test local attestation

Signed-off-by: Wojciech Ozga <woz@zurich.ibm.com>

Author: wojciechozga

.github/workflows/build.yml

@@ -43,5 +43,7 @@ jobs:
       run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make hypervisor
     - name: build firmware
       run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make firmware
-    - name: build confidential_vms
+    - name: build confidential vms
       run: ACE_DIR=$(pwd)/build/ MAKEFLAGS="--silent -j4" make confidential_vms
+    - name: run tests on confidential vms
+      run: ACE_DIR=$(pwd)/build/ ace test

confidential-vms/linux_vm/hypervisor_rootfs/run_linux_vm_qemu.sh

@@ -3,16 +3,11 @@
 # SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 # SPDX-License-Identifier: Apache-2.0
 
-QEMU_CMD=qemu-system-riscv64
-KERNEL=/root/linux_vm/Image
-DRIVE=/root/linux_vm/rootfs.ext2
-INITRAMFS=/root/linux_vm/rootfs.cpio
-TAP=/root/linux_vm/cove_tap_qemu
-
 HOST_PORT="$((3000 + RANDOM % 3000))"
 INTERACTIVE="-nographic"
 SMP=2
 MEMORY=1G
+ID=""
 
 for i in "$@"; do
   case $i in
@@ -34,6 +29,10 @@ for i in "$@"; do
       MEMORY="${i#*=}"
       shift
       ;;
+    -i=*|--id=*)
+      ID="${i#*=}"
+      shift
+      ;;
     --daemonize*)
       INTERACTIVE="-daemonize"
       shift
@@ -47,8 +46,19 @@ for i in "$@"; do
   esac
 done
 
+if [ ! -f "/root/linux_vm${ID}" ]; then
+  cp -rf /root/linux_vm /root/linux_vm${ID}
+fi
+
+QEMU_CMD=qemu-system-riscv64
+KERNEL=/root/linux_vm${ID}/Image
+DRIVE=/root/linux_vm${ID}/rootfs.ext2
+INITRAMFS=/root/linux_vm${ID}/rootfs.cpio
+TAP=/root/linux_vm${ID}/cove_tap_qemu
+
 echo "SSH port: ${HOST_PORT}"
 echo "Number of cores assigned to the guest: ${SMP}"
+echo "${INTERACTIVE}"
 
 ${QEMU_CMD} ${DEBUG_OPTIONS} \
     ${INTERACTIVE} \
@@ -61,5 +71,4 @@ ${QEMU_CMD} ${DEBUG_OPTIONS} \
     -device virtio-blk-pci,drive=hd0,iommu_platform=on,disable-legacy=on,disable-modern=off \
     -drive if=none,format=raw,file=${DRIVE},id=hd0 \
     -device virtio-net-pci,netdev=net0,iommu_platform=on,disable-legacy=on,disable-modern=off \
-    -netdev user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::${HOST_PORT}-:22 \
-    -nographic
+    -netdev user,id=net0,net=192.168.100.1/24,dhcpstart=192.168.100.128,hostfwd=tcp::${HOST_PORT}-:22

confidential-vms/linux_vm/hypervisor_rootfs/run_linux_vm_qemu2.sh

@@ -56,6 +56,8 @@ BR2_GLOBAL_PATCH_DIR=""
 
 # Packages
 BR2_PACKAGE_DROPBEAR=y
+BR2_PACKAGE_OPENSSH_CLIENT=y
+BR2_PACKAGE_SSHPASS=y
 
 # Qemu
 BR2_PACKAGE_QEMU=y

hypervisor/configurations/qemu_riscv64_virt_defconfig

@@ -2,28 +2,21 @@
 # SPDX-FileCopyrightText: 2023 IBM Corporation
 # SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
 # SPDX-License-Identifier: Apache-2.0
-
-function run_confidential_vm() {
-    fallocate -l 128M hdd.dsk
-
-    KERNEL_IMAGE=$1
-    NUMBER_OF_CORES=$2
-    MEMORY_SIZE=$3
-    DRIVE="hdd.dsk"
-
-    qemu-system-riscv64 -machine virt -cpu rv64 -smp $NUMBER_OF_CORES -m $MEMORY_SIZE \
-        --enable-kvm \
-        -global virtio-mmio.force-legacy=false \
-        -append "console=ttyS0 ro root=/dev/vda swiotlb=mmnn,force nosplash debug promote_to_tvm" \
-        -device virtio-blk-pci,drive=hd0,iommu_platform=on,disable-legacy=on,disable-modern=off \
-        -drive if=none,format=raw,file=${DRIVE},id=hd0 \
-        -nographic -bios none \
-        -kernel $KERNEL_IMAGE &
-}
+export TVM_TEST_PASSWD="passwd"
+export SSH_CMD="sshpass -p ${TVM_TEST_PASSWD} ssh -y -q"
 
 function kill_confidential_vm() {
     PID="$(pidof qemu-system-riscv64)"
     kill -9 $PID
     wait $PID 2>/dev/null
 }
 
