", - "itertools 0.10.5", + "itertools 0.11.0", "log", "multimap", "once_cell", diff --git a/enclave_apps/Cargo.lock b/enclave_apps/Cargo.lock index 5f78833ed07..3e7695b7902 100644 --- a/enclave_apps/Cargo.lock +++ b/enclave_apps/Cargo.lock @@ -897,6 +897,7 @@ dependencies = [ "micro_rpc_build", "prost", "prost-build", + "prost-types", ] [[package]] diff --git a/micro_rpc_workspace_test/Cargo.lock b/micro_rpc_workspace_test/Cargo.lock index 3ab3c57123e..3d0e1d5a0ae 100644 --- a/micro_rpc_workspace_test/Cargo.lock +++ b/micro_rpc_workspace_test/Cargo.lock @@ -524,6 +524,7 @@ dependencies = [ "micro_rpc_build", "prost", "prost-build", + "prost-types", ] [[package]] diff --git a/oak_ml_transparency/runner/Cargo.lock b/oak_ml_transparency/runner/Cargo.lock index 6c26de3f55e..a26a3e3de86 100644 --- a/oak_ml_transparency/runner/Cargo.lock +++ b/oak_ml_transparency/runner/Cargo.lock @@ -695,6 +695,7 @@ dependencies = [ "micro_rpc_build", "prost", "prost-build", + "prost-types", ] [[package]] diff --git a/oak_proto_rust/BUILD b/oak_proto_rust/BUILD index dcc2507965f..45413c0bfc2 100644 --- a/oak_proto_rust/BUILD +++ b/oak_proto_rust/BUILD @@ -29,6 +29,7 @@ rust_library( ":build", "//micro_rpc", "@oak_crates_index//:prost", + "@oak_crates_index//:prost-types", ], ) @@ -45,6 +46,7 @@ cargo_build_script( "//proto/attestation:attachment_proto", "//proto/attestation:dice_proto", "//proto/attestation:endorsement_proto", + "//proto/attestation:eventlog_proto", "//proto/attestation:evidence_proto", "//proto/attestation:expected_value_proto", "//proto/attestation:reference_value_proto", diff --git a/oak_proto_rust/Cargo.toml b/oak_proto_rust/Cargo.toml index 345ed1614fe..59cf3543c12 100644 --- a/oak_proto_rust/Cargo.toml +++ b/oak_proto_rust/Cargo.toml @@ -9,7 +9,7 @@ default = [] std = [] # Generate code to support proto3 JSON mappings with serde, allowing protos to # be serialized to JSON. -json = ["pbjson", "pbjson-build", "serde", "std"] +json = ["pbjson", "pbjson-types", "pbjson-build", "serde", "std"] [dependencies] micro_rpc = { workspace = true } @@ -17,7 +17,9 @@ prost = { workspace = true, default-features = false, features = [ "prost-derive", ] } pbjson = { version = "*", optional = true } +pbjson-types = { version = "*", optional = true } serde = { version = "*", features = ["derive"], optional = true } +prost-types = { version = "*", default-features = false } [build-dependencies] micro_rpc_build = { workspace = true } diff --git a/oak_proto_rust/build.rs b/oak_proto_rust/build.rs index 6df774a999d..3d2cbfe2438 100644 --- a/oak_proto_rust/build.rs +++ b/oak_proto_rust/build.rs @@ -14,6 +14,24 @@ // limitations under the License. // +const INCLUDED_PROTOS: [&str; 13] = [ + "..", + // We need to include the well-known protos ourselves + // From: https://github.com/grpc/grpc/blob/cac1f2727e6975d6bb7426898c97916faa91bdaa/bazel/protobuf.bzl#L21C1-L21C24 + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/any_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/api_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/compiler_plugin_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/duration_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/empty_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/field_mask_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/source_context_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/struct_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/timestamp_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/type_proto", + "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/wrappers_proto", +]; + fn main() -> Result<(), Box> { let proto_paths = [ "../proto/crypto/crypto.proto", @@ -21,6 +39,7 @@ fn main() -> Result<(), Box> { "../proto/attestation/dice.proto", "../proto/attestation/endorsement.proto", "../proto/attestation/expected_value.proto", + "../proto/attestation/eventlog.proto", "../proto/attestation/evidence.proto", "../proto/attestation/reference_value.proto", "../proto/attestation/verification.proto", @@ -36,6 +55,8 @@ fn main() -> Result<(), Box> { config.btree_map(["."]); + println!