Fix: Update Commit structures to accurately reflect TCBs

When we updated the TCB structure, we overlooked modifying the
commit-related structures to account for differences in TCB layout
across CPU generations.
This commit ensures that raw TCB bytes are correctly constructed for
the FFI layer, and that conversions from the user-level structure to the
FFI format use the appropriate TCB structure based on the processor
generation.
The API snp_set_config function remains the same, it will tell the CPU
generation using a CPUID call.

Signed-off-by: DGonzalezVillal <Diego.GonzalezVillalobos@amd.com>

Author: DGonzalezVillal

src/firmware/host/mod.rs

@@ -42,7 +42,7 @@ use std::convert::TryInto;
 use super::linux::host::types::SnpCommit;
 
 #[cfg(all(target_os = "linux", feature = "snp"))]
-use super::linux::host::types::SnpPlatformStatus as FFISnpPlatformStatus;
+use super::linux::host::types::{SnpPlatformStatus as FFISnpPlatformStatus, SnpSetConfig};
 
 /// The CPU-unique identifier for the platform.
 #[derive(Clone, Debug, PartialEq, Eq)]
@@ -267,8 +267,16 @@ impl Firmware {
     /// let status: bool = firmware.snp_set_config(configuration).unwrap();
     /// ```
     #[cfg(feature = "snp")]
-    pub fn snp_set_config(&mut self, new_config: Config) -> Result<(), UserApiError> {
-        let mut binding = new_config.try_into()?;
+    pub fn snp_set_config(
+        &mut self,
+        new_config: Config,
+        generation: Option<Generation>,
+    ) -> Result<(), UserApiError> {
+        let mut binding: SnpSetConfig = match generation {
+            Some(gen) => (new_config, gen).try_into()?,
+            None => new_config.try_into()?,
+        };
+
         let mut cmd_buf = Command::from_mut(&mut binding);
 
         SNP_SET_CONFIG

src/firmware/host/types/snp.rs

@@ -377,26 +377,76 @@ impl Config {
 }
 
 #[cfg(feature = "snp")]
+///TryFrom to FFI Config when manually passing in the CPU generation
+impl TryFrom<(Config, Generation)> for FFI::types::SnpSetConfig {
+    type Error = std::io::Error;
+
+    fn try_from(args: (Config, Generation)) -> Result<Self, Self::Error> {
+        let mut snp_config: SnpSetConfig = Default::default();
+        let (value, generation) = args;
+
+        let mut buffer = Vec::new();
+        write_tcb(&mut buffer, &value.reported_tcb, &generation)?;
+        snp_config.reported_tcb = buffer.try_into().map_err(|_| {
+            std::io::Error::new(
+                std::io::ErrorKind::InvalidData,
+                "Failed to convert TCB into bytes",
+            )
+        })?;
+        snp_config.mask_id = value.mask_id;
+
+        Ok(snp_config)
+    }
+}
+
+#[cfg(feature = "snp")]
+/// TryFrom to FFI Config type when CPU Generation is unknown
 impl TryFrom<Config> for FFI::types::SnpSetConfig {
-    type Error = uuid::Error;
+    type Error = std::io::Error;
 
     fn try_from(value: Config) -> Result<Self, Self::Error> {
         let mut snp_config: SnpSetConfig = Default::default();
-
-        snp_config.reported_tcb = value.reported_tcb;
+        let generation = Generation::identify_host_generation()?;
+
+        let mut buffer = Vec::new();
+        write_tcb(&mut buffer, &value.reported_tcb, &generation)?;
+        snp_config.reported_tcb = buffer.try_into().map_err(|_| {
+            std::io::Error::new(
+                std::io::ErrorKind::InvalidData,
+                "Failed to convert TCB into bytes",
+            )
+        })?;
         snp_config.mask_id = value.mask_id;
 
