[PoC] Enable CGO for CS H100

.github/workflows/ci.yml

@@ -74,15 +74,15 @@ jobs:
       - name: Build all modules except launcher
         run: go build -v ./... ./cmd/... ./verifier/...
       - name: Build launcher module
-        run: go build -v ./launcher/...
+        run: go build -v -ldflags="-extldflags=-Wl,-z,lazy" ./launcher/...
         if: runner.os == 'Linux'
       - name: Run specific tests under root permission
         run: |
           GO_EXECUTABLE_PATH=$(which go)
-          sudo $GO_EXECUTABLE_PATH test -v -run "TestFetchImageSignaturesDockerPublic" ./launcher
+          sudo $GO_EXECUTABLE_PATH test -v -ldflags="-extldflags=-Wl,-z,lazy" -run "TestFetchImageSignaturesDockerPublic" ./launcher
         if: runner.os == 'Linux'
       - name: Run all tests in launcher to capture potential data race
-        run: go test -v -race ./launcher/...
+        run: go test -v -ldflags="-extldflags=-Wl,-z,lazy" -race ./launcher/...
         if: (runner.os == 'Linux') && matrix.architecture == 'x64'
       - name: Test all modules except launcher
         run: go test -v ./... ./cmd/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass'

go.work

@@ -1,4 +1,6 @@
-go 1.23.0
+go 1.24.0
+
+toolchain go1.24.8
 
 use (
 	.

launcher/agent/agent.go

@@ -9,7 +9,9 @@ import (
 	"bytes"
 	"context"
 	"crypto"
+	"crypto/sha256"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"net/http"
@@ -24,6 +26,8 @@ import (
 	tg "github.com/google/go-tdx-guest/client"
 	tlabi "github.com/google/go-tdx-guest/client/linuxabi"
 
+	"github.com/NVIDIA/go-nvml/pkg/nvml"
+	"github.com/confidentsecurity/go-nvtrust/pkg/gonvtrust/gpu"
 	"github.com/google/go-tpm-tools/cel"
 	"github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm-tools/internal"
@@ -223,6 +227,14 @@ func (a *agent) AttestWithClient(ctx context.Context, opts AttestAgentOpts, clie
 		v.IntermediateCerts = certChain
 		v.AkCert = a.fetchedAK.CertDERBytes()
 		req.TDCCELAttestation = v
+		// log TDCCEL attestation data
+		a.logger.Info(fmt.Sprintf("TDX nonce: [%s]\n", hex.EncodeToString(req.Challenge.Nonce)))
+		a.logger.Info(fmt.Sprintf("CCEL data: [%s]\n", base64.StdEncoding.EncodeToString(v.CcelData)))
+		a.logger.Info(fmt.Sprintf("CCEL ACPI table data: [%s]\n", base64.StdEncoding.EncodeToString(v.CcelAcpiTable)))
+		a.logger.Info(fmt.Sprintf("TDX quote: [%s]\n", base64.StdEncoding.EncodeToString(v.TdQuote)))
+		a.logger.Info(fmt.Sprintf("CEL data: [%s]\n", base64.StdEncoding.EncodeToString(v.CanonicalEventLog)))
+		// collect GPU attestation
+		a.collectGpuAttestation(challenge.Nonce)
 	default:
 		return nil, fmt.Errorf("received an unsupported attestation type! %v", v)
 	}
@@ -406,3 +418,48 @@ func (c *sigsCache) get() []oci.Signature {
 	defer c.mu.RUnlock()
 	return c.items
 }
+
+func (a *agent) collectGpuAttestation(nonce []byte) {
+	handler := &gpu.DefaultNVMLHandler{}
+	gpuAdmin, err := gpu.NewNvmlGPUAdmin(handler)
+	if err != nil {
+		a.logger.Error(fmt.Sprintf("Failed to create GPU admin: %v\n", err))
+	}
+	defer gpuAdmin.Shutdown()
+
+	// The 34-byte raw nonce follows TPM 2.0 specs. We need to convert it to 32 bytes for Nvidia to meet SPDM specs.
+	nvNonce := sha256.Sum256(nonce)
+	deviceInfos, err := gpuAdmin.CollectEvidence(nvNonce[:])
+	if err != nil {
+		a.logger.Error(fmt.Sprintf("Failed to collect GPU evidence\n: %v", err))
+	}
+
+	for i, deviceInfo := range deviceInfos {
+		device, ret := handler.DeviceGetHandleByIndex(i)
+		if ret != nvml.SUCCESS {
+			a.logger.Error(fmt.Sprintf("Failed to get GPU device: %v\n", nvml.ErrorString(ret)))
+		}
+		uuid, ret := device.GetUUID()
+		if ret != nvml.SUCCESS {
+			a.logger.Error(fmt.Sprintf("Failed to get UUID: %v\n", nvml.ErrorString(ret)))
+		}
+
+		vbiosVersion, ret := device.GetVbiosVersion()
+		if ret != nvml.SUCCESS {
+			a.logger.Error(fmt.Sprintf("Failed to get vbios version: %v\n", nvml.ErrorString(ret)))
+		}
+
+		driverVersion, ret := handler.SystemGetDriverVersion()
+		if ret != nvml.SUCCESS {
+			a.logger.Error(fmt.Sprintf("Failed to get vbios version: %v\n", nvml.ErrorString(ret)))
+		}
+		a.logger.Info(fmt.Sprintf("NV nonce is [%s] \n", hex.EncodeToString(nvNonce[:])))
+		a.logger.Info(fmt.Sprintf("Found GPU UUID [%s] at index %d\n", uuid, i))
+		a.logger.Info(fmt.Sprintf("Found GPU VBIOS version [%s] at index %d\n", vbiosVersion, i))
+		a.logger.Info(fmt.Sprintf("Found GPU DRIVER version [%s] at index %d\n", driverVersion, i))
+		a.logger.Info(fmt.Sprintf("Found GPU Arch [%s] at index %d\n", deviceInfo.Arch(), i))
+		a.logger.Info(fmt.Sprintf("Found GPU attetation data [%s] at index %d\n", base64.StdEncoding.EncodeToString(deviceInfo.AttestationReport()), i))
+		b64CertChainData, _ := deviceInfo.Certificate().EncodeBase64()
+		a.logger.Info(fmt.Sprintf("Found GPU attestation cert chain data [%s] at index %d\n", b64CertChainData, i))
+	}
+}

