Remote Attestation

You can leverage remote attestation to assess the runtime environment of cVMs by comparing measurement results with baseline values, verifying whether applications are running in a trusted cVM environment. This section describes how to deploy remote attestation components and use remote attestation.

Deploying the Remote Attestation SDK

Perform the following steps to deploy the remote attestation SDK. Table 2 describes the software package versions and how to obtain them.

Install the remote attestation library.

yum install virtCCA_sdk virtCCA_sdk-devel

Install the dependencies.

yum install tar cmake make git gcc gcc-c++ openssl-devel glib2-devel rsync patch

Compile and install QCBOR.
```
git clone https://github.com/laurencelundblade/QCBOR.git -b v1.2
cd QCBOR
make
make install
cd ..
```
If git clone fails, run the following command to cancel SSL verification during the git clone process and try again.
```
git config --global http.sslVerify false
```

Compile and install t_cose.

git clone https://github.com/laurencelundblade/t_cose.git -b v1.1.2
cd t_cose
cmake -S . -B build -DCRYPTO_PROVIDER=OpenSSL
cmake --build build
cmake --install build
cd ..

Obtaining the Measurement Baseline Value

Perform the following steps to obtain the baseline value for measuring cVMs.

Generate the Device Tree Blob (DTB) binary file.
1. Edit the XML configuration file of the cVM and add the following QEMU parameters for transparent transmission:
```
<qemu:arg value='-machine'/>
<qemu:arg value='dumpdtb=/path/to/dump.dtb'/>
```
  Among the preceding parameters, dumpdtb indicates the path where the DTB file is generated.
2. Start the cVM. A DTB file is generated in the specified path.
```
virsh define <cvm.xml>
virsh start <cvm>
```
3. Edit the XML configuration file of the cVM and delete the added QEMU transparent transmission parameter.
Obtain the cVM measurement baseline value using gen_rim_ref. gen_rim_ref is included in the virtCCA_sdk software package.
```
gen_rim_ref -f <firmware_path> -d <dtb_path> -v <vcpu_num> -s <sve_vector_length> -m <pmu_counter_num>
```
Where,
- dtb_path: DTB binary file of the cVM.
- vcpu_num: number of virtual CPUs configured for the cVM.
- firmware_path: UEFI firmware path configured for the cVM.
- sve_vector_length: length of the SVE vector configured for the cVM. If this parameter is not transferred, the default value 0 is used.
- pmu_counter_num: number of PMUs configured for the cVM. If this parameter is not transferred, the default value 0 is used.
The default hash algorithm is SHA256. To use SHA512, change the value of hash_algo in the gen_rim_ref source code to 1. The gen_rim_ref source code is located in virtCCA_sdk/attestation/rim_ref/.

Remote Attestation Demo

This demo provides simple reference code of the remote attestation process, which is used only to verify the remote attestation function. You can design your own remote attestation process based on the reference demo. Perform the following steps to compile, install, and run the remote attestation demo.

Compile the reference code for obtaining and verifying remote attestation reports.
```
git clone https://gitee.com/openeuler/virtCCA_sdk.git -b 0.1.17
cd virtCCA_sdk/attestation/samples
cmake -S . -B build
cmake --build build
cd -
```
After the compilation is successful, the client and server executable files are generated in the virtCCA_sdk/attestation/samples/build directory.
- The server (binary) contains the code for invoking the remote attestation library to obtain remote attestation reports.
- The client (binary) contains the report parsing and verification code, which is for reference only.
The server and client use TCP to transmit data. For security purposes, RATS-TLS is recommended.
Start the cVM by following instructions in Starting a VM. Then deploy the server to any directory of the cVM.
Start the server in the cVM.
```
./server -i <ip> -p <port> 
```
Where,
- Optional: ip: server IP address. It is a local loopback address by default.
- Optional: port: server port. The default value is 7220.

Initiate a remote attestation request from the client.

./client -i <ip> -p <port> -m <measurement> [-e] -f </path/image_reference_measurement.json> -P </path/software_components.json>

Optional: ip: IP address of the server to be connected. It is a local loopback address by default.
Optional: port: port of the server to be connected. The default value is 7220.
measurement: initial measurement base value of the cVM.
Optional: -e: prints the ACPI table and event logs of the cVM. (UEFI ONLY)

image_reference_measurement.json: contains the hash value of each component in the QCOW2 image, which is used to verify the integrity of each component. The JSON file is generated in Creating a QCOW2 Image for a cVM.

software_components.json: verifies each underlying component involved in the platform_token. This file is contained in the BIOS version package.

