feat(tee): AMD SEV-SNP supported VM image build scripts#388
Open
feat(tee): AMD SEV-SNP supported VM image build scripts#388
Conversation
kariy
force-pushed
the
tee/reproducible-builds
branch
2 times, most recently
from
73bd52a to
96ab475
Compare
kariy
force-pushed
the
tee/reproducible-builds
branch
from
96ab475 to
7f6d8e2
Compare
Enhancements to TEE VM image build scripts: - Fix init script bugs that caused kernel panic - Mount /proc before reading /proc/cmdline - Fix dbg() function to work with set -eu - Add error handling to mknod commands - Add network configuration to initrd - Include ip command in busybox symlinks - Configure eth0 with static IP (10.0.2.15) for QEMU user networking - Enable RPC access via QEMU port forwarding - Enhance measurement calculation script - Support both UEFI and direct kernel boot modes - Automatic fallback when SNP_KERNEL_HASHES not supported - Generate JSON manifest with measurement metadata - Add VM boot test script (test-vm-boot.sh) - Automated QEMU testing with timeout - Serial console monitoring for boot progress - Validates kernel boot, init, and Katana launch Tested: VM boots successfully, Katana RPC responds to requests 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Integrate VM image building into the CI/CD pipeline: - Add vm-image-build job after reproducible-build - Builds complete VM image using vm-image.Dockerfile - Extracts all components (disk, kernel, initrd, OVMF) - Calculates SEV-SNP measurement using sev-snp-measure - Generates structured manifest with all component hashes - Compresses disk image for distribution - Creates GitHub attestation for provenance - Outputs: - Bootable VM disk image (compressed) - Expected SEV-SNP measurement for attestation - Component manifest with SHA hashes - Individual components (kernel, initrd, OVMF) - Validates YAML syntax - Tested with local measurement calculation This enables automated, reproducible VM image builds for AMD SEV-SNP TEE deployment. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Technical documentation for the TEE VM image build pipeline: - Complete architecture overview - Detailed explanation of all build stages - Initrd structure and init script flow - Reproducibility measures and guarantees - CI/CD integration guide - Local build instructions - Testing procedures with QEMU - Security considerations - Troubleshooting guide - Performance metrics This provides developers and operators with complete understanding of the VM image build process for reproducible TEE deployments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Security Fix: The previous disk-based boot only measured OVMF firmware, leaving the kernel, initrd, and Katana binary unmeasured. This allowed post-attestation binary replacement attacks. Direct kernel boot solves this by having the hypervisor pass kernel, initrd, and cmdline directly to the AMD secure processor for measurement before boot, creating a complete chain of trust. Changes: - Remove disk image building from Dockerfile (stages 4-5) - Export only kernel, initrd, OVMF from final stage - Update CI workflow to build boot components instead of disk - Create boot components archive instead of disk image - Update manifest with direct kernel boot deployment info - Comprehensive documentation updates explaining security model - Add detailed troubleshooting for measurement tool limitations Security guarantee: All components (OVMF + kernel + initrd with Katana + cmdline) are measured by SEV-SNP at launch when using direct kernel boot on real hardware, preventing binary replacement attacks. Note: The sev-snp-measure tool cannot pre-calculate measurements without OVMF SNP_KERNEL_HASHES support, but real SEV-SNP hardware will perform full measurement via hypervisor interface. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Enable full attestation testing on SEV-SNP hardware by adding tools to verify the launch measurement matches the expected value. New Tools: - verify-attestation.sh: Calls tee_generateQuote RPC, extracts the launch measurement from the SEV-SNP attestation report (offset 0x90), and compares it with the expected measurement from the build - E2E_TESTING.md: Comprehensive guide for running attestation tests on actual SEV-SNP hardware, including QEMU launch parameters, attestation report structure documentation, and troubleshooting Test Flow: 1. Build boot components with reproducible build 2. Calculate expected measurement with sev-snp-measure 3. Launch VM with QEMU on SEV-SNP hardware (direct kernel boot) 4. Call tee_generateQuote to get attestation report 5. Extract measurement from report (AMD spec offset 0x90, 48 bytes) 6. Compare with expected measurement - must match exactly Security Guarantee: When measurements match, it cryptographically proves the running Katana instance was launched with the exact boot components from the reproducible build, preventing binary replacement attacks. The attestation report is signed by the AMD secure processor and includes both the launch measurement and blockchain state commitment (Poseidon hash of state_root and block_hash). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Pin OVMF to commit fbe0805b2091393406952e84724188f8c1941837 from AMD's OVMF fork (snp-latest branch) instead of using Ubuntu's packaged OVMF which lacks SEV-SNP specific features. Key changes: - Add ovmf-builder stage to compile from source - Pin to specific commit for reproducibility - Patch grub.sh to remove unavailable modules (linuxefi, sevsecret) - Include build-info.txt with commit hash for traceability Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
build-tee-components.sh runs both Dockerfiles in sequence: 1. reproducible.Dockerfile - builds katana binary 2. vm-image.Dockerfile - builds kernel, initrd, OVMF This avoids duplicating build steps while keeping both Dockerfiles independent and reusable. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Skip BaseTools tests in OVMF build (require 'python' symlink) - Extract components from initrd-builder stage instead of scratch - Use --target to build only needed stages Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace AmdSevX64.dsc with OvmfPkgX64.dsc to fix boot issues: - AmdSevX64 has embedded GRUB that expects SEV secrets for disk decryption - OvmfPkgX64 supports direct kernel boot via QemuKernelLoaderFsDxe - Kernel, initrd, and cmdline are included in SNP launch measurement Changes: - Build OvmfPkgX64.dsc with SMM_REQUIRE=FALSE, TPM_ENABLE=FALSE - Output ovmf_code.fd and ovmf_vars.fd for split pflash usage - Remove GRUB-related build dependencies (grub-efi, mtools, etc.) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- build.sh: Auto-build musl katana binary if --katana not provided - build.sh: Copy katana binary to output directory - build-qemu.sh: New script to build QEMU 10.2.0 from source - start-vm.sh: Simplified VM launcher without persistent storage - start-vm.sh: Document launch measurement inputs for attestation - README.md: Comprehensive documentation for all scripts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add CLI tools for working with AMD SEV-SNP attestation: - snp-digest: Calculate launch measurement digest - snp-report: Decode attestation reports - ovmf-metadata: Extract OVMF SEV metadata sections Also update README with documentation for start-vm.sh and measurement verification workflows. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
kariy
force-pushed
the
tee/reproducible-builds
branch
from
1d5dad5 to
652cf50
Compare
- Add tabled crate for pretty table output - Display attestation report in organized tables - Add --raw flag to preserve original verbose output - Show TCB version, platform info, and CPUID details in separate sections Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Install missing dependencies automatically via apt-get or pacman instead of just failing with an error message. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Pin OVMF commit (fbe0805b2091393406952e84724188f8c1941837) in build-config - Add environment normalization (TZ, LANG, LC_ALL) to build scripts - Require checksum verification for kernel, busybox, and modules packages - Add OVMF commit verification after checkout - Add --strict flag to build-musl.sh for vendored dependency enforcement - Add vendored dependencies detection for offline builds - Create verify-build.sh script to compare build artifacts - Export OVMF_COMMIT from build.sh and add reproducibility warnings Verified: two clean builds with same SOURCE_DATE_EPOCH produce identical checksums for all artifacts (OVMF.fd, vmlinuz, initrd.img, katana). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
kariy
changed the title
kariy
force-pushed
the
tee/reproducible-builds
branch
from
3fbb335 to
5a0c6c7
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #388 +/- ##
==========================================
- Coverage 73.32% 71.92% -1.41%
==========================================
Files 209 256 +47
Lines 23132 30086 +6954
==========================================
+ Hits 16961 21638 +4677
- Misses 6171 8448 +2277 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related #378
Reproducibility
The scripts takes into account all variables that may affect the build process for each component of the VM image. A
build-configfile that pins the exact version (as well as the checksum) of each required dependencies.The katana binary that is used in the VM image is a statically-linked version using the musl C standard library. We're not vendoring the cargo dependencies for now so there's a possibility that it may not be reproducible. Vendoring is important for hermetic builds and is considered the gold standard for reproducibility. So, we should tackle this in the future.