From fd062d2a2a550e0fb8a6bb3d5a6834b765ba0d42 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 19:48:34 +0000 Subject: [PATCH 1/9] bump dice-util --- Cargo.toml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 78ce0b0..b28726f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,9 +9,11 @@ build = "build/main.rs" test-data = [] [dependencies] -attest-data.git = "https://github.com/oxidecomputer/dice-util" +# these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "6161d9321ae64acaf57ae162df0bd80286b9b124" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "6161d9321ae64acaf57ae162df0bd80286b9b124", features = ["mock"] } + const-oid = { version = "0.9.5", features = ["db"] } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", features = ["mock"] } ed25519-dalek = { version = "2.1", default-features = false } getrandom = { version = "0.3.4", features = ["std"] } hex = "0.4.3" From cda7e651838dc2c22b3a2bee26907009f4f89725 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 20:02:03 +0000 Subject: [PATCH 2/9] switch to new AttestAsync --- Cargo.lock | 26 ++++++++++++++++++++++++-- Cargo.toml | 4 ++-- src/rot.rs | 10 +++++----- 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fb30135..bcba84a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -67,10 +67,21 @@ version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" +[[package]] +name = "async-trait" +version = "0.1.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.110", +] + [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util#88c6684d15f6f64abf7cdb843daa3862c253be80" +source = "git+https://github.com/oxidecomputer/dice-util?rev=d07ea05118e31c2d4c939e24b92440113f22da56#d07ea05118e31c2d4c939e24b92440113f22da56" dependencies = [ "const-oid", "der", @@ -381,8 +392,9 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util#88c6684d15f6f64abf7cdb843daa3862c253be80" +source = "git+https://github.com/oxidecomputer/dice-util?rev=d07ea05118e31c2d4c939e24b92440113f22da56#d07ea05118e31c2d4c939e24b92440113f22da56" dependencies = [ + "async-trait", "attest-data", "const-oid", "ed25519-dalek", @@ -393,6 +405,7 @@ dependencies = [ "p384", "rats-corim", "sha3", + "slog", "tempfile", "thiserror", "x509-cert", @@ -1127,6 +1140,15 @@ dependencies = [ "rand_core", ] +[[package]] +name = "slog" +version = "2.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b3b8565691b22d2bdfc066426ed48f837fc0c5f2c8cad8d9718f7f99d6995c1" +dependencies = [ + "rustversion", +] + [[package]] name = "spki" version = "0.7.3" diff --git a/Cargo.toml b/Cargo.toml index b28726f..f9f1216 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,8 @@ test-data = [] [dependencies] # these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. -attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "6161d9321ae64acaf57ae162df0bd80286b9b124" } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "6161d9321ae64acaf57ae162df0bd80286b9b124", features = ["mock"] } +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "dd6111a7923910c0f8336e3f8454a77f0764d7a3" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "dd6111a7923910c0f8336e3f8454a77f0764d7a3", features = ["mock"] } const-oid = { version = "0.9.5", features = ["db"] } ed25519-dalek = { version = "2.1", default-features = false } diff --git a/src/rot.rs b/src/rot.rs index eb256a2..ce0fc5a 100644 --- a/src/rot.rs +++ b/src/rot.rs @@ -4,7 +4,7 @@ use attest_data::AttestDataError as OxAttestDataError; use dice_verifier::{ - Attest as OxAttest, AttestError as OxAttestError, + AttestAsync as OxAttest, AttestError as OxAttestError, Attestation as OxAttestation, Log, Nonce, }; use hubpack::SerializedSize; @@ -57,7 +57,7 @@ impl VmInstanceRot { /// attestation from the platform rot is then combined with all data /// required to verify it in a `VmInstanceAttestation` and returned to the /// caller. - pub fn attest( + pub async fn attest( &self, instance_conf: &VmInstanceConf, qualifying_data: &QualifyingData, @@ -74,7 +74,7 @@ impl VmInstanceRot { // smuggle the updated qualifying data through the `Nonce` // type down to the Oxide Platform RoT let nonce = Nonce::N32(attest_data::Array(msg.finalize().into())); - let attest = self.oxattest_mock.attest(&nonce)?; + let attest = self.oxattest_mock.attest(&nonce).await?; // serialize the attestation back to hubpack // TODO: this should be a JSON encoding @@ -84,7 +84,7 @@ impl VmInstanceRot { attestation.truncate(len); // collect logs - let oxide_log = self.oxattest_mock.get_measurement_log()?; + let oxide_log = self.oxattest_mock.get_measurement_log().await?; let mut data = vec![0u8; Log::MAX_SIZE]; let len = hubpack::serialize(&mut data, &oxide_log) @@ -101,7 +101,7 @@ impl VmInstanceRot { }); // get cert chain - let ox_cert_chain = self.oxattest_mock.get_certificates()?; + let ox_cert_chain = self.oxattest_mock.get_certificates().await?; let mut cert_chain = Vec::new(); for cert in ox_cert_chain { From 750fc59214716f49a4d83db214c43e8005142fa9 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 20:34:07 +0000 Subject: [PATCH 3/9] and make AttestAsync sync --- Cargo.lock | 4 ++-- src/rot.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bcba84a..a4bcd31 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ dependencies = [ [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=d07ea05118e31c2d4c939e24b92440113f22da56#d07ea05118e31c2d4c939e24b92440113f22da56" +source = "git+https://github.com/oxidecomputer/dice-util?rev=dd6111a7923910c0f8336e3f8454a77f0764d7a3#dd6111a7923910c0f8336e3f8454a77f0764d7a3" dependencies = [ "const-oid", "der", @@ -392,7 +392,7 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=d07ea05118e31c2d4c939e24b92440113f22da56#d07ea05118e31c2d4c939e24b92440113f22da56" +source = "git+https://github.com/oxidecomputer/dice-util?rev=dd6111a7923910c0f8336e3f8454a77f0764d7a3#dd6111a7923910c0f8336e3f8454a77f0764d7a3" dependencies = [ "async-trait", "attest-data", diff --git a/src/rot.rs b/src/rot.rs index ce0fc5a..901c109 100644 --- a/src/rot.rs +++ b/src/rot.rs @@ -36,7 +36,7 @@ pub enum VmInstanceRotError { /// This type represents the `propolis` process that backs a VM. This type has /// an interface similar to the `vm_attest::VmInstanceAttester` but we require pub struct VmInstanceRot { - oxattest_mock: Box, + oxattest_mock: Box, } impl VmInstanceRot { @@ -44,7 +44,7 @@ impl VmInstanceRot { /// implementing the dice_verifier::Attest is provided to the constructor. /// This type connects the `VmInstanceRot` to the oxide platform rot, or /// possibly a mock implementation thereof. - pub fn new(oxattest_mock: Box) -> Self { + pub fn new(oxattest_mock: Box) -> Self { Self { oxattest_mock } } From c54949081fb383006651a803a596cefd69772a49 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 22:49:56 +0000 Subject: [PATCH 4/9] rev dice-util more --- Cargo.lock | 4 ++-- Cargo.toml | 4 ++-- src/rot.rs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4bcd31..d6f3c76 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ dependencies = [ [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=dd6111a7923910c0f8336e3f8454a77f0764d7a3#dd6111a7923910c0f8336e3f8454a77f0764d7a3" +source = "git+https://github.com/oxidecomputer/dice-util?rev=f0bc0797b40fd13b40c027454948da8a8a673860#f0bc0797b40fd13b40c027454948da8a8a673860" dependencies = [ "const-oid", "der", @@ -392,7 +392,7 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=dd6111a7923910c0f8336e3f8454a77f0764d7a3#dd6111a7923910c0f8336e3f8454a77f0764d7a3" +source = "git+https://github.com/oxidecomputer/dice-util?rev=f0bc0797b40fd13b40c027454948da8a8a673860#f0bc0797b40fd13b40c027454948da8a8a673860" dependencies = [ "async-trait", "attest-data", diff --git a/Cargo.toml b/Cargo.toml index f9f1216..8d40898 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,8 @@ test-data = [] [dependencies] # these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. -attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "dd6111a7923910c0f8336e3f8454a77f0764d7a3" } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "dd6111a7923910c0f8336e3f8454a77f0764d7a3", features = ["mock"] } +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "f0bc0797b40fd13b40c027454948da8a8a673860" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "f0bc0797b40fd13b40c027454948da8a8a673860", features = ["mock"] } const-oid = { version = "0.9.5", features = ["db"] } ed25519-dalek = { version = "2.1", default-features = false } diff --git a/src/rot.rs b/src/rot.rs index 901c109..e513bfa 100644 --- a/src/rot.rs +++ b/src/rot.rs @@ -4,7 +4,7 @@ use attest_data::AttestDataError as OxAttestDataError; use dice_verifier::{ - AttestAsync as OxAttest, AttestError as OxAttestError, + Attest as OxAttest, AttestError as OxAttestError, Attestation as OxAttestation, Log, Nonce, }; use hubpack::SerializedSize; From 732c34fa9bc2749312fcc36b1e9ccff880995a83 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 22:50:48 +0000 Subject: [PATCH 5/9] rev more --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8d40898..7761e01 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,8 @@ test-data = [] [dependencies] # these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. -attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "f0bc0797b40fd13b40c027454948da8a8a673860" } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "f0bc0797b40fd13b40c027454948da8a8a673860", features = ["mock"] } +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "c008287fb6c62654094d9d145ba9d08d90dcf811" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "c008287fb6c62654094d9d145ba9d08d90dcf811", features = ["mock"] } const-oid = { version = "0.9.5", features = ["db"] } ed25519-dalek = { version = "2.1", default-features = false } From 31ca7a0dc8428d91808b84623e9afca7c99d76e5 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 23:24:34 +0000 Subject: [PATCH 6/9] tests too --- Cargo.lock | 129 ++++++++++++++++++++++++++++++++++++++++++++++++++++- Cargo.toml | 1 + src/rot.rs | 20 +++++---- 3 files changed, 140 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d6f3c76..b26832b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ dependencies = [ [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=f0bc0797b40fd13b40c027454948da8a8a673860#f0bc0797b40fd13b40c027454948da8a8a673860" +source = "git+https://github.com/oxidecomputer/dice-util?rev=c008287fb6c62654094d9d145ba9d08d90dcf811#c008287fb6c62654094d9d145ba9d08d90dcf811" dependencies = [ "const-oid", "der", @@ -142,6 +142,12 @@ version = "3.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + [[package]] name = "cc" version = "1.2.46" @@ -392,7 +398,7 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=f0bc0797b40fd13b40c027454948da8a8a673860#f0bc0797b40fd13b40c027454948da8a8a673860" +source = "git+https://github.com/oxidecomputer/dice-util?rev=c008287fb6c62654094d9d145ba9d08d90dcf811#c008287fb6c62654094d9d145ba9d08d90dcf811" dependencies = [ "async-trait", "attest-data", @@ -778,6 +784,15 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df1d3c3b53da64cf5760482273a98e575c651a67eec7f77df96b5b642de8f039" +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + [[package]] name = "log" version = "0.4.29" @@ -790,6 +805,17 @@ version = "2.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f52b00d39961fc5b2736ea853c9cc86238e165017a493d1d5c8eac6bdc4cc273" +[[package]] +name = "mio" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + [[package]] name = "num-conv" version = "0.2.0" @@ -829,6 +855,29 @@ dependencies = [ "sha2", ] +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -838,6 +887,12 @@ dependencies = [ "base64ct", ] +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + [[package]] name = "pkcs8" version = "0.10.2" @@ -911,6 +966,15 @@ dependencies = [ "thiserror", ] +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + [[package]] name = "ref-cast" version = "1.0.25" @@ -1009,6 +1073,12 @@ dependencies = [ "serde_json", ] +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + [[package]] name = "sec1" version = "0.7.3" @@ -1130,6 +1200,16 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + [[package]] name = "signature" version = "2.2.0" @@ -1149,6 +1229,22 @@ dependencies = [ "rustversion", ] +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + [[package]] name = "spki" version = "0.7.3" @@ -1315,6 +1411,34 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.110", +] + [[package]] name = "typenum" version = "1.19.0" @@ -1370,6 +1494,7 @@ dependencies = [ "serde_with", "sha2", "thiserror", + "tokio", "uuid", "vm-attest", "x509-cert", diff --git a/Cargo.toml b/Cargo.toml index 7761e01..fbd3625 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,3 +34,4 @@ anyhow.version = "1.0.100" [dev-dependencies] vm-attest = { path = ".", features = ["test-data"] } +tokio = { version = "1", features = ["full"] } diff --git a/src/rot.rs b/src/rot.rs index e513bfa..99e83df 100644 --- a/src/rot.rs +++ b/src/rot.rs @@ -174,18 +174,19 @@ mod test { QualifyingData::from(Into::<[u8; 32]>::into(digest.finalize())) } - #[test] - fn attest() { + #[tokio::test] + async fn attest() { let (attest, instance_cfg) = setup(); let qualifying_data = mock_qualifying_data(); let _ = attest .attest(&instance_cfg, &qualifying_data) + .await .expect("VmInstanceRotMock attest"); } - #[test] - fn verify_cert_chain() { + #[tokio::test] + async fn verify_cert_chain() { use std::fs; let (attest, instance_cfg) = setup(); @@ -193,6 +194,7 @@ mod test { let plat_attest = attest .attest(&instance_cfg, &qualifying_data) + .await .expect("VmInstanceRotMock attest"); let root_cert = fs::read(config::PKI_ROOT).unwrap_or_else(|e| { @@ -218,14 +220,15 @@ mod test { assert_eq!(&root_cert[0], verified_root); } - #[test] - fn verify_attestation() { + #[tokio::test] + async fn verify_attestation() { let (attest, instance_cfg) = setup(); // qualifying data from VM to VmInstanceRot let vm_qualifying_data = mock_qualifying_data(); let plat_attest = attest .attest(&instance_cfg, &vm_qualifying_data) + .await .expect("VmInstanceRotMock get_cert_chain"); // Reconstruct the 32 bytes passed from `VmInstanceAttestMock` down to @@ -284,8 +287,8 @@ mod test { assert!(result.is_ok()); } - #[test] - fn appraise_log() { + #[tokio::test] + async fn appraise_log() { use dice_verifier::{MeasurementSet, ReferenceMeasurements}; use rats_corim::Corim; @@ -299,6 +302,7 @@ mod test { let plat_attest = attest .attest(&instance_cfg, &qualifying_data) + .await .expect("VmInstanceRotMock get_cert_chain"); // construct a `VmInstanceConf` from test data From 89b0dc758a0de7050857609519875e83a52a9775 Mon Sep 17 00:00:00 2001 From: iximeow Date: Mon, 30 Mar 2026 23:40:43 +0000 Subject: [PATCH 7/9] one more dice-util crank turn --- Cargo.lock | 5 +++-- Cargo.toml | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b26832b..790abd0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ dependencies = [ [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=c008287fb6c62654094d9d145ba9d08d90dcf811#c008287fb6c62654094d9d145ba9d08d90dcf811" +source = "git+https://github.com/oxidecomputer/dice-util?rev=d7c69095ada89e6d26d26ef8eadc108ed486a110#d7c69095ada89e6d26d26ef8eadc108ed486a110" dependencies = [ "const-oid", "der", @@ -398,7 +398,7 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=c008287fb6c62654094d9d145ba9d08d90dcf811#c008287fb6c62654094d9d145ba9d08d90dcf811" +source = "git+https://github.com/oxidecomputer/dice-util?rev=d7c69095ada89e6d26d26ef8eadc108ed486a110#d7c69095ada89e6d26d26ef8eadc108ed486a110" dependencies = [ "async-trait", "attest-data", @@ -414,6 +414,7 @@ dependencies = [ "slog", "tempfile", "thiserror", + "tokio", "x509-cert", ] diff --git