From a243096dfb59034a02be0c668c6e00e2c5c9b30a Mon Sep 17 00:00:00 2001 From: cjen1-msft Date: Tue, 4 Mar 2025 12:02:41 +0000 Subject: [PATCH] fmt --- include/ccf/pal/attestation_sev_snp.h | 18 ++--- include/ccf/service/tables/tcb_verification.h | 3 +- src/node/quote.cpp | 17 +++-- src/node/rpc/node_frontend.h | 1 - src/pal/quote_generation.h | 2 +- src/service/internal_tables_access.h | 68 +++++++++++-------- 6 files changed, 57 insertions(+), 52 deletions(-) diff --git a/include/ccf/pal/attestation_sev_snp.h b/include/ccf/pal/attestation_sev_snp.h index c3ca7ac6fec..d374fdd19ff 100644 --- a/include/ccf/pal/attestation_sev_snp.h +++ b/include/ccf/pal/attestation_sev_snp.h @@ -6,7 +6,6 @@ #include "ccf/pal/attestation_sev_snp_endorsements.h" #include "ccf/pal/measurement.h" #include "ccf/pal/report_data.h" -#include "ccf/pal/hardware_info.h" #include #include @@ -297,11 +296,13 @@ QPHfbkH0CyPfhl1jWhJFZasCAwEAAQ== }; #pragma pack(pop) DECLARE_JSON_TYPE(CPUID); - DECLARE_JSON_REQUIRED_FIELDS(CPUID, stepping, base_model, base_family, extended_model, extended_family); + DECLARE_JSON_REQUIRED_FIELDS( + CPUID, stepping, base_model, base_family, extended_model, extended_family); static_assert( sizeof(CPUID) == sizeof(uint32_t), "Can't cast CPUID to uint32_t"); - union UnionedCPUID{ + union UnionedCPUID + { uint32_t eax; CPUID cpuid; }; @@ -310,10 +311,7 @@ QPHfbkH0CyPfhl1jWhJFZasCAwEAAQ== { UnionedCPUID cpuid_eax; cpuid_eax.eax = 0; - asm volatile( - "cpuid" - : "=a"(cpuid_eax.eax) - : "a"(1)); + asm volatile("cpuid" : "=a"(cpuid_eax.eax) : "a"(1)); return cpuid_eax.cpuid; } } @@ -325,15 +323,13 @@ namespace ccf::kv::serialisers template <> struct BlitSerialiser { - static SerialisedEntry to_serialised( - const ccf::pal::snp::CPUID& chip) + static SerialisedEntry to_serialised(const ccf::pal::snp::CPUID& chip) { auto hex_str = chip.hex_str(); return SerialisedEntry(hex_str.begin(), hex_str.end()); } - static ccf::pal::snp::CPUID from_serialised( - const SerialisedEntry& data) + static ccf::pal::snp::CPUID from_serialised(const SerialisedEntry& data) { ccf::pal::snp::CPUID ret; auto buf_ptr = reinterpret_cast(&ret); diff --git a/include/ccf/service/tables/tcb_verification.h b/include/ccf/service/tables/tcb_verification.h index d1ca42b64ef..74b57730f9b 100644 --- a/include/ccf/service/tables/tcb_verification.h +++ b/include/ccf/service/tables/tcb_verification.h @@ -8,8 +8,7 @@ namespace ccf { - using SnpTcbVersionMap = - ServiceMap; + using SnpTcbVersionMap = ServiceMap; namespace Tables { diff --git a/src/node/quote.cpp b/src/node/quote.cpp index f70cf71fb9b..9383663710f 100644 --- a/src/node/quote.cpp +++ b/src/node/quote.cpp @@ -276,16 +276,19 @@ namespace ccf } std::optional min_tcb_opt = std::nullopt; - + auto h = tx.ro(Tables::SNP_TCB_VERSIONS); - // expensive but there should not be many entries in this table only one per cpu - h->foreach([&min_tcb_opt, &attestation](const pal::snp::CPUID& cpuid, const pal::snp::TcbVersion& v) { - if (cpuid.get_family_id() == attestation.cpuid_fam_id && - cpuid.get_model_id() == attestation.cpuid_mod_id && - cpuid.stepping == attestation.cpuid_step) { + // expensive but there should not be many entries + h->foreach([&min_tcb_opt, &attestation]( + const pal::snp::CPUID& cpuid, const pal::snp::TcbVersion& v) { + if ( + cpuid.get_family_id() == attestation.cpuid_fam_id && + cpuid.get_model_id() == attestation.cpuid_mod_id && + cpuid.stepping == attestation.cpuid_step) + { min_tcb_opt = v; return false; - } + } return true; }); diff --git a/src/node/rpc/node_frontend.h b/src/node/rpc/node_frontend.h index b345a843987..670f2d3f86f 100644 --- a/src/node/rpc/node_frontend.h +++ b/src/node/rpc/node_frontend.h @@ -1640,7 +1640,6 @@ namespace ccf break; InternalTablesAccess::trust_static_snp_tcb_version(ctx.tx); - } case QuoteFormat::amd_sev_snp_v1: diff --git a/src/pal/quote_generation.h b/src/pal/quote_generation.h index e81736e51ac..f5a7aa6ce06 100644 --- a/src/pal/quote_generation.h +++ b/src/pal/quote_generation.h @@ -3,8 +3,8 @@ #pragma once #include "ccf/crypto/hash_provider.h" -#include "ds/files.h" #include "ccf/pal/attestation.h" +#include "ds/files.h" #include #include diff --git a/src/service/internal_tables_access.h b/src/service/internal_tables_access.h index 9c2437c3f83..5c9dd6884be 100644 --- a/src/service/internal_tables_access.h +++ b/src/service/internal_tables_access.h @@ -827,13 +827,14 @@ namespace ccf { auto h = tx.wo(Tables::SNP_TCB_VERSIONS); - constexpr pal::snp::CPUID milan_chip_id {.stepping = 0x1, - .base_model = 0x1, - .base_family = 0xF, - .reserved = 0, - .extended_model = 0x0, - .extended_family = 0x0A, - .reserved2 = 0}; + constexpr pal::snp::CPUID milan_chip_id{ + .stepping = 0x1, + .base_model = 0x1, + .base_family = 0xF, + .reserved = 0, + .extended_model = 0x0, + .extended_family = 0x0A, + .reserved2 = 0}; constexpr pal::snp::TcbVersion milan_tcb_version = { .boot_loader = 0, .tee = 0, @@ -842,13 +843,14 @@ namespace ccf .microcode = 0xDB}; h->put(milan_chip_id, milan_tcb_version); - constexpr pal::snp::CPUID milan_x_chip_id {.stepping = 0x2, - .base_model = 0x1, - .base_family = 0xF, - .reserved = 0, - .extended_model = 0x0, - .extended_family = 0x0A, - .reserved2 = 0}; + constexpr pal::snp::CPUID milan_x_chip_id{ + .stepping = 0x2, + .base_model = 0x1, + .base_family = 0xF, + .reserved = 0, + .extended_model = 0x0, + .extended_family = 0x0A, + .reserved2 = 0}; constexpr pal::snp::TcbVersion milan_x_tcb_version = { .boot_loader = 0, .tee = 0, @@ -857,13 +859,14 @@ namespace ccf .microcode = 0x44}; h->put(milan_x_chip_id, milan_x_tcb_version); - constexpr pal::snp::CPUID genoa_chip_id {.stepping = 0x1, - .base_model = 0x1, - .base_family = 0xF, - .reserved = 0, - .extended_model = 0x1, - .extended_family = 0x0A, - .reserved2 = 0}; + constexpr pal::snp::CPUID genoa_chip_id{ + .stepping = 0x1, + .base_model = 0x1, + .base_family = 0xF, + .reserved = 0, + .extended_model = 0x1, + .extended_family = 0x0A, + .reserved2 = 0}; constexpr pal::snp::TcbVersion genoa_tcb_version = { .boot_loader = 0, .tee = 0, @@ -872,13 +875,14 @@ namespace ccf .microcode = 0x54}; h->put(genoa_chip_id, genoa_tcb_version); - constexpr pal::snp::CPUID genoa_x_chip_id {.stepping = 0x2, - .base_model = 0x1, - .base_family = 0xF, - .reserved = 0, - .extended_model = 0x1, - .extended_family = 0x0A, - .reserved2 = 0}; + constexpr pal::snp::CPUID genoa_x_chip_id{ + .stepping = 0x2, + .base_model = 0x1, + .base_family = 0xF, + .reserved = 0, + .extended_model = 0x1, + .extended_family = 0x0A, + .reserved2 = 0}; constexpr pal::snp::TcbVersion genoa_x_tcb_version = { .boot_loader = 0, .tee = 0, @@ -891,7 +895,7 @@ namespace ccf static void trust_node_snp_tcb_version( ccf::kv::Tx& tx, pal::snp::Attestation& attestation) { - // Fall back to statically configured tcb versions + // Fall back to statically configured tcb versions auto cpuid = pal::snp::get_cpuid(); if (attestation.version < pal::snp::MIN_TCB_VERIF_VERSION) { @@ -906,7 +910,11 @@ namespace ccf cpuid->stepping != attestation.cpuid_step) { LOG_FAIL_FMT( - "Snp cpuid does not match attestation cpuid ({} != {}, {}, {})", cpuid->hex_str(), attestation.cpuid_fam_id, attestation.cpuid_mod_id, attestation.cpuid_step); + "Snp cpuid does not match attestation cpuid ({} != {}, {}, {})", + cpuid->hex_str(), + attestation.cpuid_fam_id, + attestation.cpuid_mod_id, + attestation.cpuid_step); trust_static_snp_tcb_version(tx); return; }