Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libtdxattest : quote generation fails with vsock method #252

Closed
hector-cao opened this issue Oct 23, 2024 · 2 comments · Fixed by #253
Closed

libtdxattest : quote generation fails with vsock method #252

hector-cao opened this issue Oct 23, 2024 · 2 comments · Fixed by #253
Assignees

Comments

@hector-cao
Copy link
Collaborator

Describe the bug

From the guest, the quote can be requested via 2 methods:

  • vsock: connect to QGS service on the host through vsock
  • tsm: ask guest kernel do do that (through configfs tsm) and the kernel will connect to
    the QGS (with provided vsock address in qemu commandline)

image

If we misconfigured the QGS address for the tsm method, we still expect the quote generation to succeed because
tdxattest lib will use the vsock method

This is not the actual behavior because the quote generation fails actually.

To Reproduce

  • Run the guest with wrong QGS address configuration :
    qemu-system-x86 ... -object '{"qom-type":"tdx-guest","id":"tdx","quote-generation-socket":{"type": "vsock", "cid":"222","port":"4050"}}'
    

Here we set the dest CID=222 and the expected value is 2.

  • From the guest, try to request the quote generation
/usr/share/doc/libtdx-attest-dev/examples/test_tdx_attest

The quote generation will fail

Expected behavior

The quote generation should succeed

System report

N/A

@hector-cao hector-cao self-assigned this Oct 23, 2024
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-1410.

This message was autogenerated

hector-cao added a commit that referenced this issue Oct 23, 2024
this test will contribute to verify the issue #252

additionnal changes:
 - enable the function enable_quote_socket to enable_qgs_addr
   to better match what it does, add an argument to allow
   the customization of the QGS address
hector-cao added a commit that referenced this issue Oct 24, 2024
this test will contribute to verify the issue #252

additionnal changes:
 - enable the function enable_quote_socket to enable_qgs_addr
   to better match what it does, add an argument to allow
   the customization of the QGS address
@hector-cao
Copy link
Collaborator Author

This issue has been fixed with the version sgx-dcap - 1.21-0ubuntu2.2 of DCAP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant