xref: /openbmc/qemu/include/hw/i386/nitro_enclave.h (revision f1d73a0e1125b7061a41f016b1dc044da9039876)
1 /*
2  * AWS nitro-enclave machine
3  *
4  * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or
7  * (at your option) any later version.  See the COPYING file in the
8  * top-level directory.
9  */
10 
11 #ifndef HW_I386_NITRO_ENCLAVE_H
12 #define HW_I386_NITRO_ENCLAVE_H
13 
14 #include "crypto/hash.h"
15 #include "hw/i386/microvm.h"
16 #include "qom/object.h"
17 #include "hw/virtio/virtio-nsm.h"
18 
19 /* Machine type options */
20 #define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock"
21 #define NITRO_ENCLAVE_ID    "id"
22 #define NITRO_ENCLAVE_PARENT_ROLE "parent-role"
23 #define NITRO_ENCLAVE_PARENT_ID "parent-id"
24 
25 struct NitroEnclaveMachineClass {
26     MicrovmMachineClass parent;
27 
28     void (*parent_init)(MachineState *state);
29     void (*parent_reset)(MachineState *machine, ResetType type);
30 };
31 
32 struct NitroEnclaveMachineState {
33     MicrovmMachineState parent;
34 
35     /* Machine type options */
36     char *vsock;
37     /* Enclave identifier */
38     char *id;
39     /* Parent instance IAM role ARN */
40     char *parent_role;
41     /* Parent instance identifier */
42     char *parent_id;
43 
44     /* Machine state */
45     VirtIONSM *vnsm;
46 
47     /* kernel + ramdisks + cmdline sha384 hash */
48     uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
49     /* kernel + boot ramdisk + cmdline sha384 hash */
50     uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
51     /* application ramdisk(s) hash */
52     uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
53     /* certificate fingerprint hash */
54     uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
55     bool signature_found;
56 };
57 
58 #define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave")
59 OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass,
60                     NITRO_ENCLAVE_MACHINE)
61 
62 #endif
63