diff --git a/Cargo.lock b/Cargo.lock index c6320d360..b090f08fa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -10090,7 +10090,7 @@ dependencies = [ [[package]] name = "vm-attest" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/vm-attest?rev=2cdd17580a4fc6c871d24797016af8dbaac9421d#2cdd17580a4fc6c871d24797016af8dbaac9421d" +source = "git+https://github.com/oxidecomputer/vm-attest?rev=acd6ca808d3b081d89b713d64dbce14ba7a50aec#acd6ca808d3b081d89b713d64dbce14ba7a50aec" dependencies = [ "anyhow", "attest-data", diff --git a/Cargo.toml b/Cargo.toml index 83c87705c..ed005ed8f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -97,7 +97,7 @@ crucible-client-types = { git = "https://github.com/oxidecomputer/crucible", rev # Attestation dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "1d3084b514389847e8e0f5d966d2be4f18d02d32", features = ["sled-agent"] } -vm-attest = { git = "https://github.com/oxidecomputer/vm-attest", rev = "2cdd17580a4fc6c871d24797016af8dbaac9421d", default-features = false } +vm-attest = { git = "https://github.com/oxidecomputer/vm-attest", rev = "acd6ca808d3b081d89b713d64dbce14ba7a50aec", default-features = false } # External dependencies anyhow = "1.0" diff --git a/bin/propolis-server/src/lib/initializer.rs b/bin/propolis-server/src/lib/initializer.rs index 89658c840..f0eb195cf 100644 --- a/bin/propolis-server/src/lib/initializer.rs +++ b/bin/propolis-server/src/lib/initializer.rs @@ -700,6 +700,15 @@ impl MachineInitializer<'_> { vm_rot: &mut AttestationSock, ) -> Result<(), MachineInitError> { let uuid = self.properties.id; + let project = self.properties.metadata.project_id; + let silo = self.properties.metadata.silo_id; + + let vm_attestation_conf = vm_attest::VmInstanceConf { + uuid, + project, + silo, + boot_digest: None, + }; // The first boot entry is a key into `self.spec.disks`, which is how // we'll get to a Crucible volume backing this boot option. @@ -781,7 +790,7 @@ impl MachineInitializer<'_> { None }; - vm_rot.prepare_instance_conf(uuid, boot_backend); + vm_rot.prepare_init_state(vm_attestation_conf, boot_backend); Ok(()) } diff --git a/lib/propolis/src/attestation/server.rs b/lib/propolis/src/attestation/server.rs index fb47e0c3f..e326b60e1 100644 --- a/lib/propolis/src/attestation/server.rs +++ b/lib/propolis/src/attestation/server.rs @@ -57,7 +57,7 @@ enum AttestationInitState { pub struct AttestationSockInit { log: slog::Logger, vm_conf_send: oneshot::Sender, - uuid: uuid::Uuid, + vm_instance_conf: vm_attest::VmInstanceConf, boot_backend_ref: Option, } @@ -65,10 +65,12 @@ impl AttestationSockInit { /// Do any any remaining work of collecting VM RoT measurements in support /// of this VM's attestation server. pub async fn run(self) { - let AttestationSockInit { log, vm_conf_send, uuid, boot_backend_ref } = - self; - - let mut vm_conf = vm_attest::VmInstanceConf { uuid, boot_digest: None }; + let AttestationSockInit { + log, + vm_conf_send, + mut vm_instance_conf, + boot_backend_ref, + } = self; if let Some(digest_backend) = boot_backend_ref { let boot_digest = match crate::attestation::boot_digest::compute( @@ -89,12 +91,12 @@ impl AttestationSockInit { } }; - vm_conf.boot_digest = Some(boot_digest); + vm_instance_conf.boot_digest = Some(boot_digest); } else { slog::warn!(log, "not computing boot disk digest"); } - let send_res = vm_conf_send.send(vm_conf); + let send_res = vm_conf_send.send(vm_instance_conf); if let Err(_) = send_res { slog::error!( log, @@ -271,9 +273,9 @@ impl AttestationSock { Ok(()) } - pub fn prepare_instance_conf( + pub fn prepare_init_state( &mut self, - uuid: uuid::Uuid, + vm_instance_conf: vm_attest::VmInstanceConf, boot_backend_ref: Option, ) { let init_state = std::mem::replace( @@ -291,9 +293,9 @@ impl AttestationSock { }; let init = AttestationSockInit { log: self.log.clone(), - uuid, boot_backend_ref, vm_conf_send, + vm_instance_conf, }; let init_task = tokio::spawn(init.run()); self.init_state = AttestationInitState::Running { init_task };