diff --git a/README.md b/README.md index efe01711751b55e2a19c7b44eb1dddd3e0e94093..d560173ac2e618e4c36ef2a01063d857b4e414f0 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,126 @@ # virtCCA_sdk -#### 介绍 +## 介绍 The software development kit of virtCCA (virtualized ARM confidential computing architecture with trustzone), such as remote attestation, derived key based on hardware etc. -#### 软件架构 -软件架构说明 +## 远程证明 +### 编译 -#### 安装教程 +1. 安装依赖 + ```sh + yum install tar cmake make git gcc gcc-c++ openssl-devel glib2-devel + ``` -1. xxxx -2. xxxx -3. xxxx +2. 编译安装基线度量值计算工具 + ```sh + cd attestation/rim_ref + cmake -S . -B build + cmake --build build + cp output/gen_rim_ref /usr/local/bin + ``` + **基线度量值计算工具gen_rim_ref会安装到/usr/local/bin目录下** -#### 使用说明 +3. 编译安装远程证明sdk + ```sh + cd attestation/sdk + cmake -S . -B build + cmake --build build + cmake --install build + ``` -1. xxxx -2. xxxx -3. xxxx + **远程证明用户态静态库libvccaattestation.a会安装到/usr/local/lib目录下,头文件attestation.h会安装到/usr/local/include目录下** -#### 参与贡献 +4. 编译安装`QCBOR 1.2`和`t_cose 1.1.2`依赖,编译远程证明样例代码和支持virtCCA的rats-tls需要使用: + ```sh + if [ ! -d "QCBOR" ]; then + git clone https://github.com/laurencelundblade/QCBOR.git -b v1.2 + fi + if [ ! -d "t_cose" ]; then + git clone https://github.com/laurencelundblade/t_cose.git -b v1.1.2 + fi + cd QCBOR + make + make install + cd ../t_cose + cmake -S . -B build + cmake --build build + cmake --install build + ``` -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request +5. 编译远程证明样例代码,样例代码需要依赖远程证明sdk、`QCBOR 1.2`和`t_cose 1.1.2`,需要提前安装好 + **样例代码server端包含了调用远程证明sdk获取远程证明报告的代码,client端包含了报告解析和验证的代码,server和client使用TCP进行数据传递,代码仅供参考,建议使用rats-tls** -#### 特技 + ```sh + cd attestation/samples + cmake -S . -B build + cmake --build build + ``` + **远程证明样例代码的server和client会生成到build目录下** -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +6. 编译安装`libcbor`依赖,编译支持virtCCA的rats-tls需要使用: + ```sh + git clone https://github.com/PJK/libcbor.git + cd libcbor + cmake -S . -B build + cd build + make + make install + ``` + +7. 编译支持virtCCA的rats-tls,rats-tls需要依赖远程证明sdk、`libcbor`、`QCBOR 1.2`和`t_cose 1.1.2`,需要提前安装好 + ```sh + cd attestation/rats-tls + git clone https://github.com/inclavare-containers/rats-tls.git + cd rats-tls + git reset --hard 40f7b78403d75d13b1a372c769b2600f62b02692 + git apply ../*.patch + bash build.sh -s -r + ``` + + **编译完成后会在bin目录下生成rats-tls.tar.gz软件包** + +8. 编译启动时证明使用的initramfs,initramfs需要依赖支持virtCCA的rats-tls,需要提前编译好 + ```sh + cd attestation/initramfs + bash build.sh + ``` + +### 使用说明 + +#### 远程证明样例代码 + +1. 启动server,server参数说明请使用`server -h`查看 + ```sh + ./server + ``` + +2. 启动client, 可以使用-m参数传递机密虚机的基线度量值用于校验,基线度量值可以使用基线度量值计算工具计算得到,client参数说明请使用`client -h`查看 + ```sh + ./client -m 38d644db0aeddedbf9e11a50dd56fb2d0c663f664d63ad62762490da41562108 + ``` + + +#### 支持virtCCA的rats-tls +1. 将rats-tls编译生产的rats-tls.tar.gz软件包拷贝到需要使用的机器,然后执行解压命令: + ```sh + tar -zxf rats-tls.tar.gz + ``` + +2. 将rats-tls的动态库复制到/usr/lib目录下 + ```sh + cp -r lib/rats-tls /usr/lib/ + ``` + +3. 导入环境变量后运行virtcca-server,virtcca-server参数说明请使用`virtcca-server -h`查看 + ```sh + export LD_LIBRARY_PATH=/usr/lib/rats-tls:$LD_LIBRARY_PATH + ./virtcca-server + ``` + +3. 