intel · BuJianlin · Mar 25, 2024
diff --git a/utilities/tdx/tdx_ratls/Dockerfile b/utilities/tdx/tdx_ratls/Dockerfile
@@ -0,0 +1,132 @@
+#
+# Copyright (c) 2024 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BASE_IMAGE=ubuntu:22.04
+FROM ${BASE_IMAGE}
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV INSTALL_PREFIX=/usr/local
+ENV LD_LIBRARY_PATH=${INSTALL_PREFIX}/lib:${INSTALL_PREFIX}/lib/x86_64-linux-gnu:${LD_LIBRARY_PATH}
+ENV PATH=${INSTALL_PREFIX}/bin:${LD_LIBRARY_PATH}:${PATH}
+ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
+
+# Add steps here to set up dependencies
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends apt-utils \
+    && apt-get install -y \
+        ca-certificates \
+        build-essential \
+        autoconf \
+        libtool \
+        python3-pip \
+        python3-dev \
+        zlib1g-dev \
+        lsb-release \
+        wget \
+        unzip \
+        git \
+        vim \
+        jq
+
+RUN ln -s /usr/bin/python3 /usr/bin/python
+
+WORKDIR /opt/intel
+
+ENV DCAP_PKG_VERSION=1.19
+ENV DCAP_SDK_VERSION=2.22.100.3
+RUN wget https://download.01.org/intel-sgx/sgx-dcap/${DCAP_PKG_VERSION}/linux/distro/ubuntu22.04-server/sgx_debian_local_repo.tgz \
+    && wget https://download.01.org/intel-sgx/sgx-dcap/${DCAP_PKG_VERSION}/linux/distro/ubuntu22.04-server/sgx_linux_x64_sdk_${DCAP_SDK_VERSION}.bin \
+    && echo "deb [trusted=yes arch=amd64] file:/opt/intel/sgx_debian_local_repo $(lsb_release -sc) main" > /etc/apt/sources.list.d/sgx_debian_local_repo.list \
+    && tar -zxvf sgx_debian_local_repo.tgz \
+    && rm -rf sgx_debian_local_repo.tgz
+
+RUN apt-get update \
+    && apt-get install -y \
+        tdx-qgs \
+        sgx-ra-service \
+        libsgx-dcap-ql-dev \
+        libsgx-dcap-default-qpl-dev \
+        libsgx-enclave-common-dev \
+    && apt-get install -y \
+        libtdx-attest-dev \
+    && apt-get install -y \
+        libsgx-dcap-quote-verify-dev \
+        libsgx-ae-qve
+
+ENV DCAP_REPO_VERSION=DCAP_${DCAP_PKG_VERSION}
+RUN git clone https://github.com/intel/SGXDataCenterAttestationPrimitives.git \
+    && cd SGXDataCenterAttestationPrimitives \
+    && git checkout ${DCAP_REPO_VERSION}
+
+RUN chmod +x /opt/intel/sgx_linux_x64_sdk_${DCAP_SDK_VERSION}.bin \
+    && echo "no\n/opt/intel" | /opt/intel/sgx_linux_x64_sdk_${DCAP_SDK_VERSION}.bin \
+    && rm /opt/intel/sgx_linux_x64_sdk_${DCAP_SDK_VERSION}.bin
+ENV INTEL_SGXSDK_INCLUDE=/opt/intel/sgxsdk/include
+
+# cmake tool chain
+ARG CMAKE_VERSION=3.19.6
+RUN mkdir -p ${INSTALL_PREFIX} \
+    && wget -q -O cmake-linux.sh https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}-Linux-x86_64.sh \
+    && sh cmake-linux.sh -- --skip-license --prefix=${INSTALL_PREFIX} \
+    && rm cmake-linux.sh
+
+# GRPC src
+ENV GRPC_PATH=/grpc
+ENV GRPC_VERSION=v1.38.1
+RUN git clone --recurse-submodules -b ${GRPC_VERSION} https://github.com/grpc/grpc ${GRPC_PATH}
+RUN sed -i "s/std::max(SIGSTKSZ, 65536)/std::max<size_t>(SIGSTKSZ, 65536)/g" ${GRPC_PATH}/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc
+
+# cczoo src
+ENV CCZOO_PATH=/cczoo
+# https://github.com/intel/confidential-computing-zoo/commits/branch0.1/grpc-ra-tls
+ENV CCZOO_VERSION=051bbc9f4d6a0c9476341f33161e5775536f62b4
+RUN git clone https://github.com/intel/confidential-computing-zoo ${CCZOO_PATH} \
+    && cd ${CCZOO_PATH} \
+    && git checkout ${CCZOO_VERSION}
+RUN cd ${CCZOO_PATH}/cczoo/grpc-ra-tls/grpc \
+    && cp -r common/* ${GRPC_PATH} \
+    && cp -r v1.38.1/* ${GRPC_PATH}
+
+RUN pip3 install --no-cache-dir --upgrade pip \
+    && pip3 install --no-cache-dir -r ${GRPC_PATH}/requirements.txt \
+    && pip3 install --no-cache-dir cython==0.29.36
+
+# Build tdx_report_parser
+RUN cd ${CCZOO_PATH}/utilities/tdx/tdx_report_parser \
+    && make \
+    && cp tdx_report.out ${INSTALL_PREFIX}/bin/tdx_report_parser
+
+# Build grpc
+ENV SGX_RA_TLS_BACKEND=TDX
+ENV SGX_RA_TLS_SDK=DEFAULT
+ENV BUILD_TYPE=Release
+
+COPY patches ${GRPC_PATH}
+
+RUN cd ${GRPC_PATH} \
+    && git apply *.diff
+
+RUN cd ${GRPC_PATH}/examples/cpp/ratls \
+    && ./build.sh \
+    && cp ${GRPC_PATH}/dynamic_config.tdx.json ./build/dynamic_config.json
+
+COPY configs /
+
+# Workspace
+ENV WORK_SPACE_PATH=${GRPC_PATH}/examples/cpp/ratls/build
+WORKDIR ${WORK_SPACE_PATH}
+
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/bin/bash", "-c", "/entrypoint.sh"]
diff --git a/utilities/tdx/tdx_ratls/README.md b/utilities/tdx/tdx_ratls/README.md
@@ -0,0 +1,173 @@
+## Intel TDX RA-TLS Validation
+
+## Introduction
+
+This paper present a method to quickly verify the capability of TDX RA-TLS.
+In TDX TEE(TD-VM), the client generates and sends quotes to the remote server on the host side via the RA-TLS protocol.
+The server will verify quotes and measurements by accessing the PCCS service.
+
+## Get docker image
+
+- Build tdx-ratls docker image
+
+    ```
+    image_name=tdx-ratls:ubuntu22.04-dcap1.19-latest
+    base_image=ubuntu:22.04
+    ./build_docker_image.sh ${image_name} ${base_image}
+    ```
+
+- Or pull from registry
+
+    ```
+    docker pull intelcczoo/{image_name}
+    docker tag intelcczoo/${image_name} ${image_name}
+    ```
+
+## Start quick test
+
+1. Start server
+
+    ```
+    endpoint=0.0.0.0:18501
+    ./start_container.sh <pccs_ip_addr> ${endpoint} ${image_tag}
+    ```
+
+2. Start client container to get TDX mesurements
+
+    Start TDX TEE and run client container in TD-VM:
+
+    ```
+    endpoint=<remote server ip>:18501
+    ./start_container.sh <pccs_ip_addr> ${endpoint} ${image_tag}
+    ```
+
+    Get TDX mesurements from output:
+
+    ```
+    ...
