feat: Add support for SEV chip id to ic-prep

Author: jplevyak

Cargo.lock

@@ -119,6 +119,7 @@ fn main() {
             .unwrap(),
             node_operator_principal_id: None,
             secret_key_store: None,
+            chip_id: vec![],
         },
     )]);
 

rs/ic_os/launch-single-vm/src/main.rs

@@ -28,6 +28,7 @@ DEPENDENCIES = [
     "@crate_index//:chrono",
     "@crate_index//:clap",
     "@crate_index//:fs_extra",
+    "@crate_index//:hex",
     "@crate_index//:json5",
     "@crate_index//:maplit",
     "@crate_index//:openssl",

rs/prep/BUILD.bazel

@@ -9,6 +9,7 @@ base64 = "0.11"
 clap = { version = "3.1.6", features = ["derive"] }
 chrono = "0.4.19"
 fs_extra = "1.2.0"
+hex = "0.4"
 ic-crypto = { path = "../crypto" }
 ic-crypto-node-key-generation = { path = "../crypto/node_key_generation" }
 ic-crypto-node-key-validation = { path = "../crypto/node_key_validation" }

rs/prep/Cargo.toml

@@ -381,6 +381,12 @@ fn parse_nodes_deprecated(src: &str) -> Result<Node> {
     // P2P is special, and needs a custom protocol
     let p2p_addr: Url = format!("org.internetcomputer.p2p1://{}", parts[2]).parse()?;
 
+    // chip_id is optional
+    let mut chip_id = vec![];
+    if parts.len() > 6 {
+        chip_id = hex::decode(parts[6])?;
+    }
+
     Ok(Node {
         node_index,
         subnet_index,
@@ -390,6 +396,7 @@ fn parse_nodes_deprecated(src: &str) -> Result<Node> {
             p2p_addr: ConnectionEndpoint::try_from(p2p_addr)?,
             node_operator_principal_id: None,
             secret_key_store: None,
+            chip_id,
         },
     })
 }
@@ -404,6 +411,7 @@ struct NodeFlag {
     pub public_api: Option<ConnectionEndpoint>,
     /// The initial endpoint that P2P uses.
     pub p2p_addr: Option<ConnectionEndpoint>,
+    pub chip_id: Option<Vec<u8>>,
 }
 
 #[derive(Error, Clone, Debug, PartialEq)]
@@ -444,6 +452,7 @@ impl TryFrom<NodeFlag> for Node {
         let xnet_api = value.xnet_api.ok_or(MissingFieldError::Xnet)?;
         let public_api = value.public_api.ok_or(MissingFieldError::PublicApi)?;
         let p2p_addr = value.p2p_addr.ok_or(MissingFieldError::P2PAddr)?;
+        let chip_id = value.chip_id.unwrap_or_default();
 
         Ok(Self {
             node_index,
@@ -454,6 +463,7 @@ impl TryFrom<NodeFlag> for Node {
                 p2p_addr,
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id,
             },
         })
     }
@@ -805,6 +815,7 @@ mod test_flag_nodes_parser_deprecated {
                 p2p_addr: "org.internetcomputer.p2p1://1.2.3.4:80".parse().unwrap(),
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id: vec![],
             },
         };
 
@@ -825,6 +836,7 @@ mod test_flag_nodes_parser_deprecated {
                 p2p_addr: "org.internetcomputer.p2p1://1.2.3.4:80".parse().unwrap(),
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id: vec![],
             },
         };
 
@@ -853,6 +865,7 @@ mod test_flag_node_parser {
                 p2p_addr: "org.internetcomputer.p2p1://1.2.3.4:80".parse().unwrap(),
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id: vec![],
             },
         };
 

rs/prep/src/bin/prep.rs

@@ -201,7 +201,7 @@ pub struct NodeConfiguration {
     /// The principal id of the node operator that operates this node.
     pub node_operator_principal_id: Option<PrincipalId>,
 
-    /// If set, the specified secret key store will be used. Ohterwise, a new
+    /// If set, the specified secret key store will be used. Otherwise, a new
     /// one will be created when initializing the internet computer.
     ///
     /// Creating the secret key store ahead of time allows for the node id to be
@@ -212,6 +212,9 @@ pub struct NodeConfiguration {
     /// directory chosen by ic-prep.
     #[serde(skip_serializing, skip_deserializing)]
     pub secret_key_store: Option<NodeSecretKeyStore>,
+
+    /// The SEV-SNP chip_identifier for this node.
+    pub chip_id: Vec<u8>,
 }
 
 #[derive(Error, Debug)]
@@ -388,6 +391,7 @@ mod node_configuration {
             p2p_addr: "org.internetcomputer.p2p1://1.2.3.4:1234".parse().unwrap(),
             node_operator_principal_id: None,
             secret_key_store: None,
+            chip_id: vec![],
         };
 
         let got = pbNodeRecord::try_from(node_configuration).unwrap();

rs/prep/src/node.rs

@@ -126,6 +126,7 @@ mod tests {
                 p2p_addr: "org.internetcomputer.p2p1://1.2.3.4:4".parse()?,
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id: vec![],
             },
         );
 

rs/prep/src/prep_state_directory.rs

@@ -134,6 +134,7 @@ pub fn run_ic_prep() -> (TempDir, IcPrepStateDir) {
                 .expect("can't fail"),
             node_operator_principal_id: None,
             secret_key_store: None,
+            chip_id: vec![],
         },
     );
 

rs/registry/regedit/src/tests.rs

@@ -241,6 +241,7 @@ pub fn get_ic_config() -> IcConfig {
                 .expect("can't fail"),
             node_operator_principal_id: None,
             secret_key_store: Some(node_sks),
+            chip_id: vec![],
         },
     );
 

rs/replica_tests/src/lib.rs

@@ -95,6 +95,7 @@ fn main() -> Result<()> {
                     .expect("can't fail"),
                 node_operator_principal_id: None,
                 secret_key_store: None,
+                chip_id: vec![],
             },
         );