a/Cargo.toml b/Cargo.toml index fbd3625..0f39808 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,8 @@ test-data = [] [dependencies] # these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. -attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "c008287fb6c62654094d9d145ba9d08d90dcf811" } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "c008287fb6c62654094d9d145ba9d08d90dcf811", features = ["mock"] } +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "d7c69095ada89e6d26d26ef8eadc108ed486a110" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "d7c69095ada89e6d26d26ef8eadc108ed486a110", features = ["mock"] } const-oid = { version = "0.9.5", features = ["db"] } ed25519-dalek = { version = "2.1", default-features = false } From 2cdd17580a4fc6c871d24797016af8dbaac9421d Mon Sep 17 00:00:00 2001 From: iximeow Date: Wed, 1 Apr 2026 00:53:45 +0000 Subject: [PATCH 8/9] rev versions --- Cargo.lock | 4 ++-- Cargo.toml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 790abd0..82f4458 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,7 +81,7 @@ dependencies = [ [[package]] name = "attest-data" version = "0.5.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=d7c69095ada89e6d26d26ef8eadc108ed486a110#d7c69095ada89e6d26d26ef8eadc108ed486a110" +source = "git+https://github.com/oxidecomputer/dice-util?rev=1d3084b514389847e8e0f5d966d2be4f18d02d32#1d3084b514389847e8e0f5d966d2be4f18d02d32" dependencies = [ "const-oid", "der", @@ -398,7 +398,7 @@ dependencies = [ [[package]] name = "dice-verifier" version = "0.3.0-pre0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=d7c69095ada89e6d26d26ef8eadc108ed486a110#d7c69095ada89e6d26d26ef8eadc108ed486a110" +source = "git+https://github.com/oxidecomputer/dice-util?rev=1d3084b514389847e8e0f5d966d2be4f18d02d32#1d3084b514389847e8e0f5d966d2be4f18d02d32" dependencies = [ "async-trait", "attest-data", diff --git a/Cargo.toml b/Cargo.toml index 0f39808..16e3768 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,8 +10,8 @@ test-data = [] [dependencies] # these dependencies both come from the `dice-util` repo and should be pinned to the same git rev. -attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "d7c69095ada89e6d26d26ef8eadc108ed486a110" } -dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "d7c69095ada89e6d26d26ef8eadc108ed486a110", features = ["mock"] } +attest-data = { git = "https://github.com/oxidecomputer/dice-util", rev = "1d3084b514389847e8e0f5d966d2be4f18d02d32" } +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "1d3084b514389847e8e0f5d966d2be4f18d02d32", features = ["mock"] } const-oid = { version = "0.9.5", features = ["db"] } ed25519-dalek = { version = "2.1", default-features = false } From 2b643f81a952d09a28e804fd3d455f526b98f48f Mon Sep 17 00:00:00 2001 From: augustuswm Date: Mon, 13 Apr 2026 13:17:20 -0500 Subject: [PATCH 9/9] Adds project and silo metadata to attestation --- src/lib.rs | 2 ++ test-data/vm-instance-cfg.json | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index e54cb14..fe3ed2c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -121,6 +121,8 @@ pub struct MeasurementLog { #[derive(Clone, Debug, PartialEq, Serialize, Deserialize)] pub struct VmInstanceConf { pub uuid: Uuid, + pub project: Uuid, + pub silo: Uuid, #[serde(rename = "boot-digest")] pub boot_digest: Option, } diff --git a/test-data/vm-instance-cfg.json b/test-data/vm-instance-cfg.json index 0ac2fb9..ee9b16a 100644 --- a/test-data/vm-instance-cfg.json +++ b/test-data/vm-instance-cfg.json @@ -2,6 +2,8 @@ "//comment": "This structure / log is produced by the AttestMock that mocks", "//comment": "the behavior expected of the propolis process.", "uuid": "db5bf54c-48c5-4455-a1e1-6c7dfc26e351", + "project": "586bb54d-ee4b-465d-9701-b7b5d98f0945", + "silo": "23d10b56-9f45-4a7e-8f92-4af6cbbf2ed3", "image-digest": { "sha-256": "be4df4e085175f3de0c8ac4837e1c2c9a34e8983209dac6b549e94154f7cdd9c" }