microsoft · cjen1-msft · Feb 18, 2025 · Feb 21, 2025 · Feb 21, 2025 · Feb 21, 2025
@@ -1,5 +1,5 @@
-  ___         ___    ___         \/
- (. =)     Y (0 0)  (x X)    Y  (vv) 
-   O     \     o      |    /     |
+  ___         ___    ___         \_/
+ (. =)     Y (0 0)  (x X)    Y  (___) 
+   O     \     o      |    /      |
 /-xXx--//-----x=x--/-xXx--/---x-/--->>>--/
 ...
@@ -2,7 +2,8 @@
     "configurations": [
         {
             "name": "Linux",
-            "compileCommands": "${workspaceFolder}/build/compile_commands.json"
+            "compileCommands": "${workspaceFolder}/build/compile_commands.json",
+            "includePath": ["${workspaceFolder}/include", "${workspaceFolder}/src"]
         }
     ],
     "version": 4

@@ -4,6 +4,7 @@
 
 #include "ccf/ccf_deprecated.h"
 #include "ccf/ds/quote_info.h"
+#include "ccf/pal/attestation_sev_snp.h"
 #include "ccf/pal/measurement.h"
 #include "ccf/service/tables/host_data.h"
 #include "ccf/tx.h"
@@ -22,6 +23,8 @@ namespace ccf
     FailedInvalidHostData,
     FailedInvalidQuotedPublicKey,
     FailedUVMEndorsementsNotFound,
+    FailedInvalidCPUID,
+    FailedInvalidTcbVersion
   };
 
   class AttestationProvider
@@ -35,10 +38,16 @@ namespace ccf
 
     static std::optional<HostData> get_host_data(const QuoteInfo& quote_info);
 
+    static std::optional<pal::snp::Attestation> get_snp_attestation(
+      const QuoteInfo& quote_info);
+
     static QuoteVerificationResult verify_quote_against_store(
       ccf::kv::ReadOnlyTx& tx,
       const QuoteInfo& quote_info,
       const std::vector<uint8_t>& expected_node_public_key_der,
       pal::PlatformAttestationMeasurement& measurement);
   };
+  QuoteVerificationResult verify_tcb_version_against_store(
+    ccf::kv::ReadOnlyTx& tx, const QuoteInfo& quote_info);
+
 }
@@ -52,6 +52,8 @@ QPHfbkH0CyPfhl1jWhJFZasCAwEAAQ==
   static_assert(
     sizeof(TcbVersion) == sizeof(uint64_t),
     "Can't cast TcbVersion to uint64_t");
+  DECLARE_JSON_TYPE(TcbVersion);
+  DECLARE_JSON_REQUIRED_FIELDS(TcbVersion, boot_loader, tee, snp, microcode);
 
 #pragma pack(push, 1)
   struct Signature
@@ -141,7 +143,10 @@ QPHfbkH0CyPfhl1jWhJFZasCAwEAAQ==
     uint8_t report_id[32]; /* 0x140 */
     uint8_t report_id_ma[32]; /* 0x160 */
     struct TcbVersion reported_tcb; /* 0x180 */
-    uint8_t reserved1[24]; /* 0x188 */
+    uint8_t cpuid_fam_id; /* 0x188*/
+    uint8_t cpuid_mod_id; /* 0x189 */
+    uint8_t cpuid_step; /* 0x18A */
+    uint8_t reserved1[21]; /* 0x18B */
     uint8_t chip_id[64]; /* 0x1A0 */
     struct TcbVersion committed_tcb; /* 0x1E0 */
     uint8_t current_minor; /* 0x1E8 */
@@ -261,4 +266,85 @@ QPHfbkH0CyPfhl1jWhJFZasCAwEAAQ==
 
     virtual ~AttestationInterface() = default;
   };
+
+  static uint8_t MIN_TCB_VERIF_VERSION = 3;
+#pragma pack(push, 1)
+  struct CPUID
+  {
+    uint8_t stepping : 4;
+    uint8_t base_model : 4;
+    uint8_t base_family : 4;
+    uint8_t reserved : 4;
+    uint8_t extended_model : 4;
+    uint8_t extended_family : 8;
+    uint8_t reserved2 : 4;
+
+    bool operator==(const CPUID&) const = default;
+    std::string hex_str() const
+    {
+      CPUID buf = *this;
+      auto buf_ptr = reinterpret_cast<uint8_t*>(&buf);
+      std::reverse(buf_ptr, buf_ptr + sizeof(CPUID));
+      return ccf::ds::to_hex(buf_ptr, buf_ptr + sizeof(CPUID));
+    }
+    inline uint8_t get_family_id() const
+    {
+      return this->base_family + this->extended_family;
+    }
+    inline uint8_t get_model_id() const
+    {
+      return (this->extended_model << 4) | this->base_model;
+    }
+  };
+#pragma pack(pop)
+  DECLARE_JSON_TYPE(CPUID);
+  DECLARE_JSON_REQUIRED_FIELDS(
+    CPUID, stepping, base_model, base_family, extended_model, extended_family);
+  static_assert(
+    sizeof(CPUID) == sizeof(uint32_t), "Can't cast CPUID to uint32_t");
+  static CPUID cpuid_from_hex(const std::string& hex_str)
+  {
+    CPUID ret;
+    auto buf_ptr = reinterpret_cast<uint8_t*>(&ret);
+    ccf::ds::from_hex(
+      hex_str, buf_ptr, buf_ptr + sizeof(CPUID));
+    std::reverse(buf_ptr, buf_ptr + sizeof(CPUID)); //fix little endianness of AMD
+    return ret;
+  }
+
+  static CPUID get_cpuid()
+  {
+    uint32_t ieax = 1;
+    uint64_t iebx = 0;
+    uint64_t iecx = 0;
+    uint64_t iedx = 0;
+    uint32_t oeax = 0;
+    uint64_t oebx = 0;
+    uint64_t oecx = 0;
+    uint64_t oedx = 0;
+    // pass in e{b,c,d}x to prevent cpuid from blatting other registers
+    asm volatile("cpuid" : "=a"(oeax), "=b"(oebx), "=c"(oecx), "=d"(oedx): "a"(ieax), "b"(iebx), "c"(iecx), "d"(iedx));
+    auto cpuid =  *reinterpret_cast<CPUID*>(&oeax);
+    return cpuid;
+  }
 }
+
+namespace ccf::kv::serialisers
+{
+  // Use hex string to ensure uniformity between the endpoint perspective and
+  // the kv's key
+  template <>
+  struct BlitSerialiser<ccf::pal::snp::CPUID>
+  {
+    static SerialisedEntry to_serialised(const ccf::pal::snp::CPUID& chip)
+    {
+      auto hex_str = chip.hex_str();
+      return SerialisedEntry(hex_str.begin(), hex_str.end());
+    }
+
+    static ccf::pal::snp::CPUID from_serialised(const SerialisedEntry& data)
+    {
+      return ccf::pal::snp::cpuid_from_hex(std::string(data.data(), data.end()));
+    }
+  };
+}
@@ -2,6 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/logger.h"
 #include "ccf/pal/attestation_sev_snp.h"
 
 #include <fcntl.h>

@@ -2,6 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
+#include "ccf/ds/logger.h"
 #include "ccf/pal/attestation_sev_snp.h"
 
 #include <algorithm>

@@ -0,0 +1,18 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include "ccf/ds/json.h"
+#include "ccf/pal/attestation_sev_snp.h"
+#include "ccf/service/map.h"
+
+namespace ccf
+{
+  using SnpTcbVersionMap = ServiceMap<std::string, pal::snp::TcbVersion>;
+
+  namespace Tables
+  {
+    static constexpr auto SNP_TCB_VERSIONS =
+      "public:ccf.gov.nodes.snp.tcb_versions";
+  }
+}
@@ -789,6 +789,9 @@ export interface SnpAttestationResult {
     report_id: ArrayBuffer;
     report_id_ma: ArrayBuffer;
     reported_tcb: TcbVersion;
+    cpuid_fam_id: number;
+    cpuid_mod_id: number;
+    cpuid_step: number;
     chip_id: ArrayBuffer;
     committed_tcb: TcbVersion;
     current_minor: number;