导入环境变量后运行virtcca-client,virtcca-client参数说明请使用`virtcca-client -h`查看 + ```sh + export LD_LIBRARY_PATH=/usr/lib/rats-tls:$LD_LIBRARY_PATH + ./virtcca-client + ``` diff --git a/attestation/initramfs/br2_external/board/virtcca_qemu/rootfs_overlay/etc/init.d/rcA b/attestation/initramfs/br2_external/board/virtcca_qemu/rootfs_overlay/etc/init.d/rcA index 5ae2c572608b5d93900d93d80ea4f8ea1a78b072..11d2649c8690741c0571900bb91188a188c9edba 100755 --- a/attestation/initramfs/br2_external/board/virtcca_qemu/rootfs_overlay/etc/init.d/rcA +++ b/attestation/initramfs/br2_external/board/virtcca_qemu/rootfs_overlay/etc/init.d/rcA @@ -7,13 +7,17 @@ sleep 10 ip a ip_addr=$(ip a | grep inet | grep -v inet6 | grep -v 127 | awk -F' ' '{print $2}' | awk -F'/' '{print $1}') +if [ "$ip_addr" == "" ]; then + echo "Cannot not get ip addr." + exit 1 +fi echo "IP address: $ip_addr" -server -i $ip_addr +/usr/bin/virtcca-server -i $ip_addr exit_status=$? echo "server return $exit_status" -if [ $exit_status -eq 0 ]; then +if [ $exit_status -eq 103 ]; then # mount the new root echo "Mounting new root filesystem..." mkdir -p /newroot diff --git a/attestation/initramfs/build.sh b/attestation/initramfs/build.sh index 7beae5883ff4b233e710c559c2b42090a65fc781..354f17814d6776337e3d5ffbe997aa5910d6e18f 100755 --- a/attestation/initramfs/build.sh +++ b/attestation/initramfs/build.sh @@ -6,10 +6,10 @@ OUTPUT_DIR=${INITRAMFS_PROJ_DIR}/buildroot/output APP_INSTALL_DIR=${INITRAMFS_PROJ_DIR}/br2_external/board/virtcca_qemu/rootfs_overlay export BR2_EXTERNAL=${INITRAMFS_PROJ_DIR}/br2_external -# prepare to install TSI server -TSI_SERVER_BIN=${INITRAMFS_PROJ_DIR}/../samples/build/server -if [ ! -f "${TSI_SERVER_BIN}" ]; then - echo "Cannot find ${TSI_SERVER_BIN}" +# prepare to install rats-tls server +RATS_TLS_BIN=${INITRAMFS_PROJ_DIR}/../rats-tls/rats-tls/bin/rats-tls.tar.gz +if [ ! -f "${RATS_TLS_BIN}" ]; then + echo "Cannot find ${RATS_TLS_BIN}" exit 1 fi @@ -19,8 +19,12 @@ rm -rf ${APP_INSTALL_DIR}/usr mkdir -p ${APP_INSTALL_DIR}/tmp mkdir -p ${APP_INSTALL_DIR}/usr/bin -# install TSI server -cp -rf ${INITRAMFS_PROJ_DIR}/../samples/build/server ${APP_INSTALL_DIR}/usr/bin/ +# install rats-tls server +cd ${APP_INSTALL_DIR}/tmp +cp $RATS_TLS_BIN ./ +tar -zxf rats-tls.tar.gz +cp -rf ${APP_INSTALL_DIR}/tmp/lib ${APP_INSTALL_DIR}/usr/ +cp -rf ${APP_INSTALL_DIR}/tmp/virtcca-server ${APP_INSTALL_DIR}/usr/bin/ # clean up rm -rf ${APP_INSTALL_DIR}/tmp @@ -28,6 +32,6 @@ pushd ${INITRAMFS_PROJ_DIR} # initramfs build process if [ ! -d "buildroot" ]; then - git clone https://gitlab.com/buildroot.org/buildroot.git -b 2024.02 + git clone https://gitlab.com/buildroot.org/buildroot.git -b 2023.02.11 fi cd buildroot && make clean && make virtcca_qemu_defconfig && make diff --git a/attestation/rim_ref/CMakeLists.txt b/attestation/rim_ref/CMakeLists.txt index 56917062b99ceaadf659c7cdb6b4cdcb7d68de36..6c75416ec1df081a6d91d0384fd8d1c299e621ff 100644 --- a/attestation/rim_ref/CMakeLists.txt +++ b/attestation/rim_ref/CMakeLists.txt @@ -1,8 +1,8 @@ # CMake version -cmake_minimum_required(VERSION 3.5.1) +cmake_minimum_required(VERSION 3.16) # Project -project(gen_rim_ref) +project(gen_rim_ref LANGUAGES C) set(CMAKE_EXPORT_COMPILE_COMMANDS ON) find_package(OpenSSL REQUIRED) find_package(PkgConfig REQUIRED) diff --git a/attestation/samples/CMakeLists.txt b/attestation/samples/CMakeLists.txt index 03d3451b1b38f871840491d68c55399ed20a16ce..947d6665660071202d69bac6ade9dca1ba258561 100644 --- a/attestation/samples/CMakeLists.txt +++ b/attestation/samples/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.20) +cmake_minimum_required(VERSION 3.16) project(tsi-samples LANGUAGES C) diff --git a/attestation/sdk/CMakeLists.txt b/attestation/sdk/CMakeLists.txt index be7dca912e7e2cb846d27b7717759569fe50ac1e..a5b51ab48f2f46f4980b6ee12eec95a2919bf2ce 100644 --- a/attestation/sdk/CMakeLists.txt +++ b/attestation/sdk/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.20) +cmake_minimum_required(VERSION 3.16) project(virtcca-sdk LANGUAGES C)