Merge pull request #399 from oasisprotocol/kostko/feature/rofl-build-identity

feat(cmd/rofl): Populate component identity in the generated bundle

Author: kostko

build/measurement/tdx_qemu.go

@@ -453,7 +453,7 @@ func computeEnclaveIdentity(
 //
 // It may return multiple identities because there may be differences between QEMU versions that can
 // cause differences in measurements (e.g. with MRTD).
-func MeasureTdxQemu(bnd *bundle.Bundle, comp *bundle.Component) ([]sgx.EnclaveIdentity, error) {
+func MeasureTdxQemu(bnd *bundle.Bundle, comp *bundle.Component) ([]bundle.Identity, error) {
 	if comp.TDX == nil {
 		return nil, fmt.Errorf("component does not support TDX")
 	}
@@ -526,14 +526,18 @@ func MeasureTdxQemu(bnd *bundle.Bundle, comp *bundle.Component) ([]sgx.EnclaveId
 
 	// Compute MRTD for all known QEMU variants as there are unfortunately different
 	// implementations.
-	eids := make([]sgx.EnclaveIdentity, 0, 2)
+	ids := make([]bundle.Identity, 0, 2)
 	for _, variant := range []int{
 		mrtdVariantTwoPass,
 		mrtdVariantSinglePass,
 	} {
 		mrtd := tdvfMeta.computeMrtd(fw, variant)
+		eid := computeEnclaveIdentity(mrtd, rtmr0, rtmr1, rtmr2, rtmr3[:])
 
-		eids = append(eids, computeEnclaveIdentity(mrtd, rtmr0, rtmr1, rtmr2, rtmr3[:]))
+		ids = append(ids, bundle.Identity{
+			Hypervisor: fmt.Sprintf("qemu/v%d", variant),
+			Enclave:    eid,
+		})
 	}
-	return eids, nil
+	return ids, nil
 }

cmd/rofl/build/build.go

@@ -143,24 +143,24 @@ var (
 
 			fmt.Println("Computing enclave identity...")
 
-			eids, err := roflCommon.ComputeEnclaveIdentity(bnd, "")
+			ids, err := roflCommon.ComputeEnclaveIdentity(bnd, "")
 			if err != nil {
 				fmt.Printf("%s\n", err)
 				return
 			}
 
 			// Setup some post-bundle environment variables.
 			os.Setenv("ROFL_BUNDLE", outFn)
-			for idx, enclaveID := range eids {
-				data, _ := enclaveID.MarshalText()
+			for idx, id := range ids {
+				data, _ := id.Enclave.MarshalText()
 				os.Setenv(fmt.Sprintf("ROFL_ENCLAVE_ID_%d", idx), string(data))
 			}
 
 			runScript(manifest, buildRofl.ScriptBundlePost)
 
 			buildEnclaves := make(map[sgx.EnclaveIdentity]struct{})
-			for _, eid := range eids {
-				buildEnclaves[eid] = struct{}{}
+			for _, id := range ids {
+				buildEnclaves[id.Enclave] = struct{}{}
 			}
 
 			manifestEnclaves := make(map[sgx.EnclaveIdentity]struct{})
@@ -241,15 +241,18 @@ var (
 				fmt.Printf("  %s:\n", deploymentName)
 				fmt.Printf("    policy:\n")
 				fmt.Printf("      enclaves:\n")
-				for _, enclaveID := range eids {
-					data, _ := enclaveID.MarshalText()
+				for _, id := range ids {
+					data, _ := id.Enclave.MarshalText()
 					fmt.Printf("        - \"%s\"\n", string(data))
 				}
 				fmt.Println()
 				fmt.Println("Next time you can also use the --update-manifest flag to apply changes.")
 			case true:
 				// Update the manifest with the given enclave identities, overwriting existing ones.
-				deployment.Policy.Enclaves = eids
+				deployment.Policy.Enclaves = make([]sgx.EnclaveIdentity, len(ids))
+				for _, id := range ids {
+					deployment.Policy.Enclaves = append(deployment.Policy.Enclaves, id.Enclave)
+				}
 
 				if err = manifest.Save(); err != nil {
 					cobra.CheckErr(fmt.Errorf("failed to update manifest: %w", err))

cmd/rofl/build/sgx.go

@@ -21,6 +21,7 @@ import (
 	buildRofl "github.com/oasisprotocol/cli/build/rofl"
 	"github.com/oasisprotocol/cli/build/sgxs"
 	"github.com/oasisprotocol/cli/cmd/common"
+	roflCommon "github.com/oasisprotocol/cli/cmd/rofl/common"
 )
 
