xcp-ng · Th0rOnDoR · Jul 22, 2025 · Jul 22, 2025 · Jul 24, 2025 · Jul 16, 2025
diff --git a/tools/include/libxl.h b/tools/include/libxl.h
@@ -3025,6 +3025,16 @@ static inline int libxl_qemu_monitor_command_0x041200(libxl_ctx *ctx,
  */
 int libxl_clear_domid_history(libxl_ctx *ctx);
 
+/*
+ * Used to retrieve an attestation for a coco domain
+ */
+int libxl_coco_domain_attestation(libxl_ctx *ctx, uint32_t domid, int file, bool is_mmonce_file, char *mmonce);
+
+/*
+ * Used to retrieve platform public keys and relevant information (identification, certificates);
+ */
+int libxl_coco_platform_certs(libxl_ctx *ctx, char *path);
+
 #endif /* LIBXL_H */
 
 /*

diff --git a/tools/include/xenctrl.h b/tools/include/xenctrl.h
@@ -434,11 +434,11 @@ static inline bool dominfo_shutdown_with(const xc_domaininfo_t *info,
            (dominfo_shutdown_reason(info) == expected_reason);
 }
 
-typedef union 
+typedef union
 {
 #if defined(__i386__) || defined(__x86_64__)
     vcpu_guest_context_x86_64_t x64;
-    vcpu_guest_context_x86_32_t x32;   
+    vcpu_guest_context_x86_32_t x32;
 #endif
     vcpu_guest_context_t c;
 } vcpu_guest_context_any_t;
@@ -735,7 +735,7 @@ int xc_domain_hvm_getcontext(xc_interface *xch,
  * This function returns one element of the context of a hvm domain
  * @parm xch a handle to an open hypervisor interface
  * @parm domid the domain to get information from
- * @parm typecode which type of elemnt required 
+ * @parm typecode which type of elemnt required
  * @parm instance which instance of the type
  * @parm ctxt_buf a pointer to a structure to store the execution context of
  *            the hvm domain
@@ -917,7 +917,7 @@ xc_sched_arinc653_schedule_get(
  * @parm xch a handle to an open hypervisor interface
  * @parm domid the domain id to send trigger
  * @parm trigger the trigger type
- * @parm vcpu the vcpu number to send trigger 
+ * @parm vcpu the vcpu number to send trigger
  * return 0 on success, -1 on failure
  */
 int xc_domain_send_trigger(xc_interface *xch,
@@ -938,11 +938,11 @@ int xc_domain_setdebugging(xc_interface *xch,
                            unsigned int enable);
 
 /**
- * This function audits the (top level) p2m of a domain 
+ * This function audits the (top level) p2m of a domain
  * and returns the different error counts, if any.
  *
  * @parm xch a handle to an open hypervisor interface
- * @parm domid the domain id whose top level p2m we 
+ * @parm domid the domain id whose top level p2m we
  *       want to audit
  * @parm orphans count of m2p entries for valid
  *       domain pages containing an invalid value
@@ -951,14 +951,14 @@ int xc_domain_setdebugging(xc_interface *xch,
  * @parm p2m_bad count of p2m entries for this domain
  *       mismatching the associated m2p entry
  * return 0 on success, -1 on failure
- * errno values on failure include: 
+ * errno values on failure include:
  *          -ENOSYS: not implemented
  *          -EFAULT: could not copy results back to guest
  */
 int xc_domain_p2m_audit(xc_interface *xch,
                         uint32_t domid,
                         uint64_t *orphans,
-                        uint64_t *m2p_bad,   
+                        uint64_t *m2p_bad,
                         uint64_t *p2m_bad);
 
