From 48edc90dad786de2e8c7061f72bf25559891fca7 Mon Sep 17 00:00:00 2001
From: DGonzalezVillal <Diego.GonzalezVillalobos@amd.com>
Date: Tue, 5 Nov 2024 16:28:07 +0000
Subject: [PATCH] Adding Turin support and updating ASK cn

Adding Turin support for certificate fetching.

A recent update to the CA certificates changed the name of the ASK common name to SEV-<processor name>,
we added that option to our parser so that certificate verfication still works.

Signed-off-by: DGonzalezVillal <Diego.GonzalezVillalobos@amd.com>
---
 Cargo.lock    |  2 +-
 src/fetch.rs  | 14 ++++++++++++--
 src/verify.rs |  2 +-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c8fdc31..ffca99c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1412,7 +1412,7 @@ dependencies = [
 
 [[package]]
 name = "snpguest"
-version = "0.7.0"
+version = "0.7.1"
 dependencies = [
  "anyhow",
  "asn1-rs",
diff --git a/src/fetch.rs b/src/fetch.rs
index b61cc04..bd4e2ce 100644
--- a/src/fetch.rs
+++ b/src/fetch.rs
@@ -64,6 +64,9 @@ pub enum ProcType {
 
     /// 4th Gen AMD EPYC Processor (Edge)
     Siena,
+
+    /// 5th Gen AMD EPYC Processor (Standard)
+    Turin,
 }
 
 impl ProcType {
@@ -84,6 +87,7 @@ impl FromStr for ProcType {
             "genoa" => Ok(ProcType::Genoa),
             "bergamo" => Ok(ProcType::Bergamo),
             "siena" => Ok(ProcType::Siena),
+            "turin" => Ok(ProcType::Turin),
             _ => Err(anyhow::anyhow!("Processor type not found!")),
         }
     }
@@ -96,6 +100,7 @@ impl fmt::Display for ProcType {
             ProcType::Genoa => write!(f, "Genoa"),
             ProcType::Bergamo => write!(f, "Bergamo"),
             ProcType::Siena => write!(f, "Siena"),
+            ProcType::Turin => write!(f, "Turin"),
         }
     }
 }
@@ -236,8 +241,13 @@ mod vcek {
             report::read_report(att_report_path).context("Could not open attestation report")?
         };
 
-        // Use attestation report to get data for URL
-        let hw_id: String = hex::encode(att_report.chip_id);
+        let hw_id: String = match processor_model {
+            ProcType::Turin => {
+                let shorter_bytes: &[u8] = &att_report.chip_id[0..8];
+                hex::encode(shorter_bytes)
+            }
+            _ => hex::encode(att_report.chip_id),
+        };
 
         let vcek_url: String = format!(
             "{KDS_CERT_SITE}{KDS_VCEK}/{}/\
diff --git a/src/verify.rs b/src/verify.rs
index 79e8a63..91f47a5 100644
--- a/src/verify.rs
+++ b/src/verify.rs
@@ -277,7 +277,7 @@ mod attestation {
         {
             match val.to_lowercase() {
                 x if x.contains("ark") => Ok(CertType::ARK),
-                x if x.contains("ask") => Ok(CertType::ASK),
+                x if x.contains("ask") | x.contains("sev") => Ok(CertType::ASK),
                 x if x.contains("vcek") => Ok(CertType::VCEK),
                 x if x.contains("vlek") => Ok(CertType::VLEK),
                 x if x.contains("crl") => Ok(CertType::CRL),