Verifier/KBS: Use SHA-512 for report data / runtime_data calculation in IBM SEL by BbolroC · Pull Request #1338 · confidential-containers/trustee

BbolroC · 2026-05-13T04:43:30Z

Use the more secure SHA-512 algorithm for the selected-hash-algorithm field in extra_params for IBM SEL.
Update the verifier validation accordingly. The logic for configuring extra_params follows the pattern used by Intel Trust Authority.

In summary:

Use SHA-512 for report data in IBM SEL via extra_params
Select SHA-512 as runtime data hash algorithm for IBM SE in KBS

Depends-on: confidential-containers/guest-components#1469

Signed-off-by: Hyounggyu Choi Hyounggyu.Choi@ibm.com

Xynnn007

We might also need to change grpc-as to use sha512 to align with https://github.com/confidential-containers/guest-components/pull/1469/changes

Xynnn007

Thanks @BbolroC As IBM SE is a little different from other architectures, I tried to get in detail with the code change. There are some comments

Xynnn007 · 2026-05-18T08:04:32Z

+pub const SUPPORTED_HASH_ALGORITHMS_JSON_KEY: &str = "supported-hash-algorithms";
+pub const SELECTED_HASH_ALGORITHM_JSON_KEY: &str = "selected-hash-algorithm";


Note that there are also declarations . Maybe we could move that part under attestation/mod.rs

Yep, you are right. I will move them to attestation/mod.rs. thanks!

Xynnn007 · 2026-05-18T08:08:13Z

+                SELECTED_HASH_ALGORITHM_JSON_KEY: needed_algorithm
+            })
+        })
+        .unwrap_or_else(|| serde_json::Value::String(String::new()))


This will potentially hide the errors when doing the chain calling. Looks like a default value is given whenever there is an error? Note that if a malwared tee_params is given, the function will also return a default value, without telling anything wrong. Please ensure if this is expected.

Let me get back to the old logic then. Thanks!

Xynnn007 · 2026-05-18T08:45:53Z

+/// and selects a hash algorithm based on the TEE type if available.
+/// Returns a JSON value with the selected algorithm,
+/// or an empty string if negotiation fails or is not applicable.
+pub fn generate_extra_params(tee: Tee, tee_params: &serde_json::Value) -> serde_json::Value {


Also, note that extra_params is a conception for KBS's Challenge struct. See the function and it's proper to move the SE-specific logic to that place.

True. I didn't realize that the extra_params is determined only with tee and tee_params passed to generate_challenge(). I will update the PR. Thanks!

Xynnn007 · 2026-05-18T08:46:32Z

        // Validate runtime_data_digest if provided
        if let ReportData::Value(expected_report_data) = expected_report_data {
+            let expected_report_data =
+                regularize_data(expected_report_data, 64, "USER_DATA", "IBM SE");


Probably the 64 here could also be made into a const.

Yep, let's use a constant. Thanks!

Xynnn007 · 2026-05-18T08:50:50Z

+            let runtime_data_hash_algorithm = match evidence.tee {
+                Tee::Se => HashAlgorithm::Sha512,
+                _ => HashAlgorithm::Sha384,
+            };


Looks like we need to think about bringing a mechanism to include this parameter via the header parsing from RCAR protocol than harding coding here. This should be a TODO for me and not for this PR. This place in the PR looks good now.

Xynnn007 · 2026-05-18T08:53:04Z

 }
 message ChallengeResponse {
    string attestation_challenge = 1;
+    string extra_params = 2;


We might not need to change the proto here?

Yep, we don't need this. Thanks!

Xynnn007 · 2026-05-18T08:54:24Z

+        // Generate extra_params for hash algorithm negotiation
+        let extra_params = serde_json::from_str::<serde_json::Value>(tee_params)
+            .ok()
+            .map(|params| generate_extra_params(tee, &params).to_string())
+            .unwrap_or_default();
+
        info!("GetAttestationChallenge succeeded.");
        let res = ChallengeResponse {
            attestation_challenge,
+            extra_params,


See comment about generate_extra_params, and we do not need the part to be changed.

Xynnn007

LGTM. Although the PR does two things -

use sha512 for report data in IBM SEL
select sha512 as runtime data hash algorithm for IBM SE in KBS

So a updation on commit message, or reorg into two commits would either be ok

BbolroC · 2026-05-19T05:46:17Z

LGTM. Although the PR does two things -

use sha512 for report data in IBM SEL

select sha512 as runtime data hash algorithm for IBM SE in KBS

So a updation on commit message, or reorg into two commits would either be ok

I would go with the 1st. Thanks!

Use the more secure SHA-512 algorithm for the selected-hash-algorithm field in extra_params for IBM SEL. Update the verifier validation accordingly. In summary: 1. Use SHA-512 for report data in IBM SEL via extra_params 2. Select SHA-512 as runtime data hash algorithm for IBM SE in KBS Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>

BbolroC requested a review from a team as a code owner May 13, 2026 04:43

BbolroC mentioned this pull request May 13, 2026

se-attester: use SHA-512 for report data in IBM SEL confidential-containers/guest-components#1469

Merged

BbolroC force-pushed the use-sha512-report-data-ibm-sel branch from 0eb4f1f to 96e7447 Compare May 13, 2026 04:52

Xynnn007 reviewed May 13, 2026

View reviewed changes

Comment thread kbs/src/attestation/coco/builtin.rs Outdated

BbolroC force-pushed the use-sha512-report-data-ibm-sel branch from 96e7447 to b3eeb95 Compare May 13, 2026 07:25

BbolroC marked this pull request as draft May 13, 2026 09:26

BbolroC force-pushed the use-sha512-report-data-ibm-sel branch 2 times, most recently from a655349 to 8c35c88 Compare May 13, 2026 10:55

BbolroC marked this pull request as ready for review May 13, 2026 15:06

Xynnn007 reviewed May 18, 2026

View reviewed changes

BbolroC force-pushed the use-sha512-report-data-ibm-sel branch from 8c35c88 to 6693190 Compare May 18, 2026 11:08

Xynnn007 approved these changes May 19, 2026

View reviewed changes

BbolroC force-pushed the use-sha512-report-data-ibm-sel branch from 6693190 to 5d46fe3 Compare May 19, 2026 05:49

BbolroC changed the title ~~builtin-as: use sha512 for report data in IBM SEL~~ builtin-as: Use SHA-512 for report data in IBM SEL May 19, 2026

Xynnn007 changed the title ~~builtin-as: Use SHA-512 for report data in IBM SEL~~ Verifier/KBS: Use SHA-512 for report data / runtime_data calculation in IBM SEL May 19, 2026

Xynnn007 merged commit 80cf7f7 into confidential-containers:main May 19, 2026
46 checks passed

		pub const SUPPORTED_HASH_ALGORITHMS_JSON_KEY: &str = "supported-hash-algorithms";
		pub const SELECTED_HASH_ALGORITHM_JSON_KEY: &str = "selected-hash-algorithm";

Conversation

BbolroC commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Xynnn007 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Xynnn007 left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Xynnn007 left a comment

Choose a reason for hiding this comment

Uh oh!

BbolroC commented May 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

BbolroC commented May 13, 2026 •

edited

Loading