hvdef/
vbs.rs

1// Copyright (c) Microsoft Corporation.
2// Licensed under the MIT License.
3
4//! VBS (Virtualization-Based Security) attestation report structures.
5
6use bitfield_struct::bitfield;
7use zerocopy::FromBytes;
8use zerocopy::Immutable;
9use zerocopy::IntoBytes;
10use zerocopy::KnownLayout;
11
12/// Size of the [`VbsReport`].
13pub const VBS_REPORT_SIZE: usize = 0x230;
14
15#[repr(C)]
16#[derive(IntoBytes, Immutable, KnownLayout, FromBytes)]
17pub struct VbsReportPackageHeader {
18    /// Total size of the VBS report package, including this header.
19    pub package_size: u32,
20    /// Version of the VBS report package format.
21    pub version: u32,
22    /// Signature scheme used for the report.
23    pub signature_scheme: u32,
24    /// Size of the signature in bytes.
25    pub signature_size: u32,
26    /// Reserved for future use.
27    pub _reserved: u32,
28}
29
30/// VBS VM identity structure.
31#[repr(C)]
32#[derive(IntoBytes, Immutable, KnownLayout, FromBytes)]
33pub struct VbsVmIdentity {
34    /// Owner ID of the VM.
35    pub owner_id: [u8; 32],
36    /// Measurement of the VM.
37    pub measurement: [u8; 32],
38    /// Signer of the VM.
39    pub signer: [u8; 32],
40    /// Host-specific data.
41    pub host_data: [u8; 32],
42    /// Enabled Virtual Trust Levels bitmap.
43    pub enabled_vtl: VtlBitMap,
44    /// Security policy attributes.
45    pub policy: SecurityAttributes,
46    /// Guest Virtual Trust Level.
47    pub guest_vtl: u32,
48    /// Guest Security Version Number.
49    pub guest_svn: u32,
50    /// Guest Product ID.
51    pub guest_product_id: u32,
52    /// Guest Module ID.
53    pub guest_module_id: u32,
54    /// Reserved for future use.
55    pub _reserved: [u8; 64],
56}
57
58/// VBS report structure.
59#[repr(C)]
60#[derive(IntoBytes, Immutable, KnownLayout, FromBytes)]
61pub struct VbsReport {
62    /// Package header containing metadata about the report.
63    pub header: VbsReportPackageHeader,
64    /// Version of the VBS report.
65    pub version: u32,
66    /// Report data that is provided at the runtime.
67    pub report_data: [u8; 64],
68    /// Identity information of the VM.
69    pub identity: VbsVmIdentity,
70    /// Signature of the report.
71    pub signature: [u8; 256],
72}
73
74static_assertions::const_assert_eq!(VBS_REPORT_SIZE, size_of::<VbsReport>());
75
76/// Virtual Trust Level bitmap.
77#[bitfield(u32)]
78#[derive(IntoBytes, Immutable, KnownLayout, FromBytes, PartialEq, Eq)]
79pub struct VtlBitMap {
80    /// Indicates if Virtual Trust Level 0 is enabled.
81    pub vtl0: bool,
82    /// Indicates if Virtual Trust Level 1 is enabled.
83    pub vtl1: bool,
84    /// Indicates if Virtual Trust Level 2 is enabled.
85    pub vtl2: bool,
86    #[bits(29)]
87    pub _reserved: u32,
88}
89
90/// Security attributes for the VM.
91#[bitfield(u32)]
92#[derive(IntoBytes, Immutable, KnownLayout, FromBytes, PartialEq, Eq)]
93pub struct SecurityAttributes {
94    /// Indicates if debugging is allowed on the VM.
95    pub debug_allowed: bool,
96    #[bits(31)]
97    pub _reserved: u32,
98}