         Ok(snp_config)
     }
 }
 
 #[cfg(feature = "snp")]
+/// TryFrom from FFI Config type when CPU Generation is manually passed in
+impl TryFrom<(FFI::types::SnpSetConfig, Generation)> for Config {
+    type Error = std::io::Error;
+
+    fn try_from(value: (FFI::types::SnpSetConfig, Generation)) -> Result<Self, Self::Error> {
+        let reported_tcb = parse_tcb(&mut value.0.reported_tcb.as_slice(), &value.1)?;
+        Ok(Self {
+            reported_tcb,
+            mask_id: value.0.mask_id,
+            ..Default::default()
+        })
+    }
+}
+
+#[cfg(feature = "snp")]
+/// TryFrom from FFI Config type when CPU Generation is unknown
 impl TryFrom<FFI::types::SnpSetConfig> for Config {
-    type Error = uuid::Error;
+    type Error = std::io::Error;
 
     fn try_from(value: FFI::types::SnpSetConfig) -> Result<Self, Self::Error> {
+        let generation = Generation::identify_host_generation()?;
+        let reported_tcb = parse_tcb(&mut value.reported_tcb.as_slice(), &generation)?;
         Ok(Self {
-            reported_tcb: value.reported_tcb,
+            reported_tcb,
             mask_id: value.mask_id,
             ..Default::default()
         })
@@ -938,8 +988,8 @@ mod tests {
         assert_eq!(config_mask, mask);
 
         // Test conversion to FFI type
-        let snp_config: SnpSetConfig = config.try_into().unwrap();
-        assert_eq!(snp_config.reported_tcb, tcb);
+        let snp_config: SnpSetConfig = (config, Generation::Milan).try_into().unwrap();
+        assert_eq!(snp_config.reported_tcb, tcb.to_legacy_bytes());
         let snp_config_mask = snp_config.mask_id;
 
         assert_eq!(snp_config_mask, mask);
@@ -1031,12 +1081,12 @@ mod tests {
         let mask = MaskId(0x3);
         let config = Config::new(tcb, mask);
 
-        let ffi_config: SnpSetConfig = config.try_into().unwrap();
-        assert_eq!(ffi_config.reported_tcb, tcb);
+        let ffi_config: SnpSetConfig = (config, Generation::Milan).try_into().unwrap();
+        assert_eq!(ffi_config.reported_tcb, tcb.to_legacy_bytes());
         let ffi_config_mask = ffi_config.mask_id;
         assert_eq!(ffi_config_mask, mask);
 
-        let converted_config: Config = ffi_config.try_into().unwrap();
+        let converted_config: Config = (ffi_config, Generation::Milan).try_into().unwrap();
         assert_eq!(converted_config.reported_tcb, tcb);
         let converted_config_mask = converted_config.mask_id;
         assert_eq!(converted_config_mask, mask);
@@ -1077,7 +1127,7 @@ mod tests {
         let mask = MaskId(u32::MAX);
         let config = Config::new(tcb, mask);
 
-        let ffi_result: Result<SnpSetConfig, _> = config.try_into();
+        let ffi_result: Result<SnpSetConfig, _> = (config, Generation::Milan).try_into();
         assert!(ffi_result.is_ok());
 
         let default_config = Config::default();
@@ -1086,6 +1136,86 @@ mod tests {
         assert_eq!(default_config_mask_id, Default::default());
     }
 
+    #[test]
+    #[cfg(feature = "snp")]
+    fn test_config_edge_cases() {
+        // Test with maximum values
+        let tcb = TcbVersion::new(Some(255), 255, 255, 255, 255);
+        let mask_id = MaskId(u32::MAX);
+        let config = Config::new(tcb, mask_id);
+
+        // Convert to SnpSetConfig
+        let result: Result<SnpSetConfig, _> = (config, Generation::Turin).try_into();
+        assert!(result.is_ok());
+        let snp_config = result.unwrap();
+
+        // Convert back to Config
+        let result: Result<Config, _> = (snp_config, Generation::Turin).try_into();
+        assert!(result.is_ok());
+        let round_trip = result.unwrap();
+
+        assert_eq!(round_trip.reported_tcb, tcb);
+        let round_trip_mask_id = round_trip.mask_id;
+        assert_eq!(round_trip_mask_id, mask_id);
+
+        // Test with minimum values
+        let tcb = TcbVersion::new(Some(0), 0, 0, 0, 0);
+        let mask_id = MaskId(0);
+        let config = Config::new(tcb, mask_id);
+
+        // Convert to SnpSetConfig
+        let result: Result<SnpSetConfig, _> = (config, Generation::Turin).try_into();
+        assert!(result.is_ok());
+        let snp_config = result.unwrap();
+
+        // Convert back to Config
+        let result: Result<Config, _> = (snp_config, Generation::Turin).try_into();
+        assert!(result.is_ok());
+        let round_trip = result.unwrap();
+
+        assert_eq!(round_trip.reported_tcb, tcb);
+        let round_trip_mask_id = round_trip.mask_id;
+        assert_eq!(round_trip_mask_id, mask_id);
+    }
+
+    #[test]
+    #[cfg(feature = "snp")]
+    fn test_different_generation_conversions() {
+        let tcb = TcbVersion::new(Some(1), 2, 3, 4, 5);
+        let mask_id = MaskId(0x3);
+        let config = Config::new(tcb, mask_id);
+
+        // Test all generations
+        let generations = [Generation::Milan, Generation::Genoa, Generation::Turin];
+
+        for generation in generations {
+            // Convert to SnpSetConfig
+            let snp_config: Result<SnpSetConfig, _> = (config, generation).try_into();
+            assert!(snp_config.is_ok());
+            let snp_config = snp_config.unwrap();
+
+            // Convert back to Config
+            let round_trip: Result<Config, _> = (snp_config, generation).try_into();
+            assert!(round_trip.is_ok());
+            let round_trip = round_trip.unwrap();
+
+            // For non-Turin generations, FMC will be lost in the conversion
+            match generation {
+                Generation::Turin => assert_eq!(round_trip.reported_tcb, tcb),
+                _ => {
+                    // FMC field is not preserved for legacy generations
+                    assert_eq!(round_trip.reported_tcb.bootloader, tcb.bootloader);
+                    assert_eq!(round_trip.reported_tcb.tee, tcb.tee);
+                    assert_eq!(round_trip.reported_tcb.snp, tcb.snp);
+                    assert_eq!(round_trip.reported_tcb.microcode, tcb.microcode);
+                    assert_eq!(round_trip.reported_tcb.fmc, None); // FMC lost in legacy format
+                }
+            }
+            let round_trip_mask_id = round_trip.mask_id;
+            assert_eq!(round_trip_mask_id, mask_id);
+        }
+    }
+
     #[test]
     fn test_version_comparisons() {
         let v1 = TcbVersion::new(None, 1, 2, 3, 4);

src/firmware/linux/host/types/snp.rs

@@ -229,8 +229,8 @@ pub struct SnpCommit {
 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
 #[repr(C, packed)]
 pub struct SnpSetConfig {
-    /// The TCB_VERSION to report in guest attestation reports.
-    pub reported_tcb: UAPI::TcbVersion,
+    /// The bytes corresponding to the TCB_VERSION to report in guest attestation reports.
+    pub reported_tcb: [u8; 8],
 
     /// mask_id [0] : whether chip id is present in attestation reports or not  
     /// mask_id [1]: whether attestation reports are signed or not

tests/api.rs

@@ -119,7 +119,10 @@ mod sev {
 #[cfg(all(feature = "snp", target_os = "linux"))]
 mod snp {
     use serial_test::serial;
-    use sev::firmware::host::{Config, Firmware, MaskId, SnpPlatformStatus, TcbVersion};
+    use sev::{
+        firmware::host::{Config, Firmware, MaskId, SnpPlatformStatus, TcbVersion},
+        Generation,
+    };
 
     #[cfg_attr(not(host), ignore)]
     #[test]
@@ -178,7 +181,10 @@ mod snp {
     #[serial]
     fn set_config() {
         let mut fw: Firmware = Firmware::open().unwrap();
-        fw.snp_set_config(Config::default()).unwrap();
+
+        let generation = Generation::identify_host_generation().unwrap();
+
+        fw.snp_set_config(Config::default(), generation).unwrap();
     }
 
     #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
@@ -187,7 +193,11 @@ mod snp {
     fn test_host_fw_error() {
         let mut fw: Firmware = Firmware::open().unwrap();
         let invalid_config = Config::new(TcbVersion::new(None, 100, 100, 100, 100), MaskId(31));
-        let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
+        let generation = Generation::identify_host_generation().unwrap();
+        let fw_error = fw
+            .snp_set_config(invalid_config, generation)
+            .unwrap_err()
+            .to_string();
         assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
     }
 }