tdx-verifier: add OVMF kernel params and initrd to tdx.ccel claims

Add all of the Tdvf* MeasuredEntity results to the TDX claims under ccel. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Feb 6, 2025 · 522d517 · 522d517
1 parent fe96b5b
commit 522d517
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/deps/verifier/src/tdx/claims.rs b/deps/verifier/src/tdx/claims.rs
@@ -232,6 +232,32 @@ fn parse_ccel(ccel: CcEventLog, ccel_map: &mut Map<String, Value>) -> Result<()>
         }
     }
 
+    // Digest of kernel cmdline using TDVF
+    match ccel.query_digest(MeasuredEntity::TdvfKernelParams) {
+        Some(cmdline_digest) => {
+            ccel_map.insert(
+                "cmdline".to_string(),
+                serde_json::Value::String(cmdline_digest),
+            );
+        }
+        _ => {
+            warn!("No tdvf kernel cmdline hash in CCEL");
+        }
+    }
+
+    // Digest of initrd using TDVF
+    match ccel.query_digest(MeasuredEntity::TdvfInitrd) {
+        Some(initrd_digest) => {
+            ccel_map.insert(
+                "initrd".to_string(),
+                serde_json::Value::String(initrd_digest),
+            );
+        }
+        _ => {
+            warn!("No tdvf initrd hash in CCEL");
+        }
+    }
+
     // Map of Kernel Parameters
     match ccel.query_event_data(MeasuredEntity::TdShimKernelParams) {
         Some(config_info) => {
@@ -245,7 +271,7 @@ fn parse_ccel(ccel: CcEventLog, ccel_map: &mut Map<String, Value>) -> Result<()>
             );
         }
         _ => {
-            warn!("No kernel parameters in CCEL");
+            warn!("No td-shim kernel parameters in CCEL");
         }
     }