Merge pull request #38 from osteffenrh/svsm-fixups

SVSM Mode fixes

Makefile

@@ -4,7 +4,7 @@ test:
 	python3 -m unittest discover --verbose tests/
 
 lint:
-	flake8 . --count --max-complexity=10 --max-line-length=127 --statistics
+	flake8 . --count --statistics
 
 typecheck:
 	mypy .

README.md

@@ -32,9 +32,10 @@ $ sev-snp-measure --help
 usage: sev-snp-measure [-h] [--version] [-v] --mode {sev,seves,snp,snp:ovmf-hash,snp:svsm}
                        [--vcpus N] [--vcpu-type CPUTYPE] [--vcpu-sig VALUE] [--vcpu-family FAMILY]
                        [--vcpu-model MODEL] [--vcpu-stepping STEPPING] [--vmm-type VMMTYPE] --ovmf
-                       PATH [--kernel PATH] [--initrd PATH] [--append CMDLINE] [--guest-features VALUE]
-                       [--output-format {hex,base64}] [--snp-ovmf-hash HASH] [--dump-vmsa]
-                       [--vars-size VARS_SIZE] [--svsm SVSM]
+                       PATH [--kernel PATH] [--initrd PATH] [--append CMDLINE]
+                       [--guest-features VALUE] [--output-format {hex,base64}]
+                       [--snp-ovmf-hash HASH] [--dump-vmsa] [--svsm PATH]
+                       [--vars-size SIZE | --vars-file PATH]
 
 Calculate AMD SEV/SEV-ES/SEV-SNP guest launch measurement
 
@@ -58,22 +59,42 @@ options:
   --kernel PATH         Kernel file to calculate hash from
   --initrd PATH         Initrd file to calculate hash from (use with --kernel)
   --append CMDLINE      Kernel command line to calculate hash from (use with --kernel)
-
-
-  --guest-features      Hex representation of the guest kernel features expected to be included (defaults to 0x21); see README.md for possible values.
+  --guest-features VALUE
+                        Hex representation of the guest kernel features expected to be included
+                        (defaults to 0x21); see README.md for possible values
   --output-format {hex,base64}
                         Measurement output format
   --snp-ovmf-hash HASH  Precalculated hash of the OVMF binary (hex string)
   --dump-vmsa           Write measured VMSAs to vmsa<N>.bin (seves, snp, and snp:svsm modes only)
-  --vars-size VARS_SIZE
-                        OVMF_VARS size in bytes (snp:svsm mode only)
-  --svsm SVSM           SVSM binary (snp:svsm mode only)
+
+snp:svsm Mode:
+  AMD SEV-SNP with Coconut-SVSM. This mode additionally requires --svsm and either --vars-file
+  or --vars-size to be set.
+
+  --svsm PATH           SVSM binary
+  --vars-size SIZE      Size of the OVMF_VARS file in bytes (conflicts with --vars-file)
+  --vars-file PATH      OVMF_VARS file (conflicts with --vars-size)
+```
+
+### Example: SNP mode
+
+```
+$ sev-snp-measure --mode snp --vcpus=1 --vcpu-type=EPYC-v4 --ovmf=OVMF.fd --kernel=vmlinuz --initrd=initrd.img --append="console=ttyS0 loglevel=7"
+1c8bf2f320add50cb22ca824c17f3fa51a7a4296a4a3113698c2e31b50c2dcfa7e36dea3ebc3a9411061c30acffc6d5a
 ```
 
-For example:
+### Example: SNP:SVSM mode
 
-    $ sev-snp-measure --mode snp --vcpus=1 --vcpu-type=EPYC-v4 --ovmf=OVMF.fd --kernel=vmlinuz --initrd=initrd.img --append="console=ttyS0 loglevel=7"
-    1c8bf2f320add50cb22ca824c17f3fa51a7a4296a4a3113698c2e31b50c2dcfa7e36dea3ebc3a9411061c30acffc6d5a
+```
+$ sev-snp-measure \
+    --mode snp:svsm \
+    --vmm-type=QEMU \
+    --vcpus=4 \
+    --vcpu-type=EPYC-v4 \
+    --ovmf=OVMF_CODE.fd \
+    --svsm=svsm.bin --vars-file=OVMF_VARS.fd
+3447e476b226e317890a350003b56ee17becb48d1dc25dd6b5819a1192df3238f50cda0f0216bd5ae2a992ad7ab961c4
+```
 
 ### snp-create-id-block
 ```

setup.cfg

@@ -31,5 +31,5 @@ console_scripts =
     snp-create-id-block = sevsnpmeasure.id_block:main
 
 [flake8]
-max-complexity = 10
+max-complexity = 12
 max-line-length = 127

sevsnpmeasure/cli.py

@@ -6,6 +6,7 @@
 import argparse
 import base64
 import sys
+import pathlib
 
 from sevsnpmeasure import guest
 from sevsnpmeasure import vcpu_types
@@ -77,8 +78,17 @@ def main() -> int:
     parser.add_argument('--snp-ovmf-hash', metavar='HASH', help='Precalculated hash of the OVMF binary (hex string)')
     parser.add_argument('--dump-vmsa', action='store_true',
                         help='Write measured VMSAs to vmsa<N>.bin (seves, snp, and snp:svsm modes only)')
-    parser.add_argument('--vars-size', type=int, help='OVMF_VARS size in bytes (snp:svsm mode only)')
-    parser.add_argument('--svsm', type=str, help='SVSM binary (snp:svsm mode only)')
+
+    arg_group_svsm = parser.add_argument_group(title='snp:svsm Mode',
+                                               description='AMD SEV-SNP with Coconut-SVSM. This mode additionally requires '
+                                               '--svsm and either --vars-file or --vars-size to be set.')
+    arg_group_svsm.add_argument('--svsm', type=str, metavar='PATH', help='SVSM binary')
+    arg_group_ovmf_vars = arg_group_svsm.add_mutually_exclusive_group(required=False)
+    arg_group_ovmf_vars.add_argument('--vars-size', type=int, metavar='SIZE', help='Size of the OVMF_VARS file in bytes '
+                                     '(conflicts with --vars-file)')
+    arg_group_ovmf_vars.add_argument('--vars-file', type=str, metavar='PATH', help='OVMF_VARS file '
+                                     '(conflicts with --vars-size)')
+
     args = parser.parse_args()
 
     if args.mode == 'snp:ovmf-hash':
@@ -102,14 +112,24 @@ def main() -> int:
     vcpu_sig = get_vcpu_sig(parser, args, vmm_type)
 
     try:
+        vars_size = 0
         sev_mode = SevMode.from_str(args.mode)
 
+        if sev_mode == SevMode.SEV_SNP_SVSM:
+
+            if args.vars_file:
+                vars_size = pathlib.Path(args.vars_file).stat().st_size
+            elif args.vars_size:
+                vars_size = args.vars_size
+            else:
+                parser.error("snp:svsm mode requires --vars-size or --vars-file")
+
         if args.dump_vmsa is True and sev_mode not in [SevMode.SEV_ES, SevMode.SEV_SNP, SevMode.SEV_SNP_SVSM]:
             parser.error("--dump-vmsa is not availibe in the selected mode")
 
         ld = guest.calc_launch_digest(sev_mode, args.vcpus, vcpu_sig, args.ovmf, args.kernel, args.initrd, args.append,
                                       args.guest_features, args.snp_ovmf_hash, vmm_type, args.dump_vmsa,
-                                      args.svsm, args.vars_size)
+                                      args.svsm, vars_size)
 
         print_measurement(ld, sev_mode, args.output_format, args.verbose)
     except RuntimeError as e: