cvm: Better error report for tdx quote error

Author: kvinwang

dstack-util/src/main.rs

@@ -271,9 +271,12 @@ impl core::fmt::Debug for ParsedReport {
 }
 
 fn cmd_show_mrs() -> Result<()> {
-    let attestation = ra_tls::attestation::Attestation::local()?;
-    let app_info = attestation.decode_app_info(false)?;
-    serde_json::to_writer_pretty(io::stdout(), &app_info)?;
+    let attestation =
+        ra_tls::attestation::Attestation::local().context("Failed to get attestation")?;
+    let app_info = attestation
+        .decode_app_info(false)
+        .context("Failed to decode app info")?;
+    serde_json::to_writer_pretty(io::stdout(), &app_info).context("Failed to write app info")?;
     println!();
     Ok(())
 }

dstack-util/src/system_setup.rs

@@ -551,7 +551,9 @@ impl<'a> Stage0<'a> {
 
     async fn setup_fs(self) -> Result<Stage1<'a>> {
         let is_initialized = self.shared.instance_info.is_initialized();
-        let app_info = self.measure_app_info()?;
+        let app_info = self
+            .measure_app_info()
+            .context("Failed to measure app info")?;
         if self.shared.app_compose.key_provider().is_kms() {
             cmd_show_mrs()?;
         }

ra-tls/src/attestation.rs

@@ -234,9 +234,11 @@ impl<T> Attestation<T> {
 impl Attestation {
     /// Create an attestation for local machine
     pub fn local() -> Result<Self> {
-        let (_, quote) = tdx_attest::get_quote(&[0u8; 64], None)?;
-        let event_log = tdx_attest::eventlog::read_event_logs()?;
-        let raw_event_log = serde_json::to_vec(&event_log)?;
+        let (_, quote) = tdx_attest::get_quote(&[0u8; 64], None).context("Failed to get quote")?;
+        let event_log =
+            tdx_attest::eventlog::read_event_logs().context("Failed to read event logs")?;
+        let raw_event_log =
+            serde_json::to_vec(&event_log).context("Failed to serialize event log")?;
         Ok(Self {
             quote,
             raw_event_log,

tdx-attest/src/linux.rs

@@ -24,32 +24,32 @@ use crate::{Result, TdxUuid};
 #[repr(u32)]
 #[derive(Debug, Clone, Copy, PartialEq, Eq, FromPrimitive, Error)]
 pub enum TdxAttestError {
-    #[error("unexpected")]
+    #[error("TDX_ATTEST_ERROR_UNEXPECTED")]
     Unexpected = _tdx_attest_error_t::TDX_ATTEST_ERROR_UNEXPECTED,
-    #[error("invalid parameter")]
+    #[error("TDX_ATTEST_ERROR_INVALID_PARAMETER")]
     InvalidParameter = _tdx_attest_error_t::TDX_ATTEST_ERROR_INVALID_PARAMETER,
-    #[error("out of memory")]
+    #[error("TDX_ATTEST_ERROR_OUT_OF_MEMORY")]
     OutOfMemory = _tdx_attest_error_t::TDX_ATTEST_ERROR_OUT_OF_MEMORY,
-    #[error("vsock failure")]
+    #[error("TDX_ATTEST_ERROR_VSOCK_FAILURE")]
     VsockFailure = _tdx_attest_error_t::TDX_ATTEST_ERROR_VSOCK_FAILURE,
-    #[error("report failure")]
+    #[error("TDX_ATTEST_ERROR_REPORT_FAILURE")]
     ReportFailure = _tdx_attest_error_t::TDX_ATTEST_ERROR_REPORT_FAILURE,
-    #[error("extend failure")]
+    #[error("TDX_ATTEST_ERROR_EXTEND_FAILURE")]
     ExtendFailure = _tdx_attest_error_t::TDX_ATTEST_ERROR_EXTEND_FAILURE,
-    #[error("not supported")]
+    #[error("TDX_ATTEST_ERROR_NOT_SUPPORTED")]
     NotSupported = _tdx_attest_error_t::TDX_ATTEST_ERROR_NOT_SUPPORTED,
-    #[error("quote failure")]
+    #[error("TDX_ATTEST_ERROR_QUOTE_FAILURE")]
     QuoteFailure = _tdx_attest_error_t::TDX_ATTEST_ERROR_QUOTE_FAILURE,
-    #[error("busy")]
+    #[error("TDX_ATTEST_ERROR_BUSY")]
     Busy = _tdx_attest_error_t::TDX_ATTEST_ERROR_BUSY,
-    #[error("device failure")]
+    #[error("TDX_ATTEST_ERROR_DEVICE_FAILURE")]
     DeviceFailure = _tdx_attest_error_t::TDX_ATTEST_ERROR_DEVICE_FAILURE,
-    #[error("invalid rtmr index")]
+    #[error("TDX_ATTEST_ERROR_INVALID_RTMR_INDEX")]
     InvalidRtmrIndex = _tdx_attest_error_t::TDX_ATTEST_ERROR_INVALID_RTMR_INDEX,
-    #[error("unsupported att key id")]
+    #[error("TDX_ATTEST_ERROR_UNSUPPORTED_ATT_KEY_ID")]
     UnsupportedAttKeyId = _tdx_attest_error_t::TDX_ATTEST_ERROR_UNSUPPORTED_ATT_KEY_ID,
     #[num_enum(catch_all)]
-    #[error("unknown error ({0})")]
+    #[error("unknown tdx attest error ({0})")]
     UnknownError(u32),
 }