Get auxblob for SEV-SNP only in TSM attester

Intel TDX does not use auxblob currently. Query the TSM report twice,
for SEV-SNP, one to get the provider and outblob, and the other to fetch
the auxblob.

Signed-off-by: Ian Chin Wang <[email protected]>

Author: cowbon

attesters/tsm/tsm.go

@@ -95,7 +95,7 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 		if in.ContentType == format.ContentType {
 			req := &report.Request{
 				InBlob:     in.Nonce,
-				GetAuxBlob: true,
+				GetAuxBlob: false,
 			}
 
 			options := make(map[string]string)
@@ -135,6 +135,17 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 				AuxBlob:  resp.AuxBlob,
 			}
 
+			// SEV-SNP stores cert table in auxblob. Get the report one more time to fetch the auxblob
+			if resp.Provider == "sev_guest" {
+				req.GetAuxBlob = true
+				resp, err := report.Get(client, req)
+				if err != nil {
+					errMsg := fmt.Errorf("failed to get TSM report: %v", err)
+					return getEvidenceError(errMsg)
+				}
+				out.AuxBlob = resp.AuxBlob
+			}
+
 			var encodeOp func() ([]byte, error)
 			encodeAs := "JSON"