1*f1826463SDorjoy Chowdhury /* 2*f1826463SDorjoy Chowdhury * AWS nitro-enclave machine 3*f1826463SDorjoy Chowdhury * 4*f1826463SDorjoy Chowdhury * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com> 5*f1826463SDorjoy Chowdhury * 6*f1826463SDorjoy Chowdhury * This work is licensed under the terms of the GNU GPL, version 2 or 7*f1826463SDorjoy Chowdhury * (at your option) any later version. See the COPYING file in the 8*f1826463SDorjoy Chowdhury * top-level directory. 9*f1826463SDorjoy Chowdhury */ 10*f1826463SDorjoy Chowdhury 11*f1826463SDorjoy Chowdhury #ifndef HW_I386_NITRO_ENCLAVE_H 12*f1826463SDorjoy Chowdhury #define HW_I386_NITRO_ENCLAVE_H 13*f1826463SDorjoy Chowdhury 14*f1826463SDorjoy Chowdhury #include "crypto/hash.h" 15*f1826463SDorjoy Chowdhury #include "hw/i386/microvm.h" 16*f1826463SDorjoy Chowdhury #include "qom/object.h" 17*f1826463SDorjoy Chowdhury #include "hw/virtio/virtio-nsm.h" 18*f1826463SDorjoy Chowdhury 19*f1826463SDorjoy Chowdhury /* Machine type options */ 20*f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock" 21*f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_ID "id" 22*f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_PARENT_ROLE "parent-role" 23*f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_PARENT_ID "parent-id" 24*f1826463SDorjoy Chowdhury 25*f1826463SDorjoy Chowdhury struct NitroEnclaveMachineClass { 26*f1826463SDorjoy Chowdhury MicrovmMachineClass parent; 27*f1826463SDorjoy Chowdhury 28*f1826463SDorjoy Chowdhury void (*parent_init)(MachineState *state); 29*f1826463SDorjoy Chowdhury void (*parent_reset)(MachineState *machine, ResetType type); 30*f1826463SDorjoy Chowdhury }; 31*f1826463SDorjoy Chowdhury 32*f1826463SDorjoy Chowdhury struct NitroEnclaveMachineState { 33*f1826463SDorjoy Chowdhury MicrovmMachineState parent; 34*f1826463SDorjoy Chowdhury 35*f1826463SDorjoy Chowdhury /* Machine type options */ 36*f1826463SDorjoy Chowdhury char *vsock; 37*f1826463SDorjoy Chowdhury /* Enclave identifier */ 38*f1826463SDorjoy Chowdhury char *id; 39*f1826463SDorjoy Chowdhury /* Parent instance IAM role ARN */ 40*f1826463SDorjoy Chowdhury char *parent_role; 41*f1826463SDorjoy Chowdhury /* Parent instance identifier */ 42*f1826463SDorjoy Chowdhury char *parent_id; 43*f1826463SDorjoy Chowdhury 44*f1826463SDorjoy Chowdhury /* Machine state */ 45*f1826463SDorjoy Chowdhury VirtIONSM *vnsm; 46*f1826463SDorjoy Chowdhury 47*f1826463SDorjoy Chowdhury /* kernel + ramdisks + cmdline sha384 hash */ 48*f1826463SDorjoy Chowdhury uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 49*f1826463SDorjoy Chowdhury /* kernel + boot ramdisk + cmdline sha384 hash */ 50*f1826463SDorjoy Chowdhury uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 51*f1826463SDorjoy Chowdhury /* application ramdisk(s) hash */ 52*f1826463SDorjoy Chowdhury uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 53*f1826463SDorjoy Chowdhury /* certificate fingerprint hash */ 54*f1826463SDorjoy Chowdhury uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 55*f1826463SDorjoy Chowdhury bool signature_found; 56*f1826463SDorjoy Chowdhury }; 57*f1826463SDorjoy Chowdhury 58*f1826463SDorjoy Chowdhury #define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave") 59*f1826463SDorjoy Chowdhury OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass, 60*f1826463SDorjoy Chowdhury NITRO_ENCLAVE_MACHINE) 61*f1826463SDorjoy Chowdhury 62*f1826463SDorjoy Chowdhury #endif 63