commit 4e3015daaefaac4adbc7b1b2c0d02e3a1556e79c
author Alice Wang <aliceywang@google.com> Tue Oct 10 09:35:37 2023 +0000
committer Alice Wang <aliceywang@google.com> Wed Nov 08 08:54:39 2023 +0000
tree 4a0859e91c9f4c361851b1cea2484cdbb3b65bea
parent 180a7c2907687029b85144a2b34a0860a5495815

[client-vm] Build client VM CSR and sign the CSR with two keys

This cl builds the CSR that a client VM sends to the RKP VM for
remote attestation and adjusted the API accordingly as discussed
in the doc go/pvm-remote-attestation

The CSR payload is signed with both the CDI_Leaf_Priv of the
client VM's DICE chain and the attestation key. RKP VM should
verify the signature later with the CDI_Leaf_Pub extracted
from the same DICE chain in the CSR and the attestation public
key.

The new unit tests are added to config at cl/577763874.

Bug: 303807447
Test: run ServiceVmClientTestApp
Test: atest libservice_vm_comm.test
Test: atest microdroid_manager_test
Change-Id: Ic2c09e7339d9981edda028e2694fa551c911a274

vm_payload/src/lib.rs

diff --git a/vm_payload/src/lib.rs b/vm_payload/src/lib.rs
index 4d059d1..e305769 100644
--- a/vm_payload/src/lib.rs
+++ b/vm_payload/src/lib.rs
@@ -17,7 +17,9 @@
 mod api;
 
 pub use api::{
-    AVmPayload_getCertificate, AVmPayload_getDiceAttestationCdi,
-    AVmPayload_getDiceAttestationChain, AVmPayload_getVmInstanceSecret,
-    AVmPayload_notifyPayloadReady,
+    AVmAttestationResult_free, AVmAttestationResult_getCertificateAt,
+    AVmAttestationResult_getCertificatesCount, AVmAttestationResult_getPrivateKey,
+    AVmAttestationResult_resultToString, AVmAttestationResult_sign,
+    AVmPayload_getDiceAttestationCdi, AVmPayload_getDiceAttestationChain,
+    AVmPayload_getVmInstanceSecret, AVmPayload_notifyPayloadReady, AVmPayload_requestAttestation,
 };