1 /* 2 * AWS nitro-enclave machine 3 * 4 * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or 7 * (at your option) any later version. See the COPYING file in the 8 * top-level directory. 9 */ 10 11 #ifndef HW_I386_NITRO_ENCLAVE_H 12 #define HW_I386_NITRO_ENCLAVE_H 13 14 #include "crypto/hash.h" 15 #include "hw/i386/microvm.h" 16 #include "qom/object.h" 17 #include "hw/virtio/virtio-nsm.h" 18 19 /* Machine type options */ 20 #define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock" 21 #define NITRO_ENCLAVE_ID "id" 22 #define NITRO_ENCLAVE_PARENT_ROLE "parent-role" 23 #define NITRO_ENCLAVE_PARENT_ID "parent-id" 24 25 struct NitroEnclaveMachineClass { 26 MicrovmMachineClass parent; 27 28 void (*parent_init)(MachineState *state); 29 void (*parent_reset)(MachineState *machine, ResetType type); 30 }; 31 32 struct NitroEnclaveMachineState { 33 MicrovmMachineState parent; 34 35 /* Machine type options */ 36 char *vsock; 37 /* Enclave identifier */ 38 char *id; 39 /* Parent instance IAM role ARN */ 40 char *parent_role; 41 /* Parent instance identifier */ 42 char *parent_id; 43 44 /* Machine state */ 45 VirtIONSM *vnsm; 46 47 /* kernel + ramdisks + cmdline sha384 hash */ 48 uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 49 /* kernel + boot ramdisk + cmdline sha384 hash */ 50 uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 51 /* application ramdisk(s) hash */ 52 uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 53 /* certificate fingerprint hash */ 54 uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 55 bool signature_found; 56 }; 57 58 #define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave") 59 OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass, 60 NITRO_ENCLAVE_MACHINE) 61 62 #endif 63