tdx-verifier: add OVMF kernel params and initrd to tdx.ccel claims

Add all of the Tdvf* MeasuredEntity results to the TDX claims under ccel. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Jan 23, 2025 · ebeefa9 · ebeefa9
1 parent fa9ed4d
commit ebeefa9
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/deps/verifier/src/tdx/claims.rs b/deps/verifier/src/tdx/claims.rs
@@ -220,6 +220,32 @@ fn parse_ccel(ccel: CcEventLog, ccel_map: &mut Map<String, Value>) -> Result<()>
         }
     }
 
+    // Digest of kernel cmdline using TDVF
+    match ccel.query_digest(MeasuredEntity::TdvfKernelParams) {
+        Some(cmdline_digest) => {
+            ccel_map.insert(
+                "cmdline".to_string(),
+                serde_json::Value::String(cmdline_digest),
+            );
+        }
+        _ => {
+            warn!("No tdvf kernel cmdline hash in CCEL");
+        }
+    }
+
+    // Digest of initrd using TDVF
+    match ccel.query_digest(MeasuredEntity::TdvfInitrd) {
+        Some(initrd_digest) => {
+            ccel_map.insert(
+                "initrd".to_string(),
+                serde_json::Value::String(initrd_digest),
+            );
+        }
+        _ => {
+            warn!("No tdvf initrd hash in CCEL");
+        }
+    }
+
     // Map of Kernel Parameters
     match ccel.query_event_data(MeasuredEntity::TdShimKernelParams) {
         Some(config_info) => {