("cargo:rerun-if-env-changed=CARGO_FEATURE_JSON"); + #[cfg(feature = "json")] let descriptor_path = std::path::PathBuf::from(std::env::var("OUT_DIR").expect("could not get OUT_DIR")) @@ -49,14 +70,7 @@ fn main() -> Result<(), Box> { .compile_well_known_types() .extern_path(".google.protobuf", "::pbjson_types"); - config - .compile_protos(&proto_paths, &[ - "..", - // We need to include the well-known protos ourselves - "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/empty_proto", - "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto", - ]) - .expect("proto compilation failed"); + config.compile_protos(&proto_paths, &INCLUDED_PROTOS).expect("proto compilation failed"); #[cfg(feature = "json")] pbjson_build::Builder::new() @@ -68,11 +82,7 @@ fn main() -> Result<(), Box> { micro_rpc_build::compile( &["../proto/oak_functions/testing.proto", "../proto/crypto/crypto.proto"], - &[ - "..", - // We need to include the well-known protos ourselves - "../external/com_google_protobuf/src/google/protobuf/_virtual_imports/descriptor_proto", - ], + &INCLUDED_PROTOS, Default::default(), ); diff --git a/oak_proto_rust/src/lib.rs b/oak_proto_rust/src/lib.rs index 89cec889b96..49eed2e77f9 100644 --- a/oak_proto_rust/src/lib.rs +++ b/oak_proto_rust/src/lib.rs @@ -1,3 +1,4 @@ +// // Copyright 2024 The Project Oak Authors // // Licensed under the Apache License, Version 2.0 (the "License"); @@ -41,6 +42,28 @@ pub mod oak { pub mod attestation { pub mod v1 { include_proto!("oak.attestation.v1"); + extern crate alloc; + use alloc::{format, string::String}; + + use prost::Name; + + const PACKAGE: &str = "oak.attestation.v1"; + + /// Compute the type URL for the given `oak.attestation.v1` type, + /// using `type.googleapis.com` as the authority for the + /// URL. + fn type_url_for() -> String { + format!("type.googleapis.com/{}.{}", T::PACKAGE, T::NAME) + } + + impl Name for Stage0Measurements { + const PACKAGE: &'static str = PACKAGE; + const NAME: &'static str = "Stage0"; + + fn type_url() -> String { + type_url_for::() + } + } } } @@ -70,3 +93,31 @@ pub mod oak { } } } + +/// Well known proto messages use a different type depending on whether JSON +/// mappings are enabled. This can cause type checking issues when this crate +/// is used. To address this we export relevant utilites whose implementation +/// depends on which feature is set for this crate. +/// This is similiar to the approach taken by serde for an analogous issue: https://docs.rs/serde/1.0.186/src/serde/integer128.rs.html#71-75 +pub mod well_known { + // Copied implementation from prost types: https://github.com/tokio-rs/prost/blob/d42c85e790263f78f6c626ceb0dac5fda0edcb41/prost-types/src/any.rs#L4 + // as pbjson-types's Any does not implenment a similiar function. + #[cfg(feature = "json")] + pub fn any_from_msg(msg: &M) -> Result + where + M: prost::Name, + { + let type_url = M::type_url(); + let mut value = Vec::new(); + prost::Message::encode(msg, &mut value)?; + Ok(pbjson_types::Any { type_url, value: value.into() }) + } + + #[cfg(not(feature = "json"))] + pub fn any_from_msg(msg: &M) -> Result + where + M: prost::Name, + { + prost_types::Any::from_msg(msg) + } +} diff --git a/oak_restricted_kernel_bin/Cargo.lock b/oak_restricted_kernel_bin/Cargo.lock index 3893fda9785..5dbeb3212b4 100644 --- a/oak_restricted_kernel_bin/Cargo.lock +++ b/oak_restricted_kernel_bin/Cargo.lock @@ -736,6 +736,7 @@ dependencies = [ "micro_rpc_build", "prost", "prost-build", + "prost-types", ] [[package]] diff --git a/proto/attestation/BUILD b/proto/attestation/BUILD index c988b9abb1c..343c637e759 100644 --- a/proto/attestation/BUILD +++ b/proto/attestation/BUILD @@ -146,6 +146,17 @@ java_proto_library( deps = [":verification_proto"], ) +proto_library( + name = "eventlog_proto", + srcs = ["eventlog.proto"], + deps = ["@com_google_protobuf//:any_proto"], +) + +cc_proto_library( + name = "eventlog_cc_proto", + deps = [":eventlog_proto"], +) + build_test( name = "build_test", targets = [ @@ -155,6 +166,8 @@ build_test( ":dice_proto", ":dice_cc_proto", ":dice_java_proto", + ":eventlog_proto", + ":eventlog_cc_proto", ":endorsement_proto", ":endorsement_cc_proto", ":endorsement_java_proto", diff --git a/proto/attestation/eventlog.proto b/proto/attestation/eventlog.proto new file mode 100644 index 00000000000..005a83dffc4 --- /dev/null +++ b/proto/attestation/eventlog.proto @@ -0,0 +1,60 @@ +// +// Copyright 2024 The Project Oak Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +syntax = "proto3"; + +package oak.attestation.v1; + +import "google/protobuf/any.proto"; + +option go_package = "proto/oak/attestation/v1"; +option java_multiple_files = true; +option java_package = "com.google.oak.attestation.v1"; + +// All the related measurements for Stage 0. +message Stage0Measurements { + // Kernel setup data digest. + bytes setup_data_digest = 1; + // Kernel digest. + bytes kernel_measurement = 2; + // Initial RAM disk digest. + bytes ram_disk_digest = 3; + // E820 table digest. + bytes memory_map_digest = 4; + // ACPI table generation digest + bytes acpi_digest = 5; + // Kernel Command line. + string kernel_cmdline = 6; +} + +// Represents an event intended for inclusion in attestation. +// For example, in an attested measured boot, each event is a reference to the +// code identity of the boot layer being launched next. +// An Event message contain what's necessary for an attestation verifier to +// verify the Event against a Reference Value. +// TODO: b/333748757 - Make other CB layers use this definition. +message Event { + // Represents what is contained in the event. For example, the tag for + // TaskConfig for the Layer 2 is "layer2". + // TODO: b/333748757 - Consider making the tag a UUID instead of string. + string tag = 1; + google.protobuf.Any event = 2; +} + +// A sequence of Events intended for inclusion in attestation evidence. +message EventLog { + repeated Event events = 1; +} diff --git a/stage0/Cargo.toml b/stage0/Cargo.toml index ab4a1950916..ea6fb587b10 100644 --- a/stage0/Cargo.toml +++ b/stage0/Cargo.toml @@ -17,9 +17,11 @@ oak_core = { path = "../oak_core", default-features = false } oak_dice = { workspace = true } oak_stage0_dice = { workspace = true } oak_linux_boot_params = { path = "../oak_linux_boot_params" } +oak_proto_rust = { workspace = true } oak_sev_guest = { workspace = true, features = ["rust-crypto"] } oak_sev_snp_attestation_report = { workspace = true } p256 = { version = "*", default-features = false, features = ["ecdsa"] } +prost = { version = "*", default-features = false, features = ["prost-derive"] } rand_core = { version = "*", default-features = false, features = [ "getrandom", ] } diff --git a/stage0/src/lib.rs b/stage0/src/lib.rs index 01b4a3da56b..9b68e5559f1 100644 --- a/stage0/src/lib.rs +++ b/stage0/src/lib.rs @@ -21,14 +21,19 @@ extern crate alloc; -use alloc::{boxed::Box, format}; +use alloc::{boxed::Box, format, string::String, vec::Vec}; use core::{arch::asm, ffi::c_void, mem::MaybeUninit, panic::PanicInfo}; use linked_list_allocator::LockedHeap; use oak_core::sync::OnceCell; use oak_dice::evidence::{TeePlatform, DICE_DATA_CMDLINE_PARAM}; use oak_linux_boot_params::{BootE820Entry, E820EntryType}; +use oak_proto_rust::{ + oak::attestation::v1::{Event, EventLog, Stage0Measurements}, + well_known::any_from_msg, +}; use oak_sev_guest::{io::PortFactoryWrapper, msr::SevStatus}; +use prost::Message; use sha2::{Digest, Sha256}; use x86_64::{ instructions::{hlt, interrupts::int3}, @@ -82,6 +87,8 @@ static SEV_CPUID: MaybeUninit = MaybeUninit::un /// We create an identity map for the first 1GiB of memory. const TOP_OF_VIRTUAL_MEMORY: u64 = Size1GiB::SIZE; +const PAGE_SIZE: usize = 4096; + static ENCRYPTED: OnceCell = OnceCell::new(); extern "C" { @@ -301,6 +308,18 @@ pub fn rust64_start(encrypted: u64) -> ! { let memory_map_sha2_256_digest = measure_byte_slice(zero_page.e820_table().as_bytes()); + // Generate Stage0 Event Log data. + let stage0event = oak_proto_rust::oak::attestation::v1::Stage0Measurements { + kernel_measurement: kernel_info.measurement.as_bytes().to_vec(), + acpi_digest: acpi_sha2_256_digest.as_bytes().to_vec(), + memory_map_digest: memory_map_sha2_256_digest.as_bytes().to_vec(), + ram_disk_digest: ram_disk_sha2_256_digest.as_bytes().to_vec(), + setup_data_digest: setup_data_sha2_256_digest.as_bytes().to_vec(), + kernel_cmdline: cmdline.clone(), + }; + + let event_log_proto = generate_event_log(stage0event); + log::debug!("Kernel image digest: sha2-256:{}", hex::encode(kernel_info.measurement)); log::debug!