pytdxmeasure

No project description provided

Project description

TDX Measurement Tool

The measurement tool runs within TD guest to get RTMR value from TDREPORT via Linux attestation driver, and gets the full TD event log from CCEL ACPI table. Then it uses the TD event log to verify the RTMR value or change.

CSP or tenant developer could use it to analyze and debug the TDX measurement before providing the TDX guest VM.

Overview

The RTMR stands for Run-time Measurement Register, recording measurement for the component participating in the booting process. As of 2023.4, TDX supports four RTMRs, including RTMR[0], RTMR[1], RTMR[2] and RTMR[3].

The same RTMR may store measurement for different section in direct boot or grub boot.

Direct boot

RTMR[0]: It stores the measurement for the TDVF configuration. Changes on a part of the tdvm launch parameters, such memory size, will affect the final measurement.
RTMR[1]: It stores the measurement for the kernel and cmdline passed to the kernel.
RTMR[2] and RTMR[3]: They are reserved and can be used by the guest software to extend the measurement.

Grub boot

RTMR[0]: It works as it does in the direct boot.
RTMR[1]: It stores the measurement for the OS loader, such as grub.
RTMR[2]: It works as it does in the direct boot.
RTMR[3]: It is reserved and can be used by the guest software to extend the measurement.

More details can be found in the Articles-906357 and Commit 9d2b64a

Prerequisites

The Log Area Start Address (LASA) is from ACPI CCEL table. Please see GHCI specification.

Run

Get Event Log
```
./tdx_eventlogs
```
The example output for the event log in grub boot and direct boot
Get TD Report
```
./tdx_tdreport
```
Verify the RTMR
```
./tdx_verify_rtmr
```
Extend the RTMR
```
./tdx_extend_rtmr -s 'test_extend_rtmr' -i 3
```
User can extend RTMR register with different kinds of data, including raw data(with '-r', must be 48B length), string data(with '-s', will be converted to SHA384 digest) and SHA384 digest string(with '-d'). User can also change the index of RTMR register by using '-i'.

Installation

Build and install TDX Measurement Tool:

python3 setup.py bdist_wheel
pip3 install dist/*.whl --force-reinstall

Project details

Release history Release notifications | RSS feed

This version

0.0.9

Jul 18, 2023

0.0.8

Apr 27, 2023

0.0.7

Feb 25, 2023

0.0.5

Sep 19, 2022

0.0.4

Sep 19, 2022

0.0.3

Sep 18, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

pytdxmeasure-0.0.9-py3-none-any.whl (24.7 kB view details)

Uploaded Jul 18, 2023 Python 3

File details

Details for the file pytdxmeasure-0.0.9-py3-none-any.whl.

File metadata

Download URL: pytdxmeasure-0.0.9-py3-none-any.whl
Upload date: Jul 18, 2023
Size: 24.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for pytdxmeasure-0.0.9-py3-none-any.whl
Algorithm	Hash digest
SHA256	`cba566746e8c4088d5c20b9259fa4df6cb50b88a7b1fb8c5f1e7c4684593ee1d`
MD5	`ef963d2e95b5be2cbef878cdb139a08a`
BLAKE2b-256	`f9abea547814ed56aa025ded132a9f13b605bd0601964f2e4266fd8a118575e2`