No project description provided

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for kenplusplus from gravatar.com kenplusplus

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache License 2.0
  • Requires: Python >=3.6.8

Project description

TDX Attestation Tool

The measurement tool runs within TD guest to get RTMR value from TDREPORT via Linux attestation driver, and gets the full TD event log from CCEL ACPI table. Then it uses the TD event log to verify the RTMR value or change.

CSP or tenant developer could use it to analyze and debug the TDX measurement before providing the TDX guest VM.

Overview

The RTMR stands for Run-time Measurement Register, recording measurement for the component participating in the booting process. As of 2023.4, TDX supports four RTMRs, including RTMR[0], RTMR[1], RTMR[2] and RTMR[3].

The same RTMR may store measurement for different section in direct boot or grub boot.

  1. Direct boot
  • RTMR[0]: It stores the measurement for the TDVF configuration. Changes on a part of the tdvm launch parameters, such memory size, will affect the final measurement.
  • RTMR[1]: It stores the measurement for the kernel and cmdline passed to the kernel.
  • RTMR[2] and RTMR[3]: They are reserved and can be used by the guest software to extend the measurement.
  1. Grub boot
  • RTMR[0]: It works as it does in the direct boot.
  • RTMR[1]: It stores the measurement for the OS loader, such as grub.
  • RTMR[2]: It works as it does in the direct boot.
  • RTMR[3]: It is reserved and can be used by the guest software to extend the measurement.

More details can be found in the Articles-906357 and Commit 9d2b64a

Prerequisites

The Log Area Start Address (LASA) is from ACPI CCEL table. Please see GHCI specification.

Run

  1. Get Event Log

    ./tdx_eventlogs

    The example output for the event log in grub boot and direct boot

  2. Get TD Report

    ./tdx_tdreport

  3. Verify the RTMR

    ./tdx_verify_rtmr

  4. Extend the RTMR

    ./tdx_extend_rtmr -s 'test_extend_rtmr' -i 3

    User can extend RTMR register with different kinds of data, including raw data(with '-r', must be 48B length), string data(with '-s', will be converted to SHA384 digest) and SHA384 digest string(with '-d'). User can also change the index of RTMR register by using '-i'.

Installation

Build and install TDX Measurement Tool:

python3 setup.py bdist_wheel
pip3 install dist/*.whl --force-reinstall

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for kenplusplus from gravatar.com kenplusplus

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache License 2.0
  • Requires: Python >=3.6.8

Release history Release notifications | RSS feed

This version

0.0.11

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

pytdxattest-0.0.11-py3-none-any.whl (24.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page