Add project and silo ids to VM attestation

Cargo.toml

@@ -97,7 +97,7 @@ crucible-client-types = { git = "https://github.com/oxidecomputer/crucible", rev
 
 # Attestation
 dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "1d3084b514389847e8e0f5d966d2be4f18d02d32", features = ["sled-agent"] }
-vm-attest = { git = "https://github.com/oxidecomputer/vm-attest", rev = "2cdd17580a4fc6c871d24797016af8dbaac9421d", default-features = false }
+vm-attest = { git = "https://github.com/oxidecomputer/vm-attest", rev = "acd6ca808d3b081d89b713d64dbce14ba7a50aec", default-features = false }
 
 # External dependencies
 anyhow = "1.0"

bin/propolis-server/src/lib/initializer.rs

@@ -700,6 +700,15 @@ impl MachineInitializer<'_> {
         vm_rot: &mut AttestationSock,
     ) -> Result<(), MachineInitError> {
         let uuid = self.properties.id;
+        let project = self.properties.metadata.project_id;
+        let silo = self.properties.metadata.silo_id;
+
+        let vm_attestation_conf = vm_attest::VmInstanceConf {
+            uuid,
+            project,
+            silo,
+            boot_digest: None,
+        };
 
         // The first boot entry is a key into `self.spec.disks`, which is how
         // we'll get to a Crucible volume backing this boot option.
@@ -781,7 +790,7 @@ impl MachineInitializer<'_> {
             None
         };
 
-        vm_rot.prepare_instance_conf(uuid, boot_backend);
+        vm_rot.prepare_init_state(vm_attestation_conf, boot_backend);
 
         Ok(())
     }

lib/propolis/src/attestation/server.rs

@@ -57,18 +57,20 @@ enum AttestationInitState {
 pub struct AttestationSockInit {
     log: slog::Logger,
     vm_conf_send: oneshot::Sender<VmInstanceConf>,
-    uuid: uuid::Uuid,
+    vm_instance_conf: vm_attest::VmInstanceConf,
     boot_backend_ref: Option<boot_digest::Backend>,
 }
 
 impl AttestationSockInit {
     /// Do any any remaining work of collecting VM RoT measurements in support
     /// of this VM's attestation server.
     pub async fn run(self) {
-        let AttestationSockInit { log, vm_conf_send, uuid, boot_backend_ref } =
-            self;
-
-        let mut vm_conf = vm_attest::VmInstanceConf { uuid, boot_digest: None };
+        let AttestationSockInit {
+            log,
+            vm_conf_send,
+            mut vm_instance_conf,
+            boot_backend_ref,
+        } = self;
 
         if let Some(digest_backend) = boot_backend_ref {
             let boot_digest = match crate::attestation::boot_digest::compute(
@@ -89,12 +91,12 @@ impl AttestationSockInit {
                 }
             };
 
-            vm_conf.boot_digest = Some(boot_digest);
+            vm_instance_conf.boot_digest = Some(boot_digest);
         } else {
             slog::warn!(log, "not computing boot disk digest");
         }
 
-        let send_res = vm_conf_send.send(vm_conf);
+        let send_res = vm_conf_send.send(vm_instance_conf);
         if let Err(_) = send_res {
             slog::error!(
                 log,
@@ -271,9 +273,9 @@ impl AttestationSock {
         Ok(())
     }
 
-    pub fn prepare_instance_conf(
+    pub fn prepare_init_state(
         &mut self,
-        uuid: uuid::Uuid,
+        vm_instance_conf: vm_attest::VmInstanceConf,
         boot_backend_ref: Option<boot_digest::Backend>,
     ) {
         let init_state = std::mem::replace(
@@ -291,9 +293,9 @@ impl AttestationSock {
         };
         let init = AttestationSockInit {
             log: self.log.clone(),
-            uuid,
             boot_backend_ref,
             vm_conf_send,
+            vm_instance_conf,
         };
         let init_task = tokio::spawn(init.run());
         self.init_state = AttestationInitState::Running { init_task };