td-shim-tee-info-hash: MRTD calculation for OVMF #740
Description
Describe the bug
I'm using td-shim-tee-info-hash to get OVMF generated MRTD "reproduced" but I'm not getting a match.
How to reproduce
cargo build -p td-shim-tools --bin td-shim-tee-info-hash --features tee
target/debug/td-shim-tee-info-hash -i /usr/share/ovmf/OVMF.fd -m td-shim-tools/src/bin/td-shim-tee-info-hash/sample_manifest.json -s 1 -o /tmp/foo.bin
The printed MRTD is 3491d438652cde331546683a37120504e961d02d871002f621fe51357df20c848406e485b625f2fd27bf3de32f49da70.
My TDVM is booted with the same OVMF but the quote generated in it gives 91eb2b44d141d4ece09f0c75c2c53d247a3c68edd7fafe8a3520c942a604a407de03ae6dc5f87f27428b2538873118b7
CoCo version information
td-shim HEAD
What TEE are you seeing the problem on
Tdx
Failing command and relevant log output
$ ps ax|grep qemu
7832 ? Sl 11253:35 qemu-system-x86_64 -D /tmp/tdx-guest-td.log -accel kvm -m 2G -smp 16 -name td,process=td,debug-threads=on -cpu host -object {"qom-type":"tdx-guest","id":"tdx","quote-generation-socket":{"type": "vsock", "cid":"2","port":"4050"}} -machine q35,kernel_irqchip=split,confidential-guest-support=tdx,hpet=off -bios /usr/share/ovmf/OVMF.fd -nographic -daemonize -nodefaults -device virtio-net-pci,netdev=nic0_td -netdev user,id=nic0_td,hostfwd=tcp::10022-:22 -drive file=/home/mylinen/tdx/guest-tools/image/tdx-guest-ubuntu-24.04.qcow2,if=none,id=virtio-disk0 -device virtio-blk-pci,drive=virtio-disk0 -pidfile /tmp/tdx-demo-td-pid.pid