Modify Makefile for Azure, refactor code in main.rs

agokarn · agokarn · commit ca0755793145 · 2025-11-20T04:28:57.000Z
Revert changes to do_measurements

Refactor

	modified:   sh_script/Azure/Makefile
	modified:   sh_script/fuzzing.sh
	modified:   src/migtd/src/bin/migtd/main.rs

Add formatting.

	modified:   sh_script/Azure/Makefile
	modified:   sh_script/fuzzing.sh
	modified:   src/migtd/src/bin/migtd/main.rs

Increase timeout for build_AzCVMEmu_policy_and_test.sh to complete.

	modified:   .github/workflows/integration-emu.yml
	modified:   sh_script/Azure/Makefile
	modified:   sh_script/fuzzing.sh
	modified:   src/migtd/src/bin/migtd/main.rs
diff --git a/.github/workflows/integration-emu.yml b/.github/workflows/integration-emu.yml
@@ -241,7 +241,7 @@ jobs:
           
           # Run the script with timeout
           set +e
-          timeout 600 ./sh_script/build_AzCVMEmu_policy_and_test.sh --mock-report
+          timeout 900 ./sh_script/build_AzCVMEmu_policy_and_test.sh --mock-report
           EXIT_CODE=$?
           set -e
           
diff --git a/sh_script/Azure/Makefile b/sh_script/Azure/Makefile
@@ -15,14 +15,16 @@ IGVM_MANIFEST ?= config/Azure/servtd_info.json
 .PHONY: pre-build build-igvm generate-hash build-igvm-all
 .PHONY: build-igvm-reject build-igvm-reject-all
 .PHONY: generate-hash-verbose generate-hash-accept-verbose
+.PHONY: build-igvm-get-quote build-igvm-get-quote-all generate-hash-get-quote
 
 .DEFAULT_GOAL := build-igvm-all
 
 help:
 	@echo "Available targets:"
 	@echo "  build-igvm-all                  - Build IGVM"
 	@echo "  build-igvm-accept-all           - Build IGVM with disabled RA and accept all policy with TLS"
-	@echo "  build-igvm-reject               - Build IGVM with v1 policy which will be rejected because on empty quote generation."
+	@echo "  build-igvm-reject-all           - Build IGVM with v1 policy which will be rejected because on empty quote generation."
+	@echo "  build-igvm-get-quote-all        - Build IGVM with v2 policy which will call getquote durining initialization."
 
 pre-build:
 	@if ! command -v rustc >/dev/null 2>&1 || ! rustc --version | grep -q "1.83.0"; then \
@@ -43,28 +45,45 @@ pre-build:
 	cd ../../ && ./sh_script/preparation.sh
 
 build-igvm-accept:
-	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_DISABLE_RA_AND_ACCEPT_ALL) --log-level $(LOG_LEVEL) --image-format igvm --output $(IGVM_FILE) --debug
+	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_DISABLE_RA_AND_ACCEPT_ALL) \
+	--log-level $(LOG_LEVEL) --image-format igvm --output $(IGVM_FILE) --debug
 
 generate-hash-accept:
-	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --test-disable-ra-and-accept-all --manifest $(IGVM_MANIFEST)
+	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --test-disable-ra-and-accept-all \
+	--manifest $(IGVM_MANIFEST)
 
 generate-hash-accept-verbose:
-	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --test-disable-ra-and-accept-all --verbose
+	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --test-disable-ra-and-accept-all \
+	--verbose
 
 build-igvm-accept-all: pre-build build-igvm-accept generate-hash-accept
 
 generate-hash:
 	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --manifest $(IGVM_MANIFEST)
 
 build-igvm:
-	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level $(LOG_LEVEL) --image-format igvm --output $(IGVM_FILE)
+	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level $(LOG_LEVEL) \
+	--image-format igvm --output $(IGVM_FILE)
 
 build-igvm-all: pre-build build-igvm generate-hash
 
 build-igvm-reject:
-	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level debug --image-format igvm --output $(IGVM_FILE) --debug
+	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level $(LOG_LEVEL) \
+	--image-format igvm --output $(IGVM_FILE) --debug
 
 build-igvm-reject-all: pre-build build-igvm-reject generate-hash
 
 generate-hash-verbose:
-	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --verbose --manifest $(IGVM_MANIFEST)
+	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --verbose --manifest $(IGVM_MANIFEST)
+
+build-igvm-get-quote:
+	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level $(LOG_LEVEL) \
+	--image-format igvm --output $(IGVM_FILE) --debug \
+	--policy-v2 --policy config/templates/policy_v2_signed.json \
+	--policy-issuer-chain config/templates/policy_issuer_chain.pem \
+	--root-ca config/Intel_SGX_Provisioning_Certification_RootCA_preproduction.cer
+
+generate-hash-get-quote:
+	cd ../../ &&  cargo run -p migtd-hash -- --image $(IGVM_FILE) --manifest $(IGVM_MANIFEST) --policy-v2
+
+build-igvm-get-quote-all: pre-build build-igvm-get-quote generate-hash-get-quote
diff --git a/sh_script/fuzzing.sh b/sh_script/fuzzing.sh
diff --git a/src/migtd/src/bin/migtd/main.rs b/src/migtd/src/bin/migtd/main.rs
@@ -139,6 +139,7 @@ fn basic_info() {
     info!("MigTD Version - {}\n", MIGTD_VERSION);
 }
 
+#[cfg(not(feature = "policy_v2"))]
 fn do_measurements() {
     // Get the event log recorded by firmware
     let event_log = event_log::get_event_log_mut().expect("Failed to get the event log");
@@ -147,18 +148,29 @@ fn do_measurements() {
         measure_test_feature(event_log);
         return;
     }
-
-    #[cfg(feature = "policy_v2")]
-    get_policy_issuer_chain_and_measure(event_log);
-
     // Get migration td policy from CFV and measure it into RMTR
     get_policy_and_measure(event_log);
 
     // Get root certificate from CFV and measure it into RMTR
-    #[cfg(not(feature = "policy_v2"))]
     get_ca_and_measure(event_log);
 }
 
+#[cfg(feature = "policy_v2")]
+fn do_measurements() {
+    // Get the event log recorded by firmware
+    let event_log = event_log::get_event_log_mut().expect("Failed to get the event log");
+
+    if cfg!(feature = "test_disable_ra_and_accept_all") {
+        measure_test_feature(event_log);
+        return;
+    }
+
+    get_policy_issuer_chain_and_measure(event_log);
+
+    // Get migration td policy from CFV and measure it into RMTR
+    get_policy_and_measure(event_log);
+}
+
 fn measure_test_feature(event_log: &mut [u8]) {
     // Measure and extend the migtd test feature to RTMR
     event_log::write_tagged_event_log(
@@ -171,19 +183,33 @@ fn measure_test_feature(event_log: &mut [u8]) {
     .expect("Failed to log migtd test feature");
 }
 
+#[cfg(not(feature = "policy_v2"))]
+fn get_policy_and_measure(event_log: &mut [u8]) {
+    // Read migration policy from CFV
+    let policy = config::get_policy().expect("Fail to get policy from CFV\n");
+
+    let event_data = policy;
+
+    // Measure and extend the migration policy to RTMR
+    event_log::write_tagged_event_log(
+        event_log,
+        MR_INDEX_POLICY,
+        policy,
+        TAGGED_EVENT_ID_POLICY,
+        event_data,
+    )
+    .expect("Failed to log migration policy");
+}
+
+#[cfg(feature = "policy_v2")]
 fn get_policy_and_measure(event_log: &mut [u8]) {
     // Read migration policy from CFV
     let policy = config::get_policy().expect("Fail to get policy from CFV\n");
 
-    #[cfg(feature = "policy_v2")]
     let version = initialize_policy();
 
-    #[cfg(feature = "policy_v2")]
     let event_data = version.as_bytes();
 
-    #[cfg(not(feature = "policy_v2"))]
-    let event_data = policy;
-
     // Measure and extend the migration policy to RTMR
     event_log::write_tagged_event_log(
         event_log,
