1f1826463SDorjoy Chowdhury /* 2f1826463SDorjoy Chowdhury * AWS nitro-enclave machine 3f1826463SDorjoy Chowdhury * 4f1826463SDorjoy Chowdhury * Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com> 5f1826463SDorjoy Chowdhury * 6f1826463SDorjoy Chowdhury * This work is licensed under the terms of the GNU GPL, version 2 or 7f1826463SDorjoy Chowdhury * (at your option) any later version. See the COPYING file in the 8f1826463SDorjoy Chowdhury * top-level directory. 9f1826463SDorjoy Chowdhury */ 10f1826463SDorjoy Chowdhury 11f1826463SDorjoy Chowdhury #ifndef HW_I386_NITRO_ENCLAVE_H 12f1826463SDorjoy Chowdhury #define HW_I386_NITRO_ENCLAVE_H 13f1826463SDorjoy Chowdhury 14f1826463SDorjoy Chowdhury #include "crypto/hash.h" 15f1826463SDorjoy Chowdhury #include "hw/i386/microvm.h" 16f1826463SDorjoy Chowdhury #include "qom/object.h" 17f1826463SDorjoy Chowdhury #include "hw/virtio/virtio-nsm.h" 18f1826463SDorjoy Chowdhury 19f1826463SDorjoy Chowdhury /* Machine type options */ 20f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock" 21f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_ID "id" 22f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_PARENT_ROLE "parent-role" 23f1826463SDorjoy Chowdhury #define NITRO_ENCLAVE_PARENT_ID "parent-id" 24f1826463SDorjoy Chowdhury 25f1826463SDorjoy Chowdhury struct NitroEnclaveMachineClass { 26f1826463SDorjoy Chowdhury MicrovmMachineClass parent; 27f1826463SDorjoy Chowdhury 28f1826463SDorjoy Chowdhury void (*parent_init)(MachineState *state); 29f1826463SDorjoy Chowdhury void (*parent_reset)(MachineState *machine, ResetType type); 30f1826463SDorjoy Chowdhury }; 31f1826463SDorjoy Chowdhury 32f1826463SDorjoy Chowdhury struct NitroEnclaveMachineState { 33f1826463SDorjoy Chowdhury MicrovmMachineState parent; 34f1826463SDorjoy Chowdhury 35f1826463SDorjoy Chowdhury /* Machine type options */ 36f1826463SDorjoy Chowdhury char *vsock; 37f1826463SDorjoy Chowdhury /* Enclave identifier */ 38f1826463SDorjoy Chowdhury char *id; 39f1826463SDorjoy Chowdhury /* Parent instance IAM role ARN */ 40f1826463SDorjoy Chowdhury char *parent_role; 41f1826463SDorjoy Chowdhury /* Parent instance identifier */ 42f1826463SDorjoy Chowdhury char *parent_id; 43f1826463SDorjoy Chowdhury 44f1826463SDorjoy Chowdhury /* Machine state */ 45f1826463SDorjoy Chowdhury VirtIONSM *vnsm; 46f1826463SDorjoy Chowdhury 47*5b86ddd8SDorjoy Chowdhury /* kernel + ramdisks + cmdline SHA384 hash */ 48*5b86ddd8SDorjoy Chowdhury uint8_t image_hash[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 49*5b86ddd8SDorjoy Chowdhury /* kernel + boot ramdisk + cmdline SHA384 hash */ 50*5b86ddd8SDorjoy Chowdhury uint8_t bootstrap_hash[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 51*5b86ddd8SDorjoy Chowdhury /* application ramdisk(s) SHA384 hash */ 52*5b86ddd8SDorjoy Chowdhury uint8_t app_hash[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 53*5b86ddd8SDorjoy Chowdhury /* certificate fingerprint SHA384 hash */ 54*5b86ddd8SDorjoy Chowdhury uint8_t fingerprint_hash[QCRYPTO_HASH_DIGEST_LEN_SHA384]; 55f1826463SDorjoy Chowdhury bool signature_found; 56f1826463SDorjoy Chowdhury }; 57f1826463SDorjoy Chowdhury 58f1826463SDorjoy Chowdhury #define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave") 59f1826463SDorjoy Chowdhury OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass, 60f1826463SDorjoy Chowdhury NITRO_ENCLAVE_MACHINE) 61f1826463SDorjoy Chowdhury 62f1826463SDorjoy Chowdhury #endif 63