+
+    TD info
+    attributes: 0x0000000010000000 (NO_DEBUG SEPT_VE_DISABLE)
+    xfam: 0x0000000000061ae7
+    mr_td: 53bb889497b94d99f006db2c9fa35b0504a0c19d52d16cbf780e5c5ed88be1dab3f4cba9224da0742865236d74e889a8
+    mr_config_id: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    mr_owner: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    mr_owner_config: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    rtmr0: ef723411793cfbe3239def9384ba05d0fa5c8fa5e1154df62729cc6d6eeb50005c14572637b2d664963950c79ab43a94
+    rtmr1: dbf0be1536a62a90a8a8222b55ef81f4b53046d8b96174120e1e2c5c26ff799b00f8d3be40815759f88990385dd3bbaa
+    rtmr2: cc76503e991ef1cab9610f1da4f78e87fb36b6b286942f5a67ed343686344bb8f105f9f5e0e7e9d4db8e3bb86a2796f5
+    rtmr3: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+    ...
+    ```
+
+3. Setup server's config file to verify client's measurements
+
+    Write client's measurements and options to `${WORK_SPACE_PATH}/dynamic_config.json` in server container.
+
+    ```
+    {
+        "verify_mr_seam" : "off",
+        "verify_mrsigner_seam" : "off",
+        "verify_mr_td" : "on",
+        "verify_mr_config_id" : "off",
+        "verify_mr_owner" : "off",
+        "verify_mr_owner_config" : "off",
+        "verify_rt_mr0" : "on",
+        "verify_rt_mr1" : "on",
+        "verify_rt_mr2" : "on",
+        "verify_rt_mr3" : "on",
+        "tdx_mrs": [
+            {
+                "mr_seam" : "",
+                "mrsigner_seam" : "",
+                "mr_td" : "53bb889497b94d99f006db2c9fa35b0504a0c19d52d16cbf780e5c5ed88be1dab3f4cba9224da0742865236d74e889a8",
+                "mr_config_id" : "",
+                "mr_owner" : "",
+                "mr_owner_config" : "",
+                "rt_mr0" : "ef723411793cfbe3239def9384ba05d0fa5c8fa5e1154df62729cc6d6eeb50005c14572637b2d664963950c79ab43a94",
+                "rt_mr1" : "dbf0be1536a62a90a8a8222b55ef81f4b53046d8b96174120e1e2c5c26ff799b00f8d3be40815759f88990385dd3bbaa",
+                "rt_mr2" : "cc76503e991ef1cab9610f1da4f78e87fb36b6b286942f5a67ed343686344bb8f105f9f5e0e7e9d4db8e3bb86a2796f5",
+                "rt_mr3" : "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+            }
+        ]
+    }
+    ```
+
+    Then restart server container.
+
+    ```
+    docker restart ratls-server
+    ```
+
+5. Start client to test TDX RA-TLS.
+
+    Start client:
+
+    ```
+    ./start_container.sh <pccs_ip_addr> ${endpoint} ${image_tag}
+    ```
+
+    Client output:
+
+    ```
+    Start client ...
+    Try to get TDX measurements ...
+
+    TD info
+    attributes: 0x0000000010000000 (NO_DEBUG SEPT_VE_DISABLE)
+    xfam: 0x0000000000061ae7
+    mr_td: 53bb889497b94d99f006db2c9fa35b0504a0c19d52d16cbf780e5c5ed88be1dab3f4cba9224da0742865236d74e889a8
+    mr_config_id: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    mr_owner: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    mr_owner_config: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    rtmr0: ef723411793cfbe3239def9384ba05d0fa5c8fa5e1154df62729cc6d6eeb50005c14572637b2d664963950c79ab43a94
+    rtmr1: dbf0be1536a62a90a8a8222b55ef81f4b53046d8b96174120e1e2c5c26ff799b00f8d3be40815759f88990385dd3bbaa
+    rtmr2: cc76503e991ef1cab9610f1da4f78e87fb36b6b286942f5a67ed343686344bb8f105f9f5e0e7e9d4db8e3bb86a2796f5
+    rtmr3: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+
+    load config json if need to verify remote endpoint.
