Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the method for getting Region 1~3 base and size #677

Merged
merged 1 commit into from
May 7, 2024
Merged

Improve the method for getting Region 1~3 base and size #677

merged 1 commit into from
May 7, 2024

Conversation

OuyangHang33
Copy link
Collaborator

Fix: #676

Tested with bzImage6.8 and get:
6ad357abcad6dd3c91cda809428937bb5915b48f71c961c603c78652c35452dc1286430fa59a54e47841a1ce1b9c5028
Match with:
Digest: 6ad357abcad6dd3c91cda809428937bb5915b48f71c961c603c78652c35452dc1286430fa59a54e47841a1ce1b9c5028

@OuyangHang33 OuyangHang33 changed the title I676 Add magic check and replace const checksum offset with base+offset Mar 25, 2024
@OuyangHang33
Copy link
Collaborator Author

Hi @arronwy , could you take a look and test it? Thank you!

jyao1
jyao1 reviewed Mar 25, 2024
View reviewed changes
td-shim-tools/src/bin/td-payload-reference-calculator/main.rs Outdated
// Cert table Offset: 128/144 Size: 8

let magic = ((buf[optional_header_addr + 1] as u16) << 8) | buf[optional_header_addr] as u16;
let is_pe32 = is_pe32(magic).ok().unwrap();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why unwrap()

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

jyao1
jyao1 reviewed Mar 25, 2024
View reviewed changes
td-shim-tools/src/bin/td-payload-reference-calculator/main.rs Outdated
let is_pe32 = is_pe32(magic).ok().unwrap();
let optional_size_of_headers_offset: usize = 0x003c;
let optional_checksum_offset: usize = 0x0040;
let optional_cert_table_offset = if is_pe32 { 0x0080 } else { 0x0090 };
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we support PE32 (IA32), not PE32+ (X64)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only support PE32+, removed magic check

@OuyangHang33 OuyangHang33 changed the title Add magic check and replace const checksum offset with base+offset Improve the method for getting Region 1~3 base and size Mar 25, 2024
arronwy
arronwy approved these changes Mar 25, 2024
View reviewed changes
Copy link
Member

@arronwy arronwy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @OuyangHang33 LGTM!

Verified with guest 6.6 kernel and 6.8 kernel:

file /root/tdx_vm/bzImage
/root/tdx_vm/bzImage: Linux kernel x86 boot executable bzImage, version 6.8.0-rc5-g1470fd2f6d23-dirty (root@tdx-ac2) #11 SMP PREEMPT_DYNAMIC Wed Mar 20 06:56:33 UTC 2024, RO-rootFS, swap_dev 0X11, Normal VGA

target/release/td-payload-reference-calculator kernel -q --kernel /root/tdx_vm/bzImage
6ad357abcad6dd3c91cda809428937bb5915b48f71c961c603c78652c35452dc1286430fa59a54e47841a1ce1b9c5028

    Event Entry:
        RTMR: 2
        Event Type: EV_EFI_BOOT_SERVICES_APPLICATION
        Digest Algorithm: TPM_ALG_SHA384
        Digest: 6ad357abcad6dd3c91cda809428937bb5915b48f71c961c603c78652c35452dc1286430fa59a54e47841a1ce1b9c5028
        Event Desc: 1840cd790000000000421d010000000000000000000000002a000000000000000403140072f728144ab61e44b8c39ebdd7f893c7040412006b00650072006e0065006c0000007fff0400

file /root/tdx_vm/bzImage_6.6
/root/tdx_vm/bzImage_6.6: Linux kernel x86 boot executable bzImage, version 6.6.0-rc2-gc177cc781327 (root@tdx-ac2) #1 SMP PREEMPT_DYNAMIC Thu Mar  7 03:35:48 UTC 2024, RO-rootFS, swap_dev 0X11, Normal VGA

target/release/td-payload-reference-calculator kernel -q --kernel /root/tdx_vm/bzImage_6.6
ddb0ae763ef79685a2102128325e6a7f765ef3b602ad22c12e13b97d6f1e44d1dbb4e55fef418003ad37125a14a67a65

    Event Entry:
        RTMR: 2
        Event Type: EV_EFI_BOOT_SERVICES_APPLICATION
        Digest Algorithm: TPM_ALG_SHA384
        Digest: ddb0ae763ef79685a2102128325e6a7f765ef3b602ad22c12e13b97d6f1e44d1dbb4e55fef418003ad37125a14a67a65
        Event Desc: 18e0db790000000080f315010000000000000001000000002a000000000000000403140072f728144ab61e44b8c39ebdd7f893c7040412006b00650072006e0065006c0000007fff0400

@jyao1 jyao1 merged commit de5a923 into confidential-containers:main May 7, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyao1 jyao1 jyao1 approved these changes

@arronwy arronwy arronwy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Td-payload-reference-calculator needs to get ADDR and SIZE base on input file
3 participants
@OuyangHang33 @jyao1 @arronwy