Add NV index reader (for reading AK certificate)

ameba23 · ameba23 · commit ebb69b86aa22 · 2025-11-25T12:47:33.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -35,6 +35,7 @@ tracing = "0.1.41"
 tracing-subscriber = { version = "0.3.20", features = ["env-filter", "json"] }
 parity-scale-codec = "3.7.5"
 openssl = "0.10.75"
+tss-esapi = "7.6.0"
 
 [dev-dependencies]
 rcgen = "0.14.5"
diff --git a/src/attestation/mod.rs b/src/attestation/mod.rs
@@ -1,6 +1,7 @@
 pub mod azure;
 pub mod dcap;
 pub mod measurements;
+pub mod nv_index;
 
 use measurements::{MeasurementRecord, Measurements};
 use parity_scale_codec::{Decode, Encode};
diff --git a/src/attestation/nv_index.rs b/src/attestation/nv_index.rs
@@ -0,0 +1,28 @@
+use tss_esapi::{
+    handles::NvIndexHandle,
+    interface_types::{resource_handles::NvAuth, session_handles::AuthSession},
+    structures::MaxNvBuffer,
+    tcti_ldr::{DeviceConfig, TctiNameConf},
+    Context,
+};
+
+pub fn get_session_context() -> Result<Context, tss_esapi::Error> {
+    let conf: TctiNameConf = TctiNameConf::Device(DeviceConfig::default());
+    let mut context = Context::new(conf)?;
+    let auth_session = AuthSession::Password;
+    context.set_sessions((Some(auth_session), None, None));
+    Ok(context)
+}
+
+pub fn read_nv_index(ctx: &mut Context, index: u32) -> Result<Vec<u8>, anyhow::Error> {
+    let handle = NvIndexHandle::from(index);
+    let size = ctx
+        .nv_read_public(handle.into())?
+        .0
+        .data_size()
+        .try_into()
+        .unwrap_or(0u16);
+
+    let data: MaxNvBuffer = ctx.nv_read(NvAuth::Owner, handle, size, 0)?;
+    Ok(data.to_vec())
+}