+function wait_for_ssh () {
+    for i in $(seq 1 30); do
+        if [ "$( $SSH_CMD -p$3 $1@$2 'whoami' )" == "root" ]; then
+            break
+        fi
+        echo "Waiting for the TVM's SSH ..."
+        sleep 1
+    done
+}

hypervisor/rootfs/common.sh

@@ -5,15 +5,17 @@
 
 # This script runs all tests in harness
 
-declare -a TESTS=("test_esm")
+declare -a TESTS=("test_attestation")
 
 for i in "${TESTS[@]}"; do
-    ./$i.sh 2>&1 > $i.log 
+    ./$i.sh 2>&1 > $i.log
     RESULT=$?
     if [ $RESULT -eq 0 ]; then
         echo "$i: success"
     else
         echo "$i: failed"
-        cat $i.log  
+        echo ""
+        echo "======= Logs: ======="
+        cat $i.log
     fi
-done
+done

hypervisor/rootfs/selftest.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# SPDX-FileCopyrightText: 2025 IBM Corporation
+# SPDX-FileContributor: Wojciech Ozga <woz@zurich.ibm.com>, IBM Research - Zurich
+# SPDX-License-Identifier: Apache-2.0
+. common.sh
+
+/root/run_linux_vm_qemu.sh --daemonize 2>&1 > tmp_run_vm.log &
+sleep 5
+
+TVM_USER="root"
+TVM_HOST="localhost"
+TVM_PORT="$(grep 'SSH port' tmp_run_vm.log | awk -F': ' '{ print $2 }' )"
+echo "TVM's SSH is listening on port: $TVM_PORT"
+
+wait_for_ssh $TVM_USER $TVM_HOST $TVM_PORT
+
+$SSH_CMD -p${TVM_PORT} ${TVM_USER}@${TVM_HOST} 'insmod /root/ace_module/ace.ko'
+$SSH_CMD -p${TVM_PORT} ${TVM_USER}@${TVM_HOST} 'dmesg | grep Secret' > tmp_dmesg.log
+
+ATTESTATION_RESULT="$(grep 'Secret=0xc0ffee' tmp_dmesg.log | wc -l)"
+
+kill_confidential_vm
+
+if [[ "x$ATTESTATION_RESULT" == "x1" ]]; then
+    echo "Attestation test succeeded"
+    exit 0
+else
+    echo "Attestation test failed"
+    exit 1
+fi

hypervisor/rootfs/test_attestation.sh

@@ -21,37 +21,16 @@ echo "Hypervisor's SSH is listening on port: $HYPERVISOR_TEST_PORT"
 # wait until the VM is up and running
 wait_for_ssh ${HYPERVISOR_TEST_LOGIN} ${HYPERVISOR_TEST_HOSTNAME} ${HYPERVISOR_TEST_PORT}
 
