MigTD: handle target TD without SERVTD_EXT#759
Draft
haitaohuang wants to merge 1 commit intointel:mainfrom
Draft
MigTD: handle target TD without SERVTD_EXT#759haitaohuang wants to merge 1 commit intointel:mainfrom
haitaohuang wants to merge 1 commit intointel:mainfrom
Conversation
On platforms with rebind support but no support or TD opts out for SERVTD_EXT, TDG.servtd.rd on the SERVTD_EXT fields in TDCS of a target TD would return zeros. This change reads TDCS.ATTRIBUTES to check bit 17 and makes SERVTD_EXT optional throughout the rebinding flow: - read_servtd_ext() reads TDCS.ATTRIBUTES via tdcall_servtd_rd and returns None when SERVTDEXT bit is not set - write_approved_servtd_ext_hash() accepts Option and is a no-op when None - Certificate generation/verification: servtd_ext extension is conditionally included and tolerated when missing - Policy verification (authenticate_rebinding_old) skips init report verification entirely when servtd_ext is unavailable, since the init TD report cannot be verified without servtd_info_hash - SPDM VDM messages send zero-length servtd_ext element when not available; receiver handles it gracefully - All TDCS write operations (write_servtd_rebind_attr, write_approved_servtd_ext_hash) are skipped when servtd_ext is None Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Haitao Huang <haitaohuang@microsoft.com>
Contributor
Author
|
make it draft as plans may change |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On platforms with rebind support but no support or TD opts out for SERVTD_EXT, TDG.servtd.rd on the SERVTD_EXT fields in TDCS of a target TD would return zeros. This change reads TDCS.ATTRIBUTES to check bit 17 and makes SERVTD_EXT optional throughout the rebinding flow: