feature gate Crucible-specific boot digest code

Author: iximeow

.github/workflows/rust.yml

@@ -50,3 +50,15 @@ jobs:
       run: cargo build -p propolis-mock-server --verbose
     - name: Test Libraries
       run: cargo test --lib --verbose
+  # Build and test propolis-the-library on its own; `cargo test --lib` as used
+  # above builds the entire workspace, meaning propolis-server default features
+  # are used to build and run propolis-lib tests. Instead, this check uses
+  # `cargo build -p propolis` to only operate with that one crate.
+  build-and-test-propolis-lib:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Build
+      run: cargo build -p propolis --verbose
+    - name: Test Propolis-lib
+      run: cargo test -p propolis --verbose

bin/propolis-server/src/lib/initializer.rs

@@ -733,7 +733,7 @@ impl MachineInitializer<'_> {
                 settings.order.first()
             });
 
-        let crucible_volume = if let Some(entry) = boot_disk_entry {
+        let boot_backend = if let Some(entry) = boot_disk_entry {
             let disk_dev =
                 self.spec.disks.get(&entry.device_id).ok_or_else(|| {
                     MachineInitError::BootOrderEntryWithoutDevice(
@@ -758,7 +758,9 @@ impl MachineInitializer<'_> {
                 block_backend.as_any().downcast_ref::<block::CrucibleBackend>()
             {
                 if backend.is_read_only() {
-                    Some(backend.clone_volume())
+                    Some(attestation::boot_digest::Backend::Crucible(
+                        backend.clone_volume(),
+                    ))
                 } else {
                     // Disk must be read-only to be used for attestation.
                     slog::info!(
@@ -779,7 +781,7 @@ impl MachineInitializer<'_> {
             None
         };
 
-        vm_rot.prepare_instance_conf(uuid, crucible_volume);
+        vm_rot.prepare_instance_conf(uuid, boot_backend);
 
         Ok(())
     }

…/propolis/src/attestation/boot_digest.rs …/src/attestation/boot_digest/crucible.rslib/propolis/src/attestation/boot_digest.rs renamed to lib/propolis/src/attestation/boot_digest/crucible.rs lib/propolis/src/attestation/boot_digest.rs renamed to lib/propolis/src/attestation/boot_digest/crucible.rs

@@ -0,0 +1,42 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use vm_attest::Measurement;
+
+use anyhow::Result;
+use slog::Logger;
+
+#[cfg(feature = "crucible")]
+mod crucible;
+
+#[derive(Debug)]
+pub enum Backend {
+    #[cfg(feature = "crucible")]
+    Crucible(::crucible::Volume),
+}
+
+pub async fn compute(backend: Backend, log: &Logger) -> Result<Measurement> {
+    slog::info!(log, "computing disk digest for {backend:?}");
+
+    match backend {
+        #[cfg(feature = "crucible")]
+        Backend::Crucible(vol) => {
+            // TODO: load-bearing sleep: we have a Crucible volume, but we can
+            // be here and chomping at the bit to get a digest calculation
+            // started well before the volume has been activated; in
+            // `propolis-server` we need to wait for at least a subsequent
+            // instance start. Similar to the scrub task for Crucible disks,
+            // delay some number of seconds in the hopes that activation is done
+            // promptly.
+            //
+            // This should be replaced by awaiting for some kind of actual
+            // "activated" signal.
+            //
+            // see #1078
+            tokio::time::sleep(std::time::Duration::from_secs(10)).await;
+
+            crucible::boot_disk_digest(vol, log).await
+        }
+    }
+}

lib/propolis/src/attestation/boot_digest/mod.rs

@@ -18,7 +18,7 @@ use dice_verifier::Attest;
 
 use vm_attest::VmInstanceConf;
 
-use crate::attestation::ATTESTATION_ADDR;
+use crate::attestation::{boot_digest, ATTESTATION_ADDR};
 
 #[derive(Copy, Clone)]
 pub struct AttestationServerConfig {
@@ -58,49 +58,36 @@ pub struct AttestationSockInit {
     log: slog::Logger,
     vm_conf_send: oneshot::Sender<VmInstanceConf>,
     uuid: uuid::Uuid,
-    volume_ref: Option<crucible::Volume>,
+    boot_backend_ref: Option<boot_digest::Backend>,
 }
 
 impl AttestationSockInit {
     /// Do any any remaining work of collecting VM RoT measurements in support
     /// of this VM's attestation server.
     pub async fn run(self) {
-        let AttestationSockInit { log, vm_conf_send, uuid, volume_ref } = self;
+        let AttestationSockInit { log, vm_conf_send, uuid, boot_backend_ref } =
+            self;
 
         let mut vm_conf = vm_attest::VmInstanceConf { uuid, boot_digest: None };
 
-        if let Some(volume) = volume_ref {
-            // TODO: load-bearing sleep: we have a Crucible volume, but we can
-            // be here and chomping at the bit to get a digest calculation
-            // started well before the volume has been activated; in
-            // `propolis-server` we need to wait for at least a subsequent
-            // instance start. Similar to the scrub task for Crucible disks,
-            // delay some number of seconds in the hopes that activation is done
-            // promptly.
-            //
-            // This should be replaced by awaiting for some kind of actual
-            // "activated" signal.
-            //
-            // see #1078
-            tokio::time::sleep(std::time::Duration::from_secs(10)).await;
-
-            let boot_digest =
-                match crate::attestation::boot_digest::boot_disk_digest(
-                    volume, &log,
-                )
-                .await
-                {
-                    Ok(digest) => digest,
-                    Err(e) => {
-                        // a panic here is unfortunate, but helps us debug for
-                        // now; if the digest calculation fails it may be some
-                        // retryable issue that a guest OS would survive. but
-                        // panicking here means we've stopped Propolis at the
-                        // actual error, rather than noticing the
-                        // `vm_conf_sender` having dropped elsewhere.
-                        panic!("failed to compute boot disk digest: {e:?}");
-                    }
-                };
+        if let Some(digest_backend) = boot_backend_ref {
+            let boot_digest = match crate::attestation::boot_digest::compute(
+                digest_backend,
+                &log,
+            )
+            .await
+            {
+                Ok(digest) => digest,
+                Err(e) => {
+                    // a panic here is unfortunate, but helps us debug for
+                    // now; if the digest calculation fails it may be some
+                    // retryable issue that a guest OS would survive. but
+                    // panicking here means we've stopped Propolis at the
+                    // actual error, rather than noticing the
+                    // `vm_conf_sender` having dropped elsewhere.
+                    panic!("failed to compute boot disk digest: {e:?}");
+                }
+            };
 
             vm_conf.boot_digest = Some(boot_digest);
         } else {
@@ -287,7 +274,7 @@ impl AttestationSock {
     pub fn prepare_instance_conf(
         &mut self,
         uuid: uuid::Uuid,
-        volume_ref: Option<crucible::Volume>,
+        boot_backend_ref: Option<boot_digest::Backend>,
     ) {
         let init_state = std::mem::replace(
             &mut self.init_state,
@@ -305,7 +292,7 @@ impl AttestationSock {
         let init = AttestationSockInit {
             log: self.log.clone(),
             uuid,
-            volume_ref,
+            boot_backend_ref,
             vm_conf_send,
         };
         let init_task = tokio::spawn(init.run());