+    {
+            "verify_mr_seam":       "off",
+            "verify_mrsigner_seam": "off",
+            "verify_mr_td": "on",
+            "verify_mr_config_id":  "off",
+            "verify_mr_owner":      "off",
+            "verify_mr_owner_config":       "off",
+            "verify_rt_mr0":        "on",
+            "verify_rt_mr1":        "on",
+            "verify_rt_mr2":        "on",
+            "verify_rt_mr3":        "off",
+            "tdx_mrs":      [{
+                            "mr_seam":      "",
+                            "mrsigner_seam":        "",
+                            "mr_td":        "",
+                            "mr_config_id": "",
+                            "mr_owner":     "",
+                            "mr_owner_config":      "",
+                            "rt_mr0":       "",
+                            "rt_mr1":       "",
+                            "rt_mr2":       "",
+                            "rt_mr3":       ""
+                    }]
+    }
+
+    Greeter received: hello a! hello b!
+    ```
+
+    Note: The `dynamic_config.json` is only worked in server side.
+
+    Server output:
+
+    ```
+    Info: tdx_qv_get_quote_supplemental_data_size successfully returned.
+    Info: App: tdx_qv_verify_quote successfully returned.
+    Info: App: Verification completed successfully.
+    remote attestation
+    |- mr_td          :  53bb889497b94d99f006db2c9fa35b0504a0c19d52d16cbf780e5c5ed88be1dab3f4cba9224da0742865236d74e889a8
+    |- rt_mr0         :  ef723411793cfbe3239def9384ba05d0fa5c8fa5e1154df62729cc6d6eeb50005c14572637b2d664963950c79ab43a94
+    |- rt_mr1         :  dbf0be1536a62a90a8a8222b55ef81f4b53046d8b96174120e1e2c5c26ff799b00f8d3be40815759f88990385dd3bbaa
+    |- rt_mr2         :  cc76503e991ef1cab9610f1da4f78e87fb36b6b286942f5a67ed343686344bb8f105f9f5e0e7e9d4db8e3bb86a2796f5
+    |- rt_mr3         :  000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    |- verify result  :  success
+    ```
diff --git a/utilities/tdx/tdx_ratls/build_docker_image.sh b/utilities/tdx/tdx_ratls/build_docker_image.sh
@@ -0,0 +1,57 @@
+#
+# Copyright (c) 2024 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/bin/bash
+set -e
+
+if  [ ! -n "$1" ] ; then
+    image_tag=tdx-ratls:ubuntu22.04-dcap1.19-latest
+else
+    image_tag=$2
+fi
+
+if  [ ! -n "$2" ] ; then
+    base_image=ubuntu:22.04
+else
+    base_image=$1
+fi
+
+if  [ ! -n "$3" ] ; then
+    docker_file=Dockerfile
+else
+    docker_file=$3
+fi
+
+# Use the host proxy as the default configuration, or specify a proxy_server
+# no_proxy="localhost,127.0.0.1"
+# proxy_server="" # your http proxy server
+
+if [ "$proxy_server" != "" ]; then
+    http_proxy=${proxy_server}
+    https_proxy=${proxy_server}
+fi
+
+cd `dirname $0`
+
+docker build \
+    --build-arg no_proxy=${no_proxy} \
+    --build-arg http_proxy=${http_proxy} \
+    --build-arg https_proxy=${https_proxy} \
+    --build-arg BASE_IMAGE=${base_image} \
+    -f ${docker_file} \
+    -t ${image_tag} \
+    .
+
+cd -
diff --git a/utilities/tdx/tdx_ratls/configs/entrypoint.sh b/utilities/tdx/tdx_ratls/configs/entrypoint.sh
@@ -0,0 +1,29 @@
+#
+# Copyright (c) 2024 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#!/bin/bash
+set -e
+
+echo "Try to get TDX measurements ..."
+
+tdx_report_parser || (echo "Not detected TDX TEE.")
+
+cd ${WORK_SPACE_PATH}
+
+if [ "${ROLE}" = "client" ];then
+    ./client -host=${ENDPOINT}
+else
+    ./server -host=${ENDPOINT}
+fi