 // sgxBuild builds an SGX-based "raw" ROFL app.
@@ -132,6 +133,13 @@ func sgxBuild(
 		_ = bnd.Add(dst, bundle.NewBytesData(b))
 	}
 	_ = bnd.Add(sigName, bundle.NewBytesData(sigData))
+
+	// Compute expected component identity and include it in the manifest.
+	ids, err := roflCommon.ComputeComponentIdentity(bnd, &comp)
+	if err != nil {
+		cobra.CheckErr(fmt.Errorf("failed to compute component identity: %w", err))
+	}
+	comp.Identities = ids
 }
 
 // sgxGenerateKey generates a 3072-bit RSA key with public exponent 3 as required for SGX.

cmd/rofl/build/tdx.go

@@ -14,6 +14,7 @@ import (
 	"github.com/oasisprotocol/cli/build/cargo"
 	buildRofl "github.com/oasisprotocol/cli/build/rofl"
 	"github.com/oasisprotocol/cli/cmd/common"
+	roflCommon "github.com/oasisprotocol/cli/cmd/rofl/common"
 )
 
 // Artifact kinds.
@@ -283,6 +284,13 @@ func tdxBundleComponent(
 		_ = bnd.Add(dst, bundle.NewFileData(src))
 	}
 
+	// Compute expected component identity and include it in the manifest.
+	ids, err := roflCommon.ComputeComponentIdentity(bnd, &comp)
+	if err != nil {
+		return fmt.Errorf("failed to compute component identity: %w", err)
+	}
+	comp.Identities = ids
+
 	return nil
 }
 

cmd/rofl/common/identity.go

@@ -3,7 +3,6 @@ package common
 import (
 	"fmt"
 
-	"github.com/oasisprotocol/oasis-core/go/common/sgx"
 	"github.com/oasisprotocol/oasis-core/go/runtime/bundle"
 	"github.com/oasisprotocol/oasis-core/go/runtime/bundle/component"
 
@@ -12,7 +11,7 @@ import (
 
 // ComputeEnclaveIdentity computes the enclave identity of the given ROFL components. If no specific
 // component ID is passed, it uses the first ROFL component.
-func ComputeEnclaveIdentity(bnd *bundle.Bundle, compID string) ([]sgx.EnclaveIdentity, error) {
+func ComputeEnclaveIdentity(bnd *bundle.Bundle, compID string) ([]bundle.Identity, error) {
 	var cid component.ID
 	if compID != "" {
 		if err := cid.UnmarshalText([]byte(compID)); err != nil {
@@ -33,14 +32,7 @@ func ComputeEnclaveIdentity(bnd *bundle.Bundle, compID string) ([]sgx.EnclaveIde
 			}
 		}
 
-		switch teeKind := comp.TEEKind(); teeKind {
-		case component.TEEKindSGX:
-			return bnd.EnclaveIdentities(comp.ID())
-		case component.TEEKindTDX:
-			return measurement.MeasureTdxQemu(bnd, comp)
-		default:
-			return nil, fmt.Errorf("identity computation for TEE kind '%s' not supported", teeKind)
-		}
+		return ComputeComponentIdentity(bnd, comp)
 	}
 
 	switch compID {
@@ -50,3 +42,25 @@ func ComputeEnclaveIdentity(bnd *bundle.Bundle, compID string) ([]sgx.EnclaveIde
 		return nil, fmt.Errorf("ROFL app '%s' not found in bundle", compID)
 	}
 }
+
+// ComputeComponentIdentity computes the enclave identity of the given component.
+func ComputeComponentIdentity(bnd *bundle.Bundle, comp *bundle.Component) ([]bundle.Identity, error) {
+	switch teeKind := comp.TEEKind(); teeKind {
+	case component.TEEKindSGX:
+		eids, err := bnd.EnclaveIdentities(comp.ID())
+		if err != nil {
+			return nil, err
+		}
+
+		ids := make([]bundle.Identity, len(eids))
+		for _, eid := range eids {
+			// For SGX enclaves, there is no additional metadata (e.g. hypervisor).
+			ids = append(ids, bundle.Identity{Enclave: eid})
+		}
+		return ids, nil
+	case component.TEEKindTDX:
+		return measurement.MeasureTdxQemu(bnd, comp)
+	default:
+		return nil, fmt.Errorf("identity computation for TEE kind '%s' not supported", teeKind)
+	}
+}

cmd/rofl/identity.go

@@ -27,11 +27,11 @@ var (
 				cobra.CheckErr(fmt.Errorf("failed to open bundle: %w", err))
 			}
 
-			eids, err := roflCommon.ComputeEnclaveIdentity(bnd, compID)
+			ids, err := roflCommon.ComputeEnclaveIdentity(bnd, compID)
 			cobra.CheckErr(err)
 
-			for _, enclaveID := range eids {
-				data, _ := enclaveID.MarshalText()
+			for _, id := range ids {
+				data, _ := id.Enclave.MarshalText()
 				fmt.Println(string(data))
 			}
 		},