("Kernel setup data digest: sha2-256:{}", hex::encode(setup_data_sha2_256_digest)); log::debug!("Kernel command-line: {}", cmdline); @@ -346,6 +365,23 @@ pub fn rust64_start(encrypted: u64) -> ! { E820EntryType::RESERVED, )); + // Write Eventlog data to memory. + let mut event_log = Vec::with_capacity_in(PAGE_SIZE, &crate::BOOT_ALLOC); + // Ensure that Eventlog is not too big. The 8 bytes are reserved for the size of + // the encoded eventlog proto. + assert!(event_log_proto.encoded_len() < PAGE_SIZE - 8); + // First copy the size of the encoded proto in Little Endian format. Then copy + // the actual EventLog. + event_log.extend_from_slice(event_log_proto.encoded_len().to_le_bytes().as_slice()); + event_log.extend_from_slice(event_log_proto.encode_to_vec().as_bytes()); + let event_log_data = event_log.leak(); + // Reserve memory containing Eventlog Data. + zero_page.insert_e820_entry(BootE820Entry::new( + event_log_data.as_bytes().as_ptr() as usize, + PAGE_SIZE, + E820EntryType::RESERVED, + )); + // Append the DICE data address to the kernel command-line. let extra = format!("--{DICE_DATA_CMDLINE_PARAM}={dice_data:p}"); let cmdline = if kernel_info.kernel_type == KernelType::Elf { @@ -414,3 +450,13 @@ fn io_port_factory() -> PortFactoryWrapper { PortFactoryWrapper::new_raw() } } + +fn generate_event_log(measurements: Stage0Measurements) -> EventLog { + let tag = String::from("Stage0"); + let any = any_from_msg(&measurements); + let event = Event { tag, event: Some(any.unwrap()) }; + log::info!("Any:{:?}", event.event.clone().unwrap()); + let mut eventlog = EventLog::default(); + eventlog.events.push(event); + eventlog +} diff --git a/stage0_bin/Cargo.lock b/stage0_bin/Cargo.lock index d562052d637..c13ce524d0f 100644 --- a/stage0_bin/Cargo.lock +++ b/stage0_bin/Cargo.lock @@ -37,6 +37,32 @@ dependencies = [ "subtle", ] +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anyhow" +version = "1.0.82" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" + +[[package]] +name = "async-trait" +version = "0.1.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "531b97fb4cd3dfdce92c35dedbfdc1f0b9d8091c8ca943d6dae340ef5012d514" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.38", +] + [[package]] name = "autocfg" version = "1.1.0" @@ -82,6 +108,12 @@ version = "1.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +[[package]] +name = "bytes" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" + [[package]] name = "cfg-if" version = "1.0.0" @@ -222,6 +254,12 @@ dependencies = [ "signature", ] +[[package]] +name = "either" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2" + [[package]] name = "elf" version = "0.7.2" @@ -246,6 +284,31 @@ dependencies = [ "zeroize", ] +[[package]] +name = "equivalent" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" + +[[package]] +name = "errno" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "fastrand" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" +dependencies = [ + "instant", +] + [[package]] name = "ff" version = "0.13.0" @@ -256,6 +319,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "fixedbitset" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80" + [[package]] name = "generic-array" version = "0.14.7" @@ -305,12 +374,24 @@ version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" + [[package]] name = "heck" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9" +[[package]] +name = "hermit-abi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" + [[package]] name = "hex" version = "0.4.3" @@ -335,6 +416,16 @@ dependencies = [ "digest", ] +[[package]] +name = "indexmap" +version = "2.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" +dependencies = [ + "equivalent", + "hashbrown", +] + [[package]] name = "inout" version = "0.1.3" @@ -344,6 +435,35 @@ dependencies = [ "generic-array", ] +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "io-lifetimes" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys 0.48.0", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "libc" version = "0.2.144" @@ -359,6 +479,12 @@ dependencies = [ "spinning_top", ] +[[package]] +name = "linux-raw-sys" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" + [[package]] name = "lock_api" version = "0.4.9" @@ -378,6 +504,35 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "memchr" +version = "2.