File s390-tools-sles15sp4-pvattest-Add-more-information-to-verbose-logging.patch of Package s390-tools.30980

Subject: [PATCH] [FEAT VS2038] pvattest: Add more information to verbose logging
From: Steffen Eiden <seiden@linux.ibm.com>

Summary:     pvattest: Create, perform, and verify attestation measurements
Description: pvattest is a tool to attest an IBM Secure Execution guest.
             
             In a trusted environment, one can create a request using
             `pvattest create`. To get a measurement of an untrusted
             IBM Secure Execution guest call 'pvattest perform'.
             Again in a trusted environment, call 'pvattest verify'
             to verify that the measurement is the expected one.
             
             The tool runs on s390 and x86.
             It has the same requirements like libpv and therefore
             requires openssl v1.1.1+, glib2.56+, and libcurl.
             Additionally, to measure, the linux kernel must provide
             the Ultravisor userspace interface `uvdevice` at /dev/uv
             and must be executed  on an IBM Secure Execution guest on
             hardware with Ultravisor attestation support,
             like IBM z16 or later.
Upstream-ID: a4e396fdd7bddb69570c5f7fea4e34ae7ac36294
Problem-ID:  VS2038

Upstream-Description:

             pvattest: Add more information to verbose logging

             In verbose mode (-v) `pvattest verify´ now also prints
             "Attestation measurement verified", if the verification was successful and the
             Config UID of the SE-guest and any additional data if available.

             $ pvattest -V verify  [...]
             Attestation measurement verified
             Config UID:
             1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a

             Additional Data:
             1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b
             1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b1b

             Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
             Reviewed-by: Marc Hartmayer <mhartmay@linux.ibm.com>
             Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>


Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
---
 pvattest/src/pvattest.c |   11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

--- a/pvattest/src/pvattest.c
+++ b/pvattest/src/pvattest.c
@@ -322,8 +322,17 @@ static int do_verify(pvattest_verify_con
 		return PVATTEST_EXIT_MEASURE_NOT_VERIFIED;
 	}
 
-	pvattest_log_debug(_("Measurement verified."));
+	pvattest_log_info(_("Attestation measurement verified"));
+	pvattest_log_info(_("Config UID:"));
+	pvattest_log_bytes(g_bytes_get_data(config_uid, NULL), g_bytes_get_size(config_uid), 16L,
+			   "", FALSE, PVATTEST_LOG_LVL_INFO);
 
+	if (additional_data) {
+		pvattest_log_info(_("\nAdditional Data:"));
+		pvattest_log_bytes(g_bytes_get_data(additional_data, NULL),
+				   g_bytes_get_size(additional_data), 16L, "", FALSE,
+				   PVATTEST_LOG_LVL_INFO);
+	}
 	return EXIT_SUCCESS;
 
 err_exit: