tdx-attester: strip CCEL before adding it to the evidence

[mythi]

tdx-attester encodes and sends the full 64K CCEL blob as part of the evidence but only a small part of it contains relevant eventlog data. The evidence creation/processing can be optimized by stripping any unset values

[Xynnn007]

It might be a trade-off. CCEL maps to a region of memory and most part of them would be 0x00. If we want to decrease the size of transferred data/network loads, we could use some compression before transfer, but this would bring some extra work for calculation/cpu loads.

[mythi]

True, I wish the kernel offered better interface for this, similar to TPM bios_binary_measurements. The added value for sanitizing/stripping it properly would be to get it compatible with existing tooling:

# ./tcglog-dump -v /sys/firmware/acpi/tables/data/CCEL 
cannot read log: log entry has an out-of-range PCR index (4294967295)
# xxd -c2  /sys/firmware/acpi/tables/data/CCEL | grep -v ffff | xxd -r > /tmp/ccel.bin 
# ./tcglog-dump -v /tmp/ccel.bin 
PCR  DIGEST                                                                                            TYPE                              DETAILS
1                                                                                                      EV_NO_ACTION                      
1    0b8772e5b0b41b83e6044a68397e02f49fb47066b4fbe4917ea2c45c64f323fdacbb37948f821ebaf8bc9c938ba8a749  EV_EFI_HANDOFF_TABLES2            
1    f87302177b059d54a2cf0c5f13340dbabf5c9dd60dc3f996c68b776fbe4de959769443a3d8ef6538b97d7e151c8298e8  EV_EFI_PLATFORM_FIRMWARE_BLOB2    
1    cfa4e2c606f572627bf06d5669cc2ab1128358d27b45bc63ee9ea56ec109cfafb7194006f847a6a74b5eaed6b73332ec  EV_EFI_VARIABLE_DRIVER_CONFIG     SecureBoot: 0
...

Compression would not work because some of the network hops would have to send it uncompressed anyways (e.g., KBS->AS).