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" + +[[package]] +name = "micro_rpc" +version = "0.1.0" +dependencies = [ + "async-trait", + "micro_rpc_build", + "prost", +] + +[[package]] +name = "micro_rpc_build" +version = "0.1.0" +dependencies = [ + "anyhow", + "prost-build", +] + +[[package]] +name = "multimap" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03" + [[package]] name = "oak_core" version = "0.1.0" @@ -414,6 +569,17 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "oak_proto_rust" +version = "0.0.1" +dependencies = [ + "micro_rpc", + "micro_rpc_build", + "prost", + "prost-build", + "prost-types", +] + [[package]] name = "oak_sev_guest" version = "0.1.0" @@ -434,7 +600,7 @@ dependencies = [ name = "oak_sev_snp_attestation_report" version = "0.0.0" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.4.0", "static_assertions", "strum", "zerocopy", @@ -454,10 +620,12 @@ dependencies = [ "oak_core", "oak_dice", "oak_linux_boot_params", + "oak_proto_rust", "oak_sev_guest", "oak_sev_snp_attestation_report", "oak_stage0_dice", "p256", + "prost", "rand_core", "sev_serial", "sha2", @@ -491,6 +659,12 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + [[package]] name = "opaque-debug" version = "0.3.0" @@ -509,6 +683,16 @@ dependencies = [ "sha2", ] +[[package]] +name = "petgraph" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9" +dependencies = [ + "fixedbitset", + "indexmap", +] + [[package]] name = "polyval" version = "0.6.1" @@ -521,6 +705,16 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "prettyplease" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d" +dependencies = [ + "proc-macro2", + "syn 2.0.38", +] + [[package]] name = "primeorder" version = "0.13.2" @@ -539,6 +733,59 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "prost" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0f5d036824e4761737860779c906171497f6d55681139d8312388f8fe398922" +dependencies = [ + "bytes", + "prost-derive", +] + +[[package]] +name = "prost-build" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "80b776a1b2dc779f5ee0641f8ade0125bc1298dd41a9a0c16d8bd57b42d222b1" +dependencies = [ + "bytes", + "heck", + "itertools", + "log", + "multimap", + "once_cell", + "petgraph", + "prettyplease", + "prost", + "prost-types", + "regex", + "syn 2.0.38", + "tempfile", +] + +[[package]] +name = "prost-derive" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19de2de2a00075bf566bee3bd4db014b11587e84184d3f7a791bc17f1a8e9e48" +dependencies = [ + "anyhow", + "itertools", + "proc-macro2", + "quote", + "syn 2.0.38", +] + +[[package]] +name = "prost-types" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3235c33eb02c1f1e212abdbe34c78b264b038fb58ca612664343271e36e55ffe" +dependencies = [ + "prost", +] + [[package]] name = "quote" version = "1.0.33" @@ -557,6 +804,44 @@ dependencies = [ "getrandom", ] +[[package]] +name = "redox_syscall" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29" +dependencies = [ + "bitflags 1.3.2", +] + +[[package]] +name = "regex" +version = "1.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" + [[package]] name = "rfc6979" version = "0.4.0" @@ -567,6 +852,20 @@ dependencies = [ "subtle", ] +[[package]] +name = "rustix" +version = "0.37.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea8ca367a3a01fe35e6943c400addf443c0f57670e6ec51196f71a4b8762dd2" +dependencies = [ + "bitflags 1.3.2", + "errno", + "io-lifetimes", + "libc", + "linux-raw-sys", + "windows-sys 0.48.0", +] + [[package]] name = "rustversion" version = "1.0.9" @@ -728,6 +1027,20 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "tempfile" +version = "3.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31c0432476357e58790aaa47a8efb0c5138f137343f3b5f23bd36a27e3b0a6d6" +dependencies = [ + "autocfg", + "cfg-if", + "fastrand", + "redox_syscall", + "rustix", + "windows-sys 0.48.0", +] + [[package]] name = "typenum" version = "1.16.0" @@ -768,6 +1081,145 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.5", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +dependencies = [ + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" + [[package]] name = "x86_64" version = "0.14.10"