kernel/attest: use vsock when feature is available

Use vsock for attestation when the `vsock` feature is enabled.

If vsock fails it will fallback on the serial port.

Signed-off-by: Luigi Leonardi <leonardi@redhat.com>

Author: luigix25

kernel/src/attest.rs

@@ -14,6 +14,10 @@ use crate::{
     serial::SerialPort,
     utils::vec::{try_to_vec, vec_sized},
 };
+
+#[cfg(feature = "vsock")]
+use crate::vsock::virtio_vsock::VsockStream;
+
 use aes::{cipher::BlockDecrypt, Aes256Dec};
 use aes_gcm::KeyInit;
 use alloc::{string::ToString, vec::Vec};
@@ -39,21 +43,56 @@ use sha2::{Digest, Sha512};
 use zerocopy::{FromBytes, IntoBytes};
 
 enum Transport<'a> {
+    #[cfg(feature = "vsock")]
+    Vsock(VsockStream),
     Serial(SerialPort<'a>),
 }
 
 impl Transport<'_> {
     fn write(&mut self, buf: &[u8]) -> Result<usize, SvsmError> {
         match self {
+            #[cfg(feature = "vsock")]
+            Transport::Vsock(vsock) => vsock.write(buf),
             Transport::Serial(serial) => serial.write(buf),
         }
     }
 
     fn read(&mut self, buf: &mut [u8]) -> Result<usize, SvsmError> {
         match self {
+            #[cfg(feature = "vsock")]
+            Transport::Vsock(vsock) => vsock.read(buf),
             Transport::Serial(serial) => serial.read(buf),
         }
     }
+
+    #[cfg(feature = "vsock")]
+    fn new() -> Self {
+        const VSOCK_ATTEST_DEFAULT_PORT: u32 = 1995;
+
+        match VsockStream::connect(1234, VSOCK_ATTEST_DEFAULT_PORT, 2) {
+            Ok(value) => Transport::Vsock(value),
+            Err(e) => {
+                log::info!(
+                    "Vsock Error: {:?} during attestation. Trying again using the serial port",
+                    e
+                );
+                create_serial_transport()
+            }
+        }
+    }
+
+    #[cfg(not(feature = "vsock"))]
+    fn new() -> Self {
+        create_serial_transport()
+    }
+}
+
+fn create_serial_transport<'a>() -> Transport<'a> {
+    const COM3: u16 = 0x3e8;
+
+    let sp = SerialPort::new(&DEFAULT_IO_DRIVER, COM3); // COM3
+    sp.init();
+    Transport::Serial(sp)
 }
 
 /// The attestation driver that communicates with the proxy via some communication channel (serial
@@ -71,8 +110,6 @@ impl TryFrom<Tee> for AttestationDriver<'_> {
     fn try_from(tee: Tee) -> Result<Self, Self::Error> {
         // TODO: Make the IO port configurable/discoverable for other transport mechanisms such as
         // virtio-vsock.
-        let sp = SerialPort::new(&DEFAULT_IO_DRIVER, 0x3e8); // COM3
-        sp.init();
 
         match tee {
             Tee::Snp => (),
@@ -82,7 +119,8 @@ impl TryFrom<Tee> for AttestationDriver<'_> {
         let curve = Curve::new(TpmEccCurve::NistP521).map_err(AttestationError::Crypto)?;
         let ecc = sc_key_generate(&curve).map_err(AttestationError::Crypto)?;
 
-        let transport = Transport::Serial(sp);
+        let transport = Transport::new();
+
         Ok(Self {
             transport,
             tee,