From 0f363b70646d0dbf160120bbc29029e2376ffa9d Mon Sep 17 00:00:00 2001 From: Chris Oo Date: Tue, 11 Nov 2025 15:21:42 -0800 Subject: [PATCH 1/2] igvm_defs: introduce corim measurement header --- igvm_defs/src/lib.rs | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/igvm_defs/src/lib.rs b/igvm_defs/src/lib.rs index 7d11fd2..648aa3a 100644 --- a/igvm_defs/src/lib.rs +++ b/igvm_defs/src/lib.rs @@ -341,6 +341,10 @@ pub enum IgvmVariableHeaderType { /// specified by a structure of type [`IGVM_VHS_PARAMETER`]. #[cfg_attr(docsrs, doc(cfg(feature = "unstable")))] IGVM_VHT_ENVIRONMENT_INFO_PARAMETER = 0x313, + /// A Corim measurement structure described by [`IGVM_VHS_CORIM_MEASUREMENT`]. + /// FIXME: should this be an init header to be early in the file? + #[cfg_attr(docsrs, doc(cfg(feature = "unstable")))] + IGVM_VHT_CORIM_MEASUREMENT = 0x314, } /// The range of header types for platform structures. @@ -1237,3 +1241,29 @@ pub enum VbsSigningAlgorithm { /// ECDSA P384. ECDSA_P384 = 0x1, } + +/// A structure defining a CoRIM measurement payload for a given platform. +/// +/// The payload described by this header is a COSE_Sign1 structure described in +/// section 4.2 in RFC https://datatracker.ietf.org/doc/draft-ietf-rats-corim/, which is a COSE_Sign1 structure with a CBOR corim payload. +/// +/// The CoRIM payload must adhere to the following specifications for each platform: +/// +/// | Platform | Specification | +/// |----------|---------------| +/// | Intel TDX | TBD | +/// | VBS | TBD | +/// | AMD SEV-SNP | TBD | +/// | ARM CCA | TBD | +#[repr(C)] +#[derive(Copy, Clone, Debug, IntoBytes, Immutable, KnownLayout, FromBytes)] +struct IGVM_VHS_CORIM_MEASUREMENT { + /// Compatibility mask. + pub compatibility_mask: u32, + /// File offset for the CoRIM measurement payload. + pub file_offset: u32, + /// Size in bytes of the CoRIM measurement payload. + pub size_bytes: u32, + /// Reserved. + pub reserved: u32, +} From 208a0823d76d7f28023035dc836722e713b5951c Mon Sep 17 00:00:00 2001 From: Chris Oo Date: Wed, 12 Nov 2025 15:34:04 -0800 Subject: [PATCH 2/2] split corim measurement and payload --- igvm_defs/src/lib.rs | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/igvm_defs/src/lib.rs b/igvm_defs/src/lib.rs index 648aa3a..8898973 100644 --- a/igvm_defs/src/lib.rs +++ b/igvm_defs/src/lib.rs @@ -345,6 +345,10 @@ pub enum IgvmVariableHeaderType { /// FIXME: should this be an init header to be early in the file? #[cfg_attr(docsrs, doc(cfg(feature = "unstable")))] IGVM_VHT_CORIM_MEASUREMENT = 0x314, + /// A Corim signature structure described by [`IGVM_VHS_CORIM_SIGNATURE`]. + /// FIXME: should this be an init header to be early in the file? + #[cfg_attr(docsrs, doc(cfg(feature = "unstable")))] + IGVM_VHT_CORIM_SIGNATURE = 0x315, } /// The range of header types for platform structures. @@ -1242,12 +1246,15 @@ pub enum VbsSigningAlgorithm { ECDSA_P384 = 0x1, } -/// A structure defining a CoRIM measurement payload for a given platform. +/// A structure defining a CoRIM CBOR payload for a given platform. TODO: rename +/// to remove measurement? /// -/// The payload described by this header is a COSE_Sign1 structure described in -/// section 4.2 in RFC https://datatracker.ietf.org/doc/draft-ietf-rats-corim/, which is a COSE_Sign1 structure with a CBOR corim payload. +/// The payload described by this header is a CBOR CoRIM payload. There may only +/// be one for a given platform. There may be an associated COSE_Sign1 structure +/// wrapping this payload, see [`IGVM_VHS_CORIM_SIGNATURE`]. /// -/// The CoRIM payload must adhere to the following specifications for each platform: +/// The CoRIM payload must adhere to the following specifications for each +/// platform: /// /// | Platform | Specification | /// |----------|---------------| @@ -1260,9 +1267,34 @@ pub enum VbsSigningAlgorithm { struct IGVM_VHS_CORIM_MEASUREMENT { /// Compatibility mask. pub compatibility_mask: u32, - /// File offset for the CoRIM measurement payload. + /// File offset for the CoRIM CBOR payload. + pub file_offset: u32, + /// Size in bytes of the CoRIM CBOR payload. + pub size_bytes: u32, + /// Reserved. + pub reserved: u32, +} + +/// This is a signed COSE_Sign1 structure wrapping a CoRIM CBOR payload for a +/// given platform. The payload measured by this CBOR is described the +/// corresponding [`IGVM_VHS_CORIM_MEASUREMENT`] structure. There cannot be this +/// structure without that one. +/// +/// Note that a user may choose to create a single CBOR containing this +/// COSE_Sign1 with the payload filled in by the other corim measurement +/// structure. +/// +/// The payload described by this header is a COSE_Sign1 structure described in +/// section 4.2 in RFC https://datatracker.ietf.org/doc/draft-ietf-rats-corim/, +/// which is a COSE_Sign1 structure with a CBOR corim payload. +#[repr(C)] +#[derive(Copy, Clone, Debug, IntoBytes, Immutable, KnownLayout, FromBytes)] +struct IGVM_VHS_CORIM_SIGNATURE { + /// Compatibility mask. + pub compatibility_mask: u32, + /// File offset for the COSE_Sign1 measurement payload. pub file_offset: u32, - /// Size in bytes of the CoRIM measurement payload. + /// Size in bytes of the COSE_Sign1 measurement payload. pub size_bytes: u32, /// Reserved. pub reserved: u32,