include/hw/i386/nitro_enclave.h - qemu - Git at Google

 /*
  * AWS nitro-enclave machine
  *
  * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or
  * (at your option) any later version.  See the COPYING file in the
  * top-level directory.
  */

 #ifndef HW_I386_NITRO_ENCLAVE_H
 #define HW_I386_NITRO_ENCLAVE_H

 #include "crypto/hash.h"
 #include "hw/i386/microvm.h"
 #include "qom/object.h"
 #include "hw/virtio/virtio-nsm.h"

 /* Machine type options */
 #define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock"
 #define NITRO_ENCLAVE_ID    "id"
 #define NITRO_ENCLAVE_PARENT_ROLE "parent-role"
 #define NITRO_ENCLAVE_PARENT_ID "parent-id"

 struct NitroEnclaveMachineClass {
     MicrovmMachineClass parent;

     void (*parent_init)(MachineState *state);
     void (*parent_reset)(MachineState *machine, ResetType type);
 };

 struct NitroEnclaveMachineState {
     MicrovmMachineState parent;

     /* Machine type options */
     char *vsock;
     /* Enclave identifier */
     char *id;
     /* Parent instance IAM role ARN */
     char *parent_role;
     /* Parent instance identifier */
     char *parent_id;

     /* Machine state */
     VirtIONSM *vnsm;

     /* kernel + ramdisks + cmdline sha384 hash */
     uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
     /* kernel + boot ramdisk + cmdline sha384 hash */
     uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
     /* application ramdisk(s) hash */
     uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
     /* certificate fingerprint hash */
     uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
     bool signature_found;
 };

 #define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave")
 OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass,
                     NITRO_ENCLAVE_MACHINE)

 #endif
	/*
	* AWS nitro-enclave machine
	*
	* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
	*
	* This work is licensed under the terms of the GNU GPL, version 2 or
	* (at your option) any later version. See the COPYING file in the
	* top-level directory.
	*/

	#ifndef HW_I386_NITRO_ENCLAVE_H
	#define HW_I386_NITRO_ENCLAVE_H

	#include "crypto/hash.h"
	#include "hw/i386/microvm.h"
	#include "qom/object.h"
	#include "hw/virtio/virtio-nsm.h"

	/* Machine type options */
	#define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock"
	#define NITRO_ENCLAVE_ID "id"
	#define NITRO_ENCLAVE_PARENT_ROLE "parent-role"
	#define NITRO_ENCLAVE_PARENT_ID "parent-id"

	struct NitroEnclaveMachineClass {
	MicrovmMachineClass parent;

	void (parent_init)(MachineState state);
	void (parent_reset)(MachineState machine, ResetType type);
	};

	struct NitroEnclaveMachineState {
	MicrovmMachineState parent;

	/* Machine type options */
	char *vsock;
	/* Enclave identifier */
	char *id;
	/* Parent instance IAM role ARN */
	char *parent_role;
	/* Parent instance identifier */
	char *parent_id;

	/* Machine state */
	VirtIONSM *vnsm;

	/* kernel + ramdisks + cmdline sha384 hash */
	uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
	/* kernel + boot ramdisk + cmdline sha384 hash */
	uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
	/* application ramdisk(s) hash */
	uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
	/* certificate fingerprint hash */
	uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
	bool signature_found;
	};

	#define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave")
	OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass,
	NITRO_ENCLAVE_MACHINE)

	#endif