-# test confidential memory protections
-QEMU_MEMORY_SIZE_MB=2048
-
-# Verify that the hypervisor has no access to the confidential memory
-MEMORY_ACCESS_EXEC="insmod ace-kernel-module/ace.ko"
-MEMORY_BASE_ADDRESS="$(hex2dec 80000000 10 16)"
-let MEMORY_SIZE=${QEMU_MEMORY_SIZE_MB}*1024*1024
-let NONSECURE_MEMORY_BASE_ADDRESS=${MEMORY_BASE_ADDRESS}+2048*1024 # after OpenSBI reserved memory
-let SECURE_MEMORY_BASE_ADDRESS=${MEMORY_BASE_ADDRESS}+${MEMORY_SIZE}/2
-let SECURE_MEMORY_END_ADDRESS=${SECURE_MEMORY_BASE_ADDRESS}+${MEMORY_SIZE}/2-1
-
-declare -A EXPECTED_MEMORY_ACCESS=([$NONSECURE_MEMORY_BASE_ADDRESS]=0 [$MEMORY_BASE_ADDRESS]=1 [$SECURE_MEMORY_BASE_ADDRESS]=1 [$SECURE_MEMORY_END_ADDRESS]=1)
-
-for i in "${!EXPECTED_MEMORY_ACCESS[@]}"; do
-    ADDRESS=$(hex2dec $i 16 10)
-    EXPECTED_RESULT=${EXPECTED_MEMORY_ACCESS[$i]}
-    RESULT=$(${SSH_CMD} -p${HYPERVISOR_TEST_PORT} ${HYPERVISOR_TEST_LOGIN}@${HYPERVISOR_TEST_HOSTNAME} ./test_secure_memory.sh 0x$ADDRESS 2>&1)
-    ACCESS_FAILED="$(echo $RESULT | grep 'Segmentation fault' | wc -l)"
-    if [ $ACCESS_FAILED -ne $EXPECTED_RESULT ]; then
-        echo "incorrect access rights to $ADDRESS: FAIL"
-    else
-        echo "correct access rights to $ADDRESS: succeess"
-    fi
-    kill_qemu ${HYPERVISOR_TEST_PORT}
-    ${ACE_DIR}/tools/ace_run_hypervisor.sh --daemonize > .run_tests.log
-    HYPERVISOR_TEST_PORT="$(grep 'SSH port' .run_tests.log | awk -F': ' '{ print $2 }' )"
-    wait_for_ssh ${HYPERVISOR_TEST_LOGIN} ${HYPERVISOR_TEST_HOSTNAME} ${HYPERVISOR_TEST_PORT}    
-done
-
 # execute tests remotely over ssh
-${SSH_CMD} -p${HYPERVISOR_TEST_PORT} ${HYPERVISOR_TEST_LOGIN}@${HYPERVISOR_TEST_HOSTNAME} './selftest.sh'
+${SSH_CMD} -p${HYPERVISOR_TEST_PORT} ${HYPERVISOR_TEST_LOGIN}@${HYPERVISOR_TEST_HOSTNAME} './selftest.sh' > ace_test_results
 
 # kill the VM
 kill_qemu ${HYPERVISOR_TEST_PORT}
+
+FAILED="$( grep ': failed' ace_test_results | wc -l)"
+cat ace_test_results
+
+if [[ $FAILED -gt 0 ]]; then
+    exit 1
+fi
+exit 0

tools/ace_test.sh

@@ -11,11 +11,10 @@ export HYPERVISOR_TEST_HOSTNAME="localhost"
 export SSH_PASSWD_PARAMS="-o PasswordAuthentication=yes -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no -o StrictHostKeyChecking=no"
 export SSH_CMD="sshpass -p ${HYPERVISOR_TEST_PASSWD} ssh ${SSH_PASSWD_PARAMS}"
 
-
 # Usage: wait_for_ssh "root", "localhost", "22"
-function wait_for_ssh () { 
-    while [ "$( $SSH_CMD -p$3 $1@$2 'whoami' )" != "root" ]; do 
-        echo "waiting for the guest's ssh ..."
+function wait_for_ssh () {
+    while [ "$( $SSH_CMD -p$3 $1@$2 'whoami' )" != "root" ]; do
+        echo "waiting for the hypervisor's ssh ..."
         sleep 1
     done
 }
@@ -29,39 +28,3 @@ function kill_qemu () {
         wait $PID 2>/dev/null
     fi
 }
-
-function kill_users_qemu () {
-    USER="$(whoami)"
-    PID="$(ps aux | grep qemu | grep ${USER} | awk -F' ' '{ print $2  }')"
-    if [ "$PID" != "" ]; then
-        kill -9 $PID
-        wait $PID 2>/dev/null
-    fi
-}
-
-function hex2dec() {
-    ## validate sufficient input
-    test -n "$1" || {
-        printf "\n error: insufficient input. usage:  %s num [obase (2)] [ibase (10)]\n\n" "${0//*\//}"
-        exit 1
-    }
-
-    ## test for help
-    test "$1" = "-h" || test "$1" = "--help" && {
-        printf "\n  usage:  %s num [obase (2)] [ibase (10)] -- to convert number\n\n" "${0//*\//}"
-        exit 0
-    }
-
-    ## validate numeric value given for conversion (bash only test)
-    ival="${1^^}"
-    [[ $ival =~ [^0-9A-F] ]] && {
-        printf "\n error: invalid input. Input must be within upper/lower case hex character set [0-9A-Fa-f]\n\n"
-        exit 1
-    }
-
-    ob=${2:-2}
-    ib=${3:-10}
-
-    # set obase first before ibase -- or weird things happen.
-    printf "obase=%d; ibase=%d; %s\n" $ob $ib $ival | bc
-}