@@ -1096,6 +1096,37 @@ const actions = new Map([
       },
     ),
   ],
+  [
+    "add_snp_tcb_version",
+    new Action(
+      function (args) {
+        checkType(args.cpuid, "string", "cpuid");
+        checkLength(ccf.strToBuf(args.cpuid), 8, 8, "cpuid");
+
+        checkType(args.tcb_version, "object", "tcb_version");
+        checkType(
+          args.tcb_version?.boot_loader,
+          "number",
+          "tcb_version.boot_loader",
+        );
+        checkType(args.tcb_version?.tee, "number", "tcb_version.tee");
+        checkType(args.tcb_version?.snp, "number", "tcb_version.snp");
+        checkType(
+          args.tcb_version?.microcode,
+          "number",
+          "tcb_version.microcode",
+        );
+      },
+      function (args, proposalId) {
+        ccf.kv["public:ccf.gov.nodes.snp.tcb_versions"].set(
+          ccf.strToBuf(args.cpuid),
+          ccf.jsonCompatibleToBuf(args.tcb_version),
+        );
+
+        invalidateOtherOpenProposals(proposalId);
+      },
+    ),
+  ],
   [
     "remove_snp_host_data",
     new Action(
@@ -1151,6 +1182,23 @@ const actions = new Map([
       },
     ),
   ],
+  [
+    "remove_snp_tcb_version",
+    new Action(
+      function (args) {
+        checkType(args.cpuid, "string", "cpuid");
+        checkLength(ccf.strToBuf(args.cpuid), 8, 8, "cpuid");
+      },
+      function (args) {
+        const cpuid = ccf.strToBuf(args.cpuid);
+        if ( ccf.kv["public:ccf.gov.nodes.snp.tcb_versions"].has(cpuid)) {
+          ccf.kv["public:ccf.gov.nodes.snp.tcb_versions"].delete(cpuid);
+        } else {
+          throw new Error("CPUID not found");
+        }
+      },
+    ),
+  ],
   [
     "set_node_data",
     new Action(

@@ -7,10 +7,12 @@
 #include "ccf/js/extensions/ccf/converters.h"
 
 #include "ccf/js/core/context.h"
+#include "ccf/pal/attestation_sev_snp.h"
 #include "ccf/version.h"
 #include "js/checks.h"
 #include "node/rpc/jwt_management.h"
 
+#include <nlohmann/json.hpp>
 #include <quickjs/quickjs.h>
 
 namespace ccf::js::extensions
@@ -217,5 +219,6 @@ namespace ccf::js::extensions
       ctx.new_c_function(js_enable_metrics_logging, "enableMetricsLogging", 1));
 
     ccf.set("pemToId", ctx.new_c_function(js_pem_to_id, "pemToId", 1));
+
   }
 }
@@ -214,6 +214,10 @@ namespace ccf::js::extensions
     JS_CHECK_EXC(reported_tcb);
     JS_CHECK_SET(a.set("reported_tcb", std::move(reported_tcb)));
 
+    JS_CHECK_SET(a.set_uint32("cpuid_fam_id", attestation.cpuid_fam_id));
+    JS_CHECK_SET(a.set_uint32("cpuid_mod_id", attestation.cpuid_mod_id));
+    JS_CHECK_SET(a.set_uint32("cpuid_step", attestation.cpuid_step));
+
     auto attestation_chip_id = jsctx.new_array_buffer_copy(attestation.chip_id);
     JS_CHECK_EXC(attestation_chip_id);
     JS_CHECK_SET(a.set("chip_id", std::move(attestation_chip_id)));

@@ -615,6 +615,20 @@ namespace ccf::gov::endpoints
               });
             snp_policy["uvmEndorsements"] = snp_endorsements;
 
+            auto snp_tcb_versions = nlohmann::json::object();
+            auto tcb_versions_handle =
+              ctx.tx.template ro<ccf::SnpTcbVersionMap>(
+                ccf::Tables::SNP_TCB_VERSIONS);
+
+            tcb_versions_handle->foreach(
+              [&snp_tcb_versions](
+                const std::string& cpuid,
+                const pal::snp::TcbVersion& tcb_version) {
+                snp_tcb_versions[cpuid] = tcb_version;
+                return true;
+              });
+            snp_policy["tcbVersions"] = snp_tcb_versions;
+
             response_body["snp"] = snp_policy;
           }