 /**
@@ -1093,7 +1093,7 @@ typedef int xc_evtchn_port_or_error_t;
  * This function allocates an unbound port.  Ports are named endpoints used for
  * interdomain communication.  This function is most useful in opening a
  * well-known port within a domain to receive events on.
- * 
+ *
  * NOTE: If you are allocating a *local* unbound port, you probably want to
  * use xc_evtchn_bind_unbound_port(). This function is intended for allocating
  * ports *only* during domain creation.
@@ -1165,7 +1165,7 @@ int xc_machphys_mfn_list(xc_interface *xch,
 
 typedef struct xen_sysctl_cpuinfo xc_cpuinfo_t;
 int xc_getcpuinfo(xc_interface *xch, int max_cpus,
-                  xc_cpuinfo_t *info, int *nr_cpus); 
+                  xc_cpuinfo_t *info, int *nr_cpus);
 
 int xc_domain_setmaxmem(xc_interface *xch,
                         uint32_t domid,
@@ -1398,7 +1398,7 @@ void *xc_memalign(xc_interface *xch, size_t alignment, size_t size);
  * as 4M superpages, or guests using PSE36). Only used for debugging.
  *
  * Translates a virtual address in the context of a given domain and
- * vcpu returning the GFN containing the address (that is, an MFN for 
+ * vcpu returning the GFN containing the address (that is, an MFN for
  * PV guests, a PFN for HVM guests).  Returns 0 for failure.
  *
  * @parm xch a handle on an open hypervisor interface
@@ -1434,7 +1434,7 @@ long xc_get_tot_pages(xc_interface *xch, uint32_t domid);
 /**
  * This function retrieves the the number of bytes available
  * in the heap in a specific range of address-widths and nodes.
- * 
+ *
  * @parm xch a handle to an open hypervisor interface
  * @parm domid the domain to query
  * @parm min_width the smallest address width to query (0 if don't care)
@@ -1685,6 +1685,8 @@ int xc_get_hvm_param(xc_interface *handle, uint32_t dom, int param, unsigned lon
 
 int xc_coco_platform_status(xc_interface *handle, coco_platform_status_t *status);
 int xc_coco_prepare_initial_mem(xc_interface *handle, coco_prepare_initial_mem_t *cmd);
+int xc_coco_get_attestation(xc_interface *handle, coco_attestation_report_t *report);
+int xc_coco_get_platform_certs(xc_interface *handle, coco_platform_certs_t *cmd);
 
 /* HVM guest pass-through */
 int xc_assign_device(xc_interface *xch,
@@ -1904,8 +1906,8 @@ int xc_cpu_offline(xc_interface *xch, int cpu);
 int xc_smt_enable(xc_interface *xch);
 int xc_smt_disable(xc_interface *xch);
 
-/* 
- * cpufreq para name of this structure named 
+/*
+ * cpufreq para name of this structure named
  * same as sysfs file name of native linux
  */
 typedef struct xen_userspace xc_userspace_t;
@@ -2016,7 +2018,7 @@ int xc_altp2m_get_vcpu_p2m_idx(xc_interface *handle, uint32_t domid,
 int xc_altp2m_set_visibility(xc_interface *handle, uint32_t domid,
                              uint16_t view_id, bool visible);
 
-/** 
+/**
  * Mem paging operations.
  * Paging is supported only on the x86 architecture in 64 bit mode, with
  * Hardware-Assisted Paging (i.e. Intel EPT, AMD NPT). Moreover, AMD NPT
@@ -2032,7 +2034,7 @@ int xc_mem_paging_prep(xc_interface *xch, uint32_t domain_id, uint64_t gfn);
 int xc_mem_paging_load(xc_interface *xch, uint32_t domain_id,
                        uint64_t gfn, void *buffer);
 
-/** 
+/**
  * Access tracking operations.
  * Supported only on Intel EPT 64 bit processors.
  */

diff --git a/tools/libs/ctrl/xc_domain.c b/tools/libs/ctrl/xc_domain.c
@@ -355,7 +355,7 @@ int xc_domain_getinfo_single(xc_interface *xch,
         .cmd = XEN_DOMCTL_getdomaininfo,
         .domain = domid,
     };
-
+    
     if ( do_domctl(xch, &domctl) < 0 )
         return -1;
 
@@ -655,7 +655,7 @@ long long xc_logdirty_control(xc_interface *xch,
     if ( stats )
         memcpy(stats, &domctl.u.shadow_op.stats,
                sizeof(xc_shadow_op_stats_t));
-    
+
     return (rc == 0) ? domctl.u.shadow_op.pages : rc;
 }
 
@@ -1532,6 +1532,26 @@ int xc_coco_prepare_initial_mem(xc_interface *handle, coco_prepare_initial_mem_t
     return rc;
 }
 
+int xc_coco_get_attestation(xc_interface *handle, coco_attestation_report_t *cmd)
+{
+    DECLARE_HYPERCALL_BUFFER(coco_attestation_report_t, arg);
+    int rc;
+
+    arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg));
+    if ( arg == NULL )
+        return -1;
+    memcpy(arg, cmd, sizeof(coco_attestation_report_t));
+
+    rc = xencall2(handle->xcall, __HYPERVISOR_coco_op, XEN_COCO_attestation_report,
+        HYPERCALL_BUFFER_AS_ARG(arg));
+
+    if (!rc) {
+        memcpy(cmd, arg, sizeof(coco_attestation_report_t));
+    }
+    xc_hypercall_buffer_free(handle, arg);
+    return rc;
+}
+
 int xc_domain_setdebugging(xc_interface *xch,
                            uint32_t domid,
                            unsigned int enable)
@@ -2060,10 +2080,10 @@ int xc_domain_debug_control(xc_interface *xc, uint32_t domid, uint32_t sop, uint
     return do_domctl(xc, &domctl);
 }
 
-int xc_domain_p2m_audit(xc_interface *xch, 
+int xc_domain_p2m_audit(xc_interface *xch,
                         uint32_t domid,
                         uint64_t *orphans,
-                        uint64_t *m2p_bad,   
+                        uint64_t *m2p_bad,
                         uint64_t *p2m_bad)
 {
     struct xen_domctl domctl = {};

diff --git a/tools/libs/ctrl/xc_version.c b/tools/libs/ctrl/xc_version.c
@@ -7,6 +7,7 @@
 
 #include "xc_private.h"
 #include <assert.h>
+#include <xen/hvm/coco.h>
 
 static int do_xen_version(xc_interface *xch, int cmd,
                           xc_hypercall_buffer_t *dest)
@@ -204,3 +205,24 @@ char *xc_xenver_buildid(xc_interface *xch)
 
     return res;
 }
+
+
+int xc_coco_get_platform_certs(xc_interface *handle, coco_platform_certs_t *cmd)
+{
+    DECLARE_HYPERCALL_BUFFER(coco_platform_certs_t, arg);
+    int rc;
+
+    arg = xc_hypercall_buffer_alloc(handle, arg, sizeof(*arg));
+    if ( arg == NULL )
+        return -1;
+    memcpy(arg, cmd, sizeof(coco_platform_certs_t));
+
+    rc = xencall2(handle->xcall, __HYPERVISOR_coco_op, XEN_COCO_platform_certs,
+        HYPERCALL_BUFFER_AS_ARG(arg));
+
+    if (!rc) {
+        memcpy(cmd, arg, sizeof(coco_platform_certs_t));
+    }
+    xc_hypercall_buffer_free(handle, arg);
+    return rc;
+}
diff --git a/tools/libs/guest/xg_dom_boot.c b/tools/libs/guest/xg_dom_boot.c
@@ -192,10 +192,10 @@ int xc_dom_boot_image(struct xc_dom_image *dom)
          (rc = dom->arch_hooks->setup_pgtables(dom)) != 0 )
         return rc;
 
-    if ( dom->coco )
+    if ( dom->coco ) {
         /* We need to check if we are actually a SEV-ES guest to set SIF_HVM_GHCB */
         dom->use_ghcb = info.arch_config.coco.sev.policy & 0x4;
-
+    }
     /* start info page */
     if ( dom->arch_hooks->start_info )
         dom->arch_hooks->start_info(dom);

diff --git a/tools/libs/light/libxl.c b/tools/libs/light/libxl.c
@@ -15,6 +15,8 @@
 #include "libxl_osdeps.h"
 
 #include "libxl_internal.h"
+#include "xenctrl.h"
+#include <stdio.h>
 
 int libxl_ctx_alloc(libxl_ctx **pctx, int version,
                     unsigned flags, xentoollog_logger * lg)
@@ -415,6 +417,43 @@ int libxl_get_physinfo(libxl_ctx *ctx, libxl_physinfo *physinfo)
     return 0;
 }
 
