The measurement tool runs within Confidential VM (CVM), such as TDX guest, to get measurement, event logs and replay event logs.

It supports Intel® TDX to get RTMR, event logs, Quote and verify RTMR. Find more details of RTMT and Quote in Intel® TDX Documentation.

The tool is implemented based on APIs from cc-trusted-api and SDK from cc-trusted-vmsdk.

It provides 4 commands as follows.

• tdx_eventlogs: Get TD event logs, including both launch time and runtime event logs.
• tdx_rtmr: Get TD RTMRs.
• tdx_tdquote: Get TD Quote for remote attestation.
• tdx_verify_rtmr: Replay event logs and verify the hash with RTMR values.

NOTE: The tool should be installed and run in a TDX guest with root permission.

Build and install CC Measurement Tool in a TDX guest.

$ cd cc-measure
$ source setupenv.sh

1. Get Event Logs.

   $ sudo ./tdx_eventlogs
   
   # Display event log in Canoical Event Logs (CEL) format.
   $ sudo ./tdx_eventlogs -f true
   
   # Display event logs from index 10.
   $ sudo ./tdx_eventlogs -s 10
   
   # Display 10 event logs from index 10.
   $ sudo ./tdx_eventlogs -s 10 -c 10
   

   The example output for the event log is example event logs output with IMA.

2. Get TD Quote.

   NOTE: Make sure you have remote attestation environment setup on the host to get quote.

   $ sudo ./tdx_tdquote
   
   # Display quote in human friendly format.
   $ sudo ./tdx_tdquote -f human
   

3. Get RTMR.

   $ sudo ./tdx_rtmr
   

4. Verify the event logs.

   $ sudo ./tdx_verify_rtmr
   

5. (Optional) Exit python virtual environment after running the commands.

   $ deactivate