update the CB protos, for CB all the layers except the root layer has…

… one measurement which is event digest, so the protos are updated to accommodate that change. Change-Id: I3716e29e13702bb8ca40ff54f101bcba526261dc
project-oak · Jun 14, 2024 · 693ef07 · 693ef07
1 parent d34d074
commit 693ef07
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 42 deletions.
diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs
@@ -39,19 +39,20 @@ use oak_proto_rust::oak::{
         ApplicationLayerReferenceValues, AttestationResults, BinaryReferenceValue, CbData,
         CbEndorsements, CbExpectedValues, CbReferenceValues, ContainerLayerData,
         ContainerLayerEndorsements, ContainerLayerExpectedValues, ContainerLayerReferenceValues,
-        EndorsementReferenceValue, Endorsements, Evidence, ExpectedDigests, ExpectedRegex,
-        ExpectedStringLiterals, ExpectedValues, ExtractedEvidence, FakeAttestationReport,
-        FirmwareAttachment, InsecureExpectedValues, IntelTdxAttestationReport,
-        IntelTdxExpectedValues, KernelAttachment, KernelBinaryReferenceValue, KernelExpectedValues,
-        KernelLayerData, KernelLayerEndorsements, KernelLayerExpectedValues,
-        KernelLayerReferenceValues, OakContainersData, OakContainersEndorsements,
-        OakContainersExpectedValues, OakContainersReferenceValues, OakRestrictedKernelData,
-        OakRestrictedKernelEndorsements, OakRestrictedKernelExpectedValues,
-        OakRestrictedKernelReferenceValues, RawDigests, ReferenceValues, RootLayerData,
-        RootLayerEndorsements, RootLayerEvidence, RootLayerExpectedValues,
-        RootLayerReferenceValues, SystemLayerData, SystemLayerEndorsements,
-        SystemLayerExpectedValues, SystemLayerReferenceValues, TcbVersion, TeePlatform,
-        TextExpectedValue, TextReferenceValue, TransparentReleaseEndorsement, VerificationSkipped,
+        EndorsementReferenceValue, Endorsements, EventData, EventExpectedValues, Evidence,
+        ExpectedDigests, ExpectedRegex, ExpectedStringLiterals, ExpectedValues, ExtractedEvidence,
+        FakeAttestationReport, FirmwareAttachment, InsecureExpectedValues,
+        IntelTdxAttestationReport, IntelTdxExpectedValues, KernelAttachment,
+        KernelBinaryReferenceValue, KernelExpectedValues, KernelLayerData, KernelLayerEndorsements,
+        KernelLayerExpectedValues, KernelLayerReferenceValues, OakContainersData,
+        OakContainersEndorsements, OakContainersExpectedValues, OakContainersReferenceValues,
+        OakRestrictedKernelData, OakRestrictedKernelEndorsements,
+        OakRestrictedKernelExpectedValues, OakRestrictedKernelReferenceValues, RawDigests,
+        ReferenceValues, RootLayerData, RootLayerEndorsements, RootLayerEvidence,
+        RootLayerExpectedValues, RootLayerReferenceValues, SystemLayerData,
+        SystemLayerEndorsements, SystemLayerExpectedValues, SystemLayerReferenceValues, TcbVersion,
+        TeePlatform, TextExpectedValue, TextReferenceValue, TransparentReleaseEndorsement,
+        VerificationSkipped,
     },
     RawDigest,
 };
@@ -402,6 +403,9 @@ fn get_cb_expected_values(
             endorsements.root_layer.as_ref(),
             reference_values.root_layer.as_ref().context("no root layer reference values")?,
         )?),
+        kernel_layer: Some(EventExpectedValues::default()),
+        system_layer: Some(EventExpectedValues::default()),
+        application_layer: Some(EventExpectedValues::default()),
     })
 }
 