+int libxl_coco_platform_certs(libxl_ctx *ctx, char* path) {
+    int rc;
+    coco_platform_certs_t certs;
+
+    rc = xc_coco_get_platform_certs(ctx->xch, &certs);
+
+    if (!rc) {
+        int file = open(path, O_WRONLY | O_CREAT, 0644);
+        if (!file) {
+            perror("open:");
+            return -1;
+        }
+
+        size_t written = write(file, &certs.sev, sizeof(certs.sev));
+        if (written != sizeof(certs.sev)) {
+            perror("write:");
+            close(file);
+            return -1;
+        }
+
+        printf("Platform Version: %d.%d.%d\n", 
+            certs.status.version_major, 
+            certs.status.version_minor, 
+            certs.status.version_build);
+
+        for (size_t cpu_n = 0; cpu_n < certs.cpu_number; cpu_n++) {
+            printf("CPU ID %lu: ", cpu_n);
+            for (size_t i = 0; i < 64; i++) {
+                printf("%02X", certs.hwid[i + cpu_n * 64]);
+            }
+            printf("\n");
+        }
+    }
+
+    return rc;
+}
+
 libxl_cputopology *libxl_get_cpu_topology(libxl_ctx *ctx, int *nb_cpu_out)
 {
     GC_INIT(ctx);

diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c
@@ -688,7 +688,6 @@ int libxl__domain_make(libxl__gc *gc, libxl_domain_config *d_config,
             } else {
                 local_domid = info->domid; /* May not be valid */
             }
-
             ret = xc_domain_create(ctx->xch, &local_domid, &create);
             if (ret < 0) {
                 /*

diff --git a/tools/libs/light/libxl_domain.c b/tools/libs/light/libxl_domain.c
@@ -15,6 +15,8 @@
 #include "libxl_osdeps.h"
 
 #include "libxl_internal.h"
+#include "xenctrl.h"
+#include <stdint.h>
 
 #define PAGE_TO_MEMKB(pages) ((pages) * 4)
 
@@ -2623,6 +2625,66 @@ static void retrieve_domain_configuration_end(libxl__egc *egc,
     libxl__ao_complete(egc, ao, rc);
 }
 
+static int hex_char_to_int(char c) {
+    if ('0' <= c && c <= '9') return c - '0';
+    if ('a' <= c && c <= 'f') return c - 'a' + 10;
+    if ('A' <= c && c <= 'F') return c - 'A' + 10;
+    return -1;
+}
+
+int libxl_coco_domain_attestation(libxl_ctx *ctx, uint32_t domid, int file, bool is_mmonce_file, char *mmonce) {
+    coco_attestation_report_t report;
+    int rc, r;
+
+    if (is_mmonce_file) {
+        int datalen = 0;
+        void *data = NULL;
+
+        r = libxl_read_file_contents(ctx, mmonce, &data, &datalen);
+
+        if (datalen != 16) {
+            fprintf(stderr, "Error: invalid mmonce length\n");
+            return ERROR_INVAL;
+        }
+        memcpy(&report.mnonce, data, 16);
+        free(data);
+    } else {
+        if (strnlen(mmonce, 33) != 32) {
+            fprintf(stderr, "Error: invalid mmonce length\n");
+        }
+        for (int i = 0; i < 16; i++) {
+            int hi = hex_char_to_int(mmonce[2*i]);
+            int lo = hex_char_to_int(mmonce[2*i + 1]);
+
+            if (hi < 0 || lo < 0) {
+                fprintf(stderr, "Error: invalid hex character\n");
+                return -1;
+            }
+
+            report.mnonce[i] = (hi << 4) | lo;
+        }
+
+    }
+
+    report.domid = domid;
+    report.len = 0;
+
+    rc = xc_coco_get_attestation(ctx->xch, &report);
+
+    if (!rc) {
+        size_t written = write(file, &report.sev, report.len);
+        // the union used does not matter, we use the pointer
+        if (written != report.len) {
+            perror("write");
+            close(file);
+            return -1;
+        }
+    }
+
+    close(file);
+    return rc;
+}
+
 /*
  * Local variables:
  * mode: C