[release/5.x] Cherry pick: Set and enforce VMPL in SNP attestation (#…

…6583) (#6584) Co-authored-by: Amaury Chamayou <[email protected]>
microsoft · Oct 21, 2024 · af83844 · af83844
1 parent 6e42877
commit af83844
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 2 deletions.
diff --git a/.snpcc_canary b/.snpcc_canary
@@ -5,3 +5,4 @@
 ...
 /\/\d(-_-)b/\/\
 --/\
+----vmpl
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [5.0.8]
+
+[5.0.8]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.8
+
+- Set VMPL value when creating SNP attestations, and check VMPL value is in guest range when verifiying attestation, since recent [updates allow host-initiated attestations](https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf) (#6583).
+
 ## [5.0.7]
 
 [5.0.7]: https://github.com/microsoft/CCF/releases/tag/ccf-5.0.7

diff --git a/include/ccf/pal/attestation.h b/include/ccf/pal/attestation.h
@@ -75,6 +75,20 @@ namespace ccf::pal
         fmt::format("SEV-SNP: Mask chip key must not be set"));
     }
 
+    // Introduced in
+    // https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/programmer-references/56860.pdf
+    // The guest sets the VMPL field to a value from 0 thru 3 which indicates a
+    // request from the guest. For a Guest requested attestation report this
+    // field will contain the value (0-3). A Host requested attestation report
+    // will have a value of 0xffffffff. CCF current always sets VMPL to 0, and
+    // rejects non-guest values.
+    if (quote.vmpl > 3)
+    {
+      throw std::logic_error(fmt::format(
+        "SEV-SNP: VMPL for guest attestations must be in 0-3 range, not {}",
+        quote.vmpl));
+    }
+
     report_data = SnpAttestationReportData(quote.report_data);
     measurement = SnpAttestationMeasurement(quote.measurement);
 

diff --git a/include/ccf/pal/snp_ioctl5.h b/include/ccf/pal/snp_ioctl5.h
@@ -56,7 +56,7 @@ namespace ccf::pal::snp::ioctl5
   struct AttestationReq
   {
     uint8_t report_data[snp_attestation_report_data_size];
-    uint32_t vmpl;
+    uint32_t vmpl = 0;
     uint8_t reserved[28];
   };
 

diff --git a/include/ccf/pal/snp_ioctl6.h b/include/ccf/pal/snp_ioctl6.h
@@ -23,7 +23,7 @@ namespace ccf::pal::snp::ioctl6
   struct AttestationReq
   {
     uint8_t report_data[snp_attestation_report_data_size];
-    uint32_t vmpl;
+    uint32_t vmpl = 0;
     uint8_t reserved[28]; // needs to be zero
   }; // aka snp_report_req in (linux) include/uapi/linux/sev-guest.h