blob: b65875033cc656e4a79c09e81bd4c0c2019d4a88 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
/*
* AWS nitro-enclave machine
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef HW_I386_NITRO_ENCLAVE_H
#define HW_I386_NITRO_ENCLAVE_H
#include "crypto/hash.h"
#include "hw/i386/microvm.h"
#include "qom/object.h"
#include "hw/virtio/virtio-nsm.h"
/* Machine type options */
#define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock"
#define NITRO_ENCLAVE_ID "id"
#define NITRO_ENCLAVE_PARENT_ROLE "parent-role"
#define NITRO_ENCLAVE_PARENT_ID "parent-id"
struct NitroEnclaveMachineClass {
MicrovmMachineClass parent;
void (*parent_init)(MachineState *state);
void (*parent_reset)(MachineState *machine, ResetType type);
};
struct NitroEnclaveMachineState {
MicrovmMachineState parent;
/* Machine type options */
char *vsock;
/* Enclave identifier */
char *id;
/* Parent instance IAM role ARN */
char *parent_role;
/* Parent instance identifier */
char *parent_id;
/* Machine state */
VirtIONSM *vnsm;
/* kernel + ramdisks + cmdline sha384 hash */
uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* kernel + boot ramdisk + cmdline sha384 hash */
uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* application ramdisk(s) hash */
uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* certificate fingerprint hash */
uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
bool signature_found;
};
#define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave")
OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass,
NITRO_ENCLAVE_MACHINE)
#endif
|
