From e557fb3ce9941749a4e7abfa5565595043ab8a77 Mon Sep 17 00:00:00 2001
From: Qi Feng Huo <huoqif@cn.ibm.com>
Date: Wed, 17 Jul 2024 10:00:13 +0800
Subject: [PATCH] initdata: add initdata hash in ibmse evidence - add initdata
 hash in ibmse evidence, - the initdata hash will be checked by AS policy
 service as a claim field.

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
---
 attestation-agent/attester/src/se/mod.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/attestation-agent/attester/src/se/mod.rs b/attestation-agent/attester/src/se/mod.rs
index 8d27875ed..3922bf242 100644
--- a/attestation-agent/attester/src/se/mod.rs
+++ b/attestation-agent/attester/src/se/mod.rs
@@ -14,6 +14,9 @@ use pv::{
 use serde::{Deserialize, Serialize};
 use serde_json;
 use serde_with::{base64::Base64, serde_as};
+use std::fs;
+
+const DIGEST_FILE: &str = "/run/peerpod/initdata.digest";
 
 pub fn detect_platform() -> bool {
     misc::pv_guest_bit_set()
@@ -71,7 +74,10 @@ impl Attester for SeAttester {
             encr_request_nonce,
             image_hdr_tags,
         } = request;
-        let user_data = vec![0];
+        let mut user_data = vec![0];
+        if fs::metadata(DIGEST_FILE).is_ok() {
+            user_data = fs::read(DIGEST_FILE)?;
+        }
         let mut uvc: AttestationCmd = AttestationCmd::new_request(
             request_blob.into(),
             Some(user_data.to_vec()),