Example:

{
    "header": {
        "timestamp": "2025-01-14",
        "copyright": "Copyright (c) Huawei Technologies Co., Ltd. 2025. All rights reserved.",
        "version": "2.0",
        "description": "Platform reference values for CCA token verification"
    },
    "hostBios": [
        {
            "biosVersion": "21.21.0",
            "biosVendor": "Huawei Corp.",
            "pcrs": [
                {
                    "pcrIndex": "0",
                    "description": "BIOS",
                    "sha256": "fa4caa9e3c17efbf3aa9d40a5316dd31cae54cdbee74bb1df666e0ce8d5c82e2"
                },
                {
                    "pcrIndex": "0", 
                    "description": "BIOS",
                    "sm3": "6c9bbf28432f525519aadfc1d635e96980e66b1d7aa5b67cbdb0acb6ab014fd2"
                }
            ],
            "measure_value": [
                {
                    "firware_name": "ipu",
                    "measurement": "1d018904e20291089280073eb1abcbedbff9334f916ba725daa8474d524ee1c0",
                    "firware_version": "21.21.0",
                    "hash_algorithm": "sha256"
                },
                {
                    "firware_name": "imu",
                    "measurement": "a7311708162e6336cf765527345953e54fb18d7ee0960ca34465404e21ebf288",
                    "firware_version": "21.21.0",
                    "hash_algorithm": "sha256"
                },
                {
                    "firware_name": "imf_ap",
                    "measurement": "4de464130279547206a15ee2f7ecc1357daecf5e24091fc0a08dab28e0c4bf2f",
                    "firware_version": "21.21.0",
                    "hash_algorithm": "sha256"
                },
                {
                    "firware_name": "tf_bl2",
                    "measurement": "b32c4018835b6c637f7841526adf2b6f2c5589f38872f11a9acd3a07bb30e96c",
                    "firware_version": "21.21.0",
                    "hash_algorithm": "sha256"
                },
                {
                    "firware_name": "uefi",
                    "measurement": "afe614b7be8ad6e0aceb9c0a2d3d2ebfa13bfb0bafd72f8522c3674945b62b17",
                    "firware_version": "21.21.0",
                    "hash_algorithm": "sha256"
                },
                {
                    "firware_name": "tee",
                    "measurement": "c96ce76d3a6953ba7fa476bbe6ffef3a5d0881753bf63bc63d19a8ebaa2c8fc2",
                    "firware_version": "1.27",
                    "hash_algorithm": "sha256"
                }
            ]
        }
    ]
}

The following figure shows the successful signature verification of the remote attestation report on the client:

RATS-TLS Adaptation Demo

RATS-TLS is a bidirectional Transport Layer Security protocol that supports heterogeneous hardware execution environments. The TEE Kit adapts to RATS-TLS and provides a simple demo for verifying the bidirectional verification function of RATS-TLS. You can develop your own remote attestation application based on the reference demo.

Install the RATS-TLS compilation dependency.

git clone https://github.com/PJK/libcbor.git
cd libcbor
cmake -S . -B build
cmake --build build
cmake --install build
cd -

Prepare the RATS-TLS source code and apply the RATS-TLS patch that supports the TEE Kit based on the specified commit point.
```
git clone https://github.com/inclavare-containers/rats-tls.git
cd rats-tls
git reset --hard 40f7b78403d75d13b1a372c769b2600f62b02692
git apply ../virtCCA_sdk/attestation/rats-tls/*.patch
```
The RATS-TLS source code directory must be at the same level as the virtCCA_sdk source code directory.
Compile the RATS-TLS sample code and dependency library.
```
bash build.sh -s -r -c -v gcc
```
Check whether a software package is generated in the bin directory.
Deploy the remote attestation server. Copy the compiled rats-tls.tar.gz package to the cVM, decompress the package, and copy it to the system directory.
```
tar xvf rats-tls.tar.gz
cp -rf lib/rats-tls /usr/lib/
cp -rfL lib/rats-tls/librats_tls.so.0 /lib64/
```
Start the RATS-TLS server demo.
```
./virtcca-server -i <ip>
```
The optional parameters are the same as those in the original RATS-TLS sample. You can run the following command to view these optional parameters.
```
./virtcca-server -h
```
Deploy the RATS-TLS library on the remote attestation client by following instructions in 4. Then start the RATS-TLS client demo.
```
./virtcca-client -i <ip> -r <measurement> -f </path/image_reference_measurement.json>
```
Where,
- Optional: ip: server IP address. It is a local loopback address by default.
- measurement: measurement base value of cVMs. For details, see Obtaining the Measurement Baseline Value.
- image_reference_measurement.json: verifies the hash value of each component in the QCOW2 image. This file is image_reference_measurement.json generated in Creating a QCOW2 Image for a cVM.

Parent topic: Feature Usage