initdata: add initdata hash in ibmse evidence

- add initdata hash in ibmse evidence, - the initdata hash will be checked by AS policy service as a claim field. Signed-off-by: Qi Feng Huo <[email protected]>
confidential-containers · Jul 17, 2024 · 80f1a5a · 80f1a5a
1 parent 3cbdf1b
commit 80f1a5a
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/attestation-agent/attester/src/se/mod.rs b/attestation-agent/attester/src/se/mod.rs
@@ -14,6 +14,9 @@ use pv::{
 use serde::{Deserialize, Serialize};
 use serde_json;
 use serde_with::{base64::Base64, serde_as};
+use std::fs;
+
+const CHECK_SUM_FILE: &str = "/run/peerpod/checksum.txt";
 
 pub fn detect_platform() -> bool {
     misc::pv_guest_bit_set()
@@ -71,7 +74,7 @@ impl Attester for SeAttester {
             encr_request_nonce,
             image_hdr_tags,
         } = request;
-        let user_data = vec![0];
+        let user_data = fs::read(CHECK_SUM_FILE)?;
         let mut uvc: AttestationCmd = AttestationCmd::new_request(
             request_blob.into(),
             Some(user_data.to_vec()),