Skip to content

vmgs: Write a diagnostic marker when provisioning the VMGS #2552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
stunes-ms wants to merge 3 commits into
base: main
Choose a base branch
from
Open

vmgs: Write a diagnostic marker when provisioning the VMGS #2552

stunes-ms wants to merge 3 commits into from

Conversation

@stunes-ms
Copy link
Contributor

@stunes-ms stunes-ms commented Dec 10, 2025

We want to leave a marker in a VMGS file that indicates that it was provisioned originally by HCL, with some diagnostic details (vTPM version, etc.) This is intended to be information-only.

@stunes-ms stunes-ms requested a review from a team as a code owner December 10, 2025 18:28
Copilot AI review requested due to automatic review settings December 10, 2025 18:28
@stunes-ms stunes-ms requested a review from a team as a code owner December 10, 2025 18:28
@stunes-ms stunes-ms requested review from mingweishih and tjones60 and removed request for Copilot December 10, 2025 18:28
tjones60
tjones60 reviewed Dec 10, 2025
View reviewed changes
tjones60
tjones60 reviewed Dec 10, 2025
View reviewed changes
Copilot AI review requested due to automatic review settings December 16, 2025 00:14
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This RFC introduces a diagnostic provisioning marker to VMGS files that records metadata about how the file was initially provisioned. The marker captures information such as the provisioner entity (OpenHCL, HCL, etc.), vTPM version and configuration details, and the HCL commit hash.

Key changes:

  • New ProvisioningMarker struct and VmgsProvisioner enum in vmgs_format to define the diagnostic marker format
  • vTPM-related constants moved to tpm_protocol for reuse across components
  • Logic in OpenHCL to write the provisioning marker when a VMGS file is provisioned

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
vm/vmgs/vmgs_format/src/lib.rs Defines the ProvisioningMarker struct, VmgsProvisioner enum, and adds new file ID for the marker
vm/vmgs/vmgs_format/Cargo.toml Adds tpm_protocol dependency for TpmVersion type
vm/vmgs/vmgs/src/vmgs_impl.rs Tracks whether VMGS was formatted due to failure, adds accessor method
vm/vmgs/vmgs/Cargo.toml Reorders dependency (cosmetic change)
vm/devices/tpm/tpm_protocol/src/lib.rs Defines TpmVersion enum and default TPM configuration constants
vm/devices/tpm/tpm_protocol/Cargo.toml Adds dependencies needed for the new enum (open_enum, zerocopy)
openhcl/underhill_core/src/worker.rs Writes provisioning marker to VMGS when file is provisioned
openhcl/underhill_core/Cargo.toml Adds dependencies for tpm_protocol and vmgs_format

@stunes-ms stunes-ms changed the title (RFC) Write a diagnostic marker when provisioning the VMGS vmgs: Write a diagnostic marker when provisioning the VMGS Jan 10, 2026
tjones60
tjones60 reviewed Jan 15, 2026
View reviewed changes
vm/devices/tpm/tpm_protocol/src/lib.rs
}

/// Expected NVRAM index attributes for a platform-created AKCert index.
pub fn platform_akcert_attributes() -> TpmaNvBits {
Copy link
Contributor

@tjones60 tjones60 Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use this in TPM lib

tjones60
tjones60 reviewed Jan 15, 2026
View reviewed changes
vm/vmgs/vmgs/src/vmgs_impl.rs
encrypted_metadata_keys: [VmgsEncryptionKey; 2],
reprovisioned: bool,
provisioned_this_boot: bool,
formatted_on_failure: bool,
Copy link
Contributor

@tjones60 tjones60 Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be cleaner to replace provisioned_this_boot and formatted_on_failure with format_reason: Option<VmgsFormatReason> or similar where VmgsFormatReason can be Empty, Failure, or Request.

tjones60
tjones60 reviewed Jan 15, 2026
View reviewed changes
openhcl/underhill_core/src/worker.rs
GuestStateLifetime::ReprovisionOnFailure
) && vmgs.was_formatted_on_failure())) as u8;

let marker = ProvisioningMarker {
Copy link
Contributor

@tjones60 tjones60 Jan 15, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about this more, it seems like the VMGS impl should write the initial marker, maybe with tpm stuff zeroed out or in separate file. Then the TPM stuff can be modified in place or add to a different fileid later

tjones60
tjones60 reviewed Jan 15, 2026
View reviewed changes
vm/vmgs/vmgs_format/src/lib.rs
/// Entities that can provision a new VMGS file.
#[derive(IntoBytes, Immutable, KnownLayout, FromBytes)]
pub enum VmgsProvisioner: u32 {
HCL = 1,
Copy link
Contributor

@tjones60 tjones60 Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we explicitly say 0 is unknown or something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tjones60 tjones60 tjones60 left review comments

Copilot code review Copilot Copilot left review comments

@mingweishih mingweishih Awaiting requested review from mingweishih

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stunes-ms @tjones60 @mingweishih