@@ -1198,8 +1202,21 @@ fn extract_evidence_values(evidence: &Evidence) -> anyhow::Result<EvidenceValues
             _ => Err(anyhow::anyhow!("incorrect number of DICE layers for Oak Containers")),
         }
     } else {
-        // Assume for now this is CB evidence until the CB fields are better defined.
-        Ok(EvidenceValues::Cb(CbData { root_layer }))
+        match &evidence.layers[..] {
+            [_kernel_layer, _system_layer, _application_layer] => {
+                let kernel_layer = Some(EventData::default());
+                let system_layer = Some(EventData::default());
+                let application_layer = Some(EventData::default());
+
+                Ok(EvidenceValues::Cb(CbData {
+                    root_layer,
+                    kernel_layer,
+                    system_layer,
+                    application_layer,
+                }))
+            }
+            _ => Err(anyhow::anyhow!("incorrect number of DICE layers for CB")),
+        }
     }
 }
 

diff --git a/proto/attestation/expected_value.proto b/proto/attestation/expected_value.proto
@@ -139,17 +139,9 @@ message ApplicationLayerExpectedValues {
   ExpectedDigests configuration = 2;
 }
 
-// Represents digest of application task config.
-message CBApplicationLayerExpectedValues {
-  // Verifies the application task config.
-  ExpectedDigests binary = 1;
-}
-
-// Represents digest of application task config.
-message CBSystemLayerExpectedValues {
-  // Verifies the application task config.
-  ExpectedDigests system_image = 1;
-  TextExpectedValue system_cmd_line = 2;
+// Represents digest of an event.
+message EventExpectedValues {
+  ExpectedDigests event = 1;
 }
 
 message OakRestrictedKernelExpectedValues {
@@ -167,6 +159,9 @@ message OakContainersExpectedValues {
 
 message CBExpectedValues {
   RootLayerExpectedValues root_layer = 1;
+  EventExpectedValues kernel_layer = 2;
+  EventExpectedValues system_layer = 3;
+  EventExpectedValues application_layer = 4;
 }
 
 message ExpectedValues {

diff --git a/proto/attestation/reference_value.proto b/proto/attestation/reference_value.proto
@@ -186,13 +186,6 @@ message SystemLayerReferenceValues {
   BinaryReferenceValue system_image = 1;
 }
 
-message CBSystemLayerReferenceValues {
-  // Verifies the system image binary.
-  BinaryReferenceValue system_image = 1;
-  // Verifies the command line by which the system image was built.
-  StringReferenceValue system_cmd_line = 2;
-}
-
 // Represents an application running under Oak Restricted Kernel.
 message ApplicationLayerReferenceValues {
   // Verifies the application binary based on endorsement.
@@ -202,12 +195,6 @@ message ApplicationLayerReferenceValues {
   BinaryReferenceValue configuration = 2;
 }
 
-// Represents digest of application task config.
-message CBApplicationLayerReferenceValues {
-  // Verifies the application task config.
-  BinaryReferenceValue binary = 1;
-}
-
 message ContainerLayerReferenceValues {
   // Verifies the container binary based on endorsement.
   BinaryReferenceValue binary = 1;
@@ -216,6 +203,11 @@ message ContainerLayerReferenceValues {
   BinaryReferenceValue configuration = 2;
 }
 
+// Represents digest of an event.
+message EventReferenceValues {
+  BinaryReferenceValue event = 1;
+}
+
 message OakRestrictedKernelReferenceValues {
   RootLayerReferenceValues root_layer = 1;
   KernelLayerReferenceValues kernel_layer = 2;
@@ -231,9 +223,9 @@ message OakContainersReferenceValues {
 
 message CBReferenceValues {
   RootLayerReferenceValues root_layer = 1;
-  KernelLayerReferenceValues kernel_layer = 2;
-  CBSystemLayerReferenceValues system_layer = 3;
-  CBApplicationLayerReferenceValues application_layer = 4;
+  EventReferenceValues kernel_layer = 2;
+  EventReferenceValues system_layer = 3;
+  EventReferenceValues application_layer = 4;
 }
 
 message ReferenceValues {

diff --git a/proto/attestation/verification.proto b/proto/attestation/verification.proto
@@ -194,6 +194,12 @@ message ContainerLayerData {
   RawDigest config = 2;
 }
 
+// Values extracted from the evidence that represents an event.
+message EventData {
+  // Measurement RawDigest of an event.
+  RawDigest event = 1;
+}
+
 // Values extracted from the evidence for a restricted kernel application.
 message OakRestrictedKernelData {
   RootLayerData root_layer = 1;
@@ -212,4 +218,7 @@ message OakContainersData {
 // Reserved for future use.
 message CbData {
   RootLayerData root_layer = 1;
+  EventData kernel_layer = 2;
+  EventData system_layer = 3;
+  EventData application_layer = 4;
 }