launcher/cloudbuild.yaml

@@ -101,21 +101,21 @@ steps:
       --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID}
     exit
 
-- name: 'gcr.io/cloud-builders/gcloud'
-  id: HttpServerTests
-  waitFor: ['DebugImageBuild']
-  env:
-  - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}'
-  - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}'
-  - 'PROJECT_ID=$PROJECT_ID'
-  script: |
-    #!/usr/bin/env bash
+# - name: 'gcr.io/cloud-builders/gcloud'
+#   id: HttpServerTests
+#   waitFor: ['DebugImageBuild']
+#   env:
+#   - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}'
+#   - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}'
+#   - 'PROJECT_ID=$PROJECT_ID'
+#   script: |
+#     #!/usr/bin/env bash
 
-    cd launcher/image/test
-    echo "running http server tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}"
-    gcloud builds submit --config=test_http_server.yaml --region us-west1 \
-      --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID}
-    exit
+#     cd launcher/image/test
+#     echo "running http server tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}"
+#     gcloud builds submit --config=test_http_server.yaml --region us-west1 \
+#       --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID}
+#     exit
 
 - name: 'gcr.io/cloud-builders/gcloud'
   id: DebugImageTests

launcher/go.mod

@@ -1,17 +1,21 @@
 module github.com/google/go-tpm-tools/launcher
 
-go 1.23.0
+go 1.24.0
+
+toolchain go1.24.8
 
 require (
-	cloud.google.com/go/compute/metadata v0.5.2
-	cloud.google.com/go/logging v1.12.0
+	cloud.google.com/go/compute/metadata v0.8.0
+	cloud.google.com/go/logging v1.13.0
 	cos.googlesource.com/cos/tools.git v0.0.0-20250414225215-0cf736c0714c
+	github.com/NVIDIA/go-nvml v0.13.0-1
 	github.com/cenkalti/backoff/v4 v4.3.0
+	github.com/confidentsecurity/go-nvtrust v0.2.2
 	github.com/containerd/containerd v1.7.23
 	github.com/containerd/containerd/v2 v2.0.1
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/golang-jwt/jwt/v4 v4.5.1
-	github.com/google/go-cmp v0.6.0
+	github.com/google/go-cmp v0.7.0
 	github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc
 	github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843
 	github.com/google/go-tpm v0.9.0
@@ -20,18 +24,18 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/opencontainers/runtime-spec v1.2.0
-	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.205.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53
-	google.golang.org/protobuf v1.35.1
+	golang.org/x/oauth2 v0.30.0
+	google.golang.org/api v0.247.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c
+	google.golang.org/protobuf v1.36.7
 )
 
 require (
-	cloud.google.com/go v0.116.0 // indirect
-	cloud.google.com/go/auth v0.10.1 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
-	cloud.google.com/go/confidentialcomputing v1.8.0 // indirect
-	cloud.google.com/go/longrunning v0.6.1 // indirect
+	cloud.google.com/go v0.120.0 // indirect
+	cloud.google.com/go/auth v0.16.4 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
+	cloud.google.com/go/confidentialcomputing v1.10.1 // indirect
+	cloud.google.com/go/longrunning v0.6.7 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
@@ -49,23 +53,21 @@ require (
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/certificate-transparency-go v1.1.2 // indirect
-	github.com/google/gce-tcb-verifier v0.2.3-0.20240905212129-12f728a62786 // indirect
 	github.com/google/go-attestation v0.5.1 // indirect
 	github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba // indirect
 	github.com/google/go-sev-guest v0.13.0 // indirect
 	github.com/google/go-tspi v0.3.0 // indirect
 	github.com/google/logger v1.1.1 // indirect
-	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
+	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
 	github.com/klauspost/compress v1.17.11 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/sys/mountinfo v0.7.2 // indirect
@@ -77,22 +79,22 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
-	go.opentelemetry.io/otel v1.31.0 // indirect
-	go.opentelemetry.io/otel/metric v1.31.0 // indirect
-	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
+	go.opentelemetry.io/otel v1.36.0 // indirect
+	go.opentelemetry.io/otel/metric v1.36.0 // indirect
+	go.opentelemetry.io/otel/trace v1.36.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.35.0 // indirect
-	golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect
-	golang.org/x/net v0.36.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
+	golang.org/x/crypto v0.41.0 // indirect
+	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/sync v0.16.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
+	google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect
+	google.golang.org/grpc v1.74.2 // indirect
 )
 
 replace (