adding in GPU device binding event

Sibcgh · Sibcgh · commit d4fd8b44c536 · 2026-02-13T23:17:39.000Z
diff --git a/cel/cos_tlv.go b/cel/cos_tlv.go
@@ -48,6 +48,7 @@ const (
 	LaunchSeparatorType
 	MemoryMonitorType
 	GpuCCModeType
+	GPUDeviceAttestationBindingType
 )
 
 // CosTlv is a specific event type created for the COS (Google Container-Optimized OS),
diff --git a/launcher/agent/agent_test.go b/launcher/agent/agent_test.go
@@ -645,6 +645,9 @@ func measureFakeEvents(attestAgent AttestationAgent) error {
 	if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil {
 		return err
 	}
+	if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.GPUDeviceAttestationBindingType, EventContent: []byte(arg)}); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/launcher/container_runner.go b/launcher/container_runner.go
@@ -421,6 +421,17 @@ func (r *ContainerRunner) measureMemoryMonitor() error {
 	return nil
 }
 
+// TODO: Test functionality once GPU support is available.
+// measureGPUAttestationEvidence will measure GPU attestation claims into the COS
+// eventlog in the AttestationAgent.
+func (r *ContainerRunner) measureGPUAttestationEvidence() error {
+	if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.GPUDeviceAttestationBindingType, EventContent: []byte{}}); err != nil {
+		return err
+	}
+	r.logger.Info("Successfully measured GPU device attestation binding event")
+	return nil
+}
+
 // Retrieves the default OIDC token from the attestation service, and returns how long
 // to wait before attemping to refresh it.
 // The token file will be written to a tmp file and then renamed.
diff --git a/server/eventlog.go b/server/eventlog.go
@@ -450,6 +450,9 @@ func getVerifiedCosState(coscel gecel.CEL, registerType gecel.MRType) (*pb.Attes
 			}
 			cosState.GpuDeviceState.CcMode = pb.GPUDeviceCCMode(ccMode)
 
+		// TODO: add support for GPU Device Attestation Binding Event
+		// case cel.GPUDeviceAttestationBindingType:
+
 		default:
 			return nil, fmt.Errorf("found unknown COS Event Type %v", cosTlv.EventType)
 		}

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ const (`
`48`	`48`	`LaunchSeparatorType`
`49`	`49`	`MemoryMonitorType`
`50`	`50`	`GpuCCModeType`
	`51`	`+ GPUDeviceAttestationBindingType`
`51`	`52`	`)`
`52`	`53`
`53`	`54`	`// CosTlv is a specific event type created for the COS (Google Container-Optimized OS),`
Original file line number	Diff line number	Diff line change
`@@ -645,6 +645,9 @@ func measureFakeEvents(attestAgent AttestationAgent) error {`
`645`	`645`	`if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil {`
`646`	`646`	`return err`
`647`	`647`	`}`
	`648`	`+ if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.GPUDeviceAttestationBindingType, EventContent: []byte(arg)}); err != nil {`
	`649`	`+ return err`
	`650`	`+ }`
`648`	`651`	`return nil`
`649`	`652`	`}`
`650`	`653`
Original file line number	Diff line number	Diff line change
`@@ -450,6 +450,9 @@ func getVerifiedCosState(coscel gecel.CEL, registerType gecel.MRType) (*pb.Attes`
`450`	`450`	`}`
`451`	`451`	`cosState.GpuDeviceState.CcMode = pb.GPUDeviceCCMode(ccMode)`
`452`	`452`
	`453`	`+ // TODO: add support for GPU Device Attestation Binding Event`
	`454`	`+ // case cel.GPUDeviceAttestationBindingType:`
	`455`	`+`
`453`	`456`	`default:`
`454`	`457`	`return nil, fmt.Errorf("found unknown COS Event Type %v", cosTlv.EventType)`
`455`	`458`	`}`