Attestation report support with openssl

[cclaudio]

Tom suggested to break the PR #35 into two. The first part PR #41 got merged and this is the second part.

The function get_report() can be called to request an attestation report; if the last parameter CertBuf is provided, the certificate chain is stored in the CertBuf.addr provided.

Certificate chain

Make sure the certificate chain is populated in the host, otherwise get_report() will return an empty certificate chain. The sev-guest repository explains how to properly set the certificate chain, however, for testing purpose you can just add some random data to the certificates.

$ git clone https://github.com/AMDESE/sev-guest.git
$ cd sev-guest
$ echo -n "1111" > ark.pem
$ echo -n "2222" > ask.pem
$ echo -n "3333" > vcek.pem
$ make sev-host-set-cert-chain
$ sudo ./sev-host-set-cert-chain -r ark.pem -s ask.pem -v vcek.pem

How to test it

This commit can be applied to test the get_report() function.

If you build the code with make FEATURES=verbose and use the launch-qemu.sh script to launch the guest, you should be able to see messages like this in the console.

INFO: SNP_GUEST_REQUEST msg_type 5 encrypted (96 bytes)
INFO: SNP_GUEST_REQUEST msg_type 6 decrypted (1216 bytes)
INFO: Report, 1184 bytes, vmpl 0
INFO:     report_id: [8b, 82, ed, 43, b9, 0, 50, b6, ec, 26, 38, f7, 33, 73, f7, d0, 1f, 44, 8d, 81, 5e, b6, 22, cb, ad, 7c, f4, 24, 81, d9, dd, c0]
INFO:     report_data: [31, 32, 33, 0, 34, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
INFO: certs sample [63, da, 75, 8d, e6, 64, 45, 64, ad, c5, f4, b9, 3b, e8, ac, cd, 60, 0, 0, 0, 5, 0, 0, 0, 4a, b7, b3, 79, bb, ac, 4f, e4, a0, 2f, 5, ae, f3, 27, c7, 82, 65, 0, 0, 0, 5, 0, 0, 0, c0, b4, 6, a4, a8, 3, 49, 52, 97, 43, 3f, b6, 1, 4c, d0, ae, 6a, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 33, 33, 33, 33, a, 32, 32, 32, 32, a, 31, 31, 31, 31, a, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
INFO: SNP_GUEST_REQUEST msg_type 5 encrypted (96 bytes)
INFO: SNP_GUEST_REQUEST msg_type 6 decrypted (1216 bytes)
INFO: Report, 1184 bytes, vmpl 0
INFO:     report_id: [8b, 82, ed, 43, b9, 0, 50, b6, ec, 26, 38, f7, 33, 73, f7, d0, 1f, 44, 8d, 81, 5e, b6, 22, cb, ad, 7c, f4, 24, 81, d9, dd, c0]
INFO:     report_data: [35, 36, 37, 0, 38, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

The test basically requests two attestation reports, where the certificate chain is requested only in the first request. The first 600 bytes of the cert chain is printed.