[attestation] Verify client VM's DICE chain up to pvmfw payload This cl validates Client VM's DICE chain up to the pvmfw payload and parse the DICE chain payload to extract necessary fields required for attestation. Test: atest rialto_test Bug: 278717513 Change-Id: Ia60ed9a65fc5ef4ed5fdb6804403035fa9d7c00e

commit: d3a964074a0cc5c4121a83966442ff39d5d014fa [log] [tgz]
author: Alice Wang <aliceywang@google.com> Fri Nov 24 15:37:39 2023 +0000
committer: Alice Wang <aliceywang@google.com> Thu Nov 30 16:38:38 2023 +0000
tree: b504acfa6b14ec2b127b95848b55c1ca4a76c57b
parent: fe7c4aef9ac13755e133ac9ee15fa07594039e46 [diff] [blame]
diff --git a/service_vm/requests/src/cert.rs b/service_vm/requests/src/cert.rs
index 68ca382..2baca2a 100644
--- a/service_vm/requests/src/cert.rs
+++ b/service_vm/requests/src/cert.rs

@@ -49,6 +49,8 @@
 pub(crate) struct AttestationExtension<'a> {
     #[asn1(type = "OCTET STRING")]
     attestation_challenge: &'a [u8],
+    /// Indicates whether the VM is operating under a secure configuration.
+    is_vm_secure: bool,
 }
 
 impl<'a> AssociatedOid for AttestationExtension<'a> {
@@ -56,8 +58,8 @@
 }
 
 impl<'a> AttestationExtension<'a> {
-    pub(crate) fn new(challenge: &'a [u8]) -> Self {
-        Self { attestation_challenge: challenge }
+    pub(crate) fn new(attestation_challenge: &'a [u8], is_vm_secure: bool) -> Self {
+        Self { attestation_challenge, is_vm_secure }
     }
 }
commit	d3a964074a0cc5c4121a83966442ff39d5d014fa	[log] [tgz]
author	Alice Wang <aliceywang@google.com>	Fri Nov 24 15:37:39 2023 +0000
committer	Alice Wang <aliceywang@google.com>	Thu Nov 30 16:38:38 2023 +0000
tree	b504acfa6b14ec2b127b95848b55c1ca4a76c57b
parent	fe7c4aef9ac13755e133ac9ee15fa07594039e46 [diff] [blame]