Skip to content

refactor(attestation): verify policy against TDINFO_STRUCT#780

Open
MichalTarnacki wants to merge 1 commit intointel:mainfrom
MichalTarnacki:TDINFO_STRUCT
Open

refactor(attestation): verify policy against TDINFO_STRUCT#780
MichalTarnacki wants to merge 1 commit intointel:mainfrom
MichalTarnacki:TDINFO_STRUCT

Conversation

@MichalTarnacki
Copy link
Copy Markdown
Contributor

@MichalTarnacki MichalTarnacki commented Apr 3, 2026

Per GHCI 1.5, policy and SERVTD_EXT verification operates on TDINFO_STRUCT:

  • verify_servtd_hash(): accepts TDINFO bytes, returns TdInfo (not TdxReport),
    parses via MaybeUninit + copy_nonoverlapping
  • verify_init_tdreport() -> verify_init_tdinfo(): renamed, returns TdInfo
  • Add get_rtmrs_from_tdinfo() and setup_evaluation_data_with_tdinfo()
  • authenticate_rebinding_old(): 6 params instead of 7 (removed init_policy
    and init_td_report, replaced with init_tdinfo); calls verify_event_log()
    directly against RTMRs from init_tdinfo; uses local policy for TCB eval
  • Remove get_init_tcb_evaluation_info() and TD_INFO_OFFSET constant
  • Update call sites in server_client.rs and spdm_rsp.rs

@MichalTarnacki MichalTarnacki requested a review from jyao1 as a code owner April 3, 2026 06:27
@MichalTarnacki MichalTarnacki force-pushed the TDINFO_STRUCT branch 2 times, most recently from cf8a159 to bb3ca0b Compare April 8, 2026 08:43
@MichalTarnacki @sgrams
refactor(attestation): verify policy against TDINFO_STRUCT
a379436 
Adapt rebinding handshake to use init_tdinfo instead of init_policy:
- rebinding.rs: rename params in pre_session_data_exchange functions
- server_client.rs: rename init_td_report -> init_tdinfo in RATLS cert
  creation/verification, update pre_session_data parsing with init_tdinfo
  naming, compare mrowner at TDINFO offset 112..160 directly instead of
  digest_sha384(init_policy)
- spdm_rsp.rs: rename pre_session_data parsing, compare mrowner directly

Per GHCI 1.5, policy and SERVTD_EXT verification operates on TDINFO_STRUCT:
- verify_servtd_hash(): accepts TDINFO bytes, returns TdInfo (not TdxReport),
  parses via MaybeUninit + copy_nonoverlapping
- verify_init_tdreport() -> verify_init_tdinfo(): renamed, returns TdInfo
- Add get_rtmrs_from_tdinfo() and setup_evaluation_data_with_tdinfo()
- authenticate_rebinding_old(): 6 params instead of 7 (removed init_policy
  and init_td_report, replaced with init_tdinfo); calls verify_event_log()
  directly against RTMRs from init_tdinfo; uses local policy for TCB eval
- Remove get_init_tcb_evaluation_info() and TD_INFO_OFFSET constant
- Update call sites in server_client.rs and spdm_rsp.rs

Co-authored-by: Grams, Stanislaw <stanislaw.grams@intel.com>
@MichalTarnacki MichalTarnacki mentioned this pull request Apr 8, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jyao1 jyao1 Awaiting requested review from jyao1 jyao1 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MichalTarnacki