Documentation
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Deploying the Remote Attestation SDK

The remote attestation SDK is a set of software tools used to verify the trustworthiness status of remote devices. After being deployed, the SDK can implement security authentication on VM and other environments.

Deploying the Remote Attestation SDK

Perform the following steps to deploy the remote attestation SDK. Table 2 describes the software package versions and how to obtain them.

  1. Install the remote attestation library.
    yum install virtCCA_sdk virtCCA_sdk-devel
  2. Install the compilation dependencies.
    yum install tar cmake make git gcc gcc-c++ openssl-devel glib2-devel rsync patch
  3. Compile and install QCBOR.
    git clone https://github.com/laurencelundblade/QCBOR.git -b v1.2
cd QCBOR
make
make install
cd ..

    If git clone fails, run the following command to cancel SSL verification during the git clone process and try again.

    git config --global http.sslVerify false
  4. Compile and install t_cose.
    git clone https://github.com/laurencelundblade/t_cose.git -b v1.1.2
cd t_cose
cmake -S . -B build -DCRYPTO_PROVIDER=OpenSSL
cmake --build build
cmake --install build
cd ..

Obtaining the Measurement Baseline Value

  1. Generate the Device Tree Blob (DTB) binary file.
    1. Edit the XML configuration file of the cVM and add the following QEMU parameters for transparent transmission: 
      <qemu:arg value='-machine'/>
<qemu:arg value='dumpdtb=/path/to/dump.dtb'/>

      Among the preceding parameters, dumpdtb indicates the path where the DTB file is generated.

    2. Start the cVM. A DTB file is generated in the specified path. 
      virsh define <cvm.xml>
virsh start <cvm>

    3. Edit the XML configuration file of the cVM and delete the added QEMU transparent transmission parameter.
  2. Obtain the cVM measurement baseline value using gen_rim_ref. gen_rim_ref is included in the virtCCA_sdk software package.
    gen_rim_ref -f <firmware_path> -d <dtb_path> -v <vcpu_num> -s <sve_vector_length> -m <pmu_counter_num>
    Table 1 Parameter description

    Parameter

    Description

    dtb_path

    Device tree binary file of the cVM.

    vcpu_num

    Number of virtual CPUs configured for the cVM.

    firmware_path

    UEFI firmware path configured for the cVM.

    sve_vector_length

    Length of the SVE vector configured for the cVM. If this parameter is not transferred, the default value 0 is used.

    pmu_counter_num

    Number of PMUs configured for the cVM. If this parameter is not transferred, the default value 0 is used.

    The default hash algorithm is SHA256. To use SHA512, change the value of hash_algo in the gen_rim_ref source code to 1. The gen_rim_ref source code is located in virtCCA_sdk/attestation/rim_ref/.