Update sev crate to 1.2.0

src/devices/src/bus.rs

@@ -69,7 +69,7 @@ impl Ord for BusRange {
 
 impl PartialOrd for BusRange {
     fn partial_cmp(&self, other: &BusRange) -> Option<Ordering> {
-        self.0.partial_cmp(&other.0)
+        Some(self.cmp(other))
     }
 }
 

src/libkrun/src/lib.rs

@@ -638,6 +638,7 @@ unsafe fn collapse_str_array(array: &[*const c_char]) -> Result<String, std::str
     Ok(strvec.join(" "))
 }
 
+#[allow(clippy::format_collect)]
 #[allow(clippy::missing_safety_doc)]
 #[no_mangle]
 pub unsafe extern "C" fn krun_set_exec(
@@ -695,6 +696,7 @@ pub unsafe extern "C" fn krun_set_exec(
     KRUN_SUCCESS
 }
 
+#[allow(clippy::format_collect)]
 #[allow(clippy::missing_safety_doc)]
 #[no_mangle]
 pub unsafe extern "C" fn krun_set_env(ctx_id: u32, c_envp: *const *const c_char) -> i32 {

src/vmm/Cargo.toml

@@ -24,11 +24,11 @@ polly = { path = "../polly" }
 
 # Dependencies for amd-sev
 codicon = { version = "3.0.0", optional = true }
-kbs-types = { version = "0.2.0", features = ["tee-sev", "tee-snp"], optional = true }
+kbs-types = { version = "0.4.0", features = ["tee-sev", "tee-snp"], optional = true }
 procfs = { version = "0.12", optional = true }
 serde = { version = "1.0.125", optional = true }
 serde_json = { version = "1.0.64", optional = true }
-sev = { version = "1.0.0", features = ["openssl"], optional = true }
+sev = { version = "1.2.0", features = ["openssl"], optional = true }
 curl = { version = "0.4", optional = true }
 
 [target.'cfg(target_arch = "x86_64")'.dependencies]

src/vmm/src/builder.rs

@@ -353,7 +353,7 @@ pub fn build_microvm(
     };
 
     #[cfg(not(feature = "tee"))]
-    let mut vm = setup_vm(&guest_memory)?;
+    let vm = setup_vm(&guest_memory)?;
 
     #[cfg(feature = "tee")]
     let (kvm, mut vm) = {
@@ -482,7 +482,7 @@ pub fn build_microvm(
     // while on aarch64 we need to do it the other way around.
     #[cfg(target_arch = "x86_64")]
     {
-        setup_interrupt_controller(&mut vm)?;
+        setup_interrupt_controller(&vm)?;
         attach_legacy_devices(&vm, &mut pio_device_manager)?;
 
         vcpus = create_vcpus_x86_64(
@@ -795,7 +795,7 @@ pub(crate) fn setup_vm(
 
 /// Sets up the irqchip for a x86_64 microVM.
 #[cfg(target_arch = "x86_64")]
-pub fn setup_interrupt_controller(vm: &mut Vm) -> std::result::Result<(), StartMicrovmError> {
+pub fn setup_interrupt_controller(vm: &Vm) -> std::result::Result<(), StartMicrovmError> {
     vm.setup_irqchip()
         .map_err(Error::Vm)
         .map_err(StartMicrovmError::Internal)

src/vmm/src/linux/tee/amdsev.rs

@@ -189,7 +189,7 @@ fn find_cpu_model() -> Result<CpuModel, Error> {
     }
 }
 
-fn fetch_chain(fw: &mut Firmware, curl_agent: &mut CurlAgent) -> Result<certs::Chain, Error> {
+fn fetch_chain(fw: &mut Firmware, curl_agent: &mut CurlAgent) -> Result<certs::sev::Chain, Error> {
     const CEK_SVC: &str = "https://kdsintf.amd.com/cek/id";
     const ASK_ARK_SVC: &str = "https://developer.amd.com/wp-content/resources/";
 
@@ -203,17 +203,18 @@ fn fetch_chain(fw: &mut Firmware, curl_agent: &mut CurlAgent) -> Result<certs::C
         .get(&format!("{}/{}", CEK_SVC, id))
         .map_err(Error::DownloadCek)?;
 
-    chain.cek =
-        (certs::sev::Certificate::decode(&mut rsp.as_slice(), ())).map_err(|_| Error::DecodeCek)?;
+    chain.cek = (certs::sev::sev::Certificate::decode(&mut rsp.as_slice(), ()))
+        .map_err(|_| Error::DecodeCek)?;
 
     let cpu_model = find_cpu_model()?;
 
     let rsp = curl_agent
         .get(&format!("{}/ask_ark_{}.cert", ASK_ARK_SVC, cpu_model))
         .map_err(Error::DownloadCek)?;
 
-    Ok(certs::Chain {
-        ca: certs::ca::Chain::decode(&mut rsp.as_slice(), ()).map_err(|_| Error::DecodeAskArk)?,
+    Ok(certs::sev::Chain {
+        ca: certs::sev::ca::Chain::decode(&mut rsp.as_slice(), ())
+            .map_err(|_| Error::DecodeAskArk)?,
         sev: chain,
     })
 }
@@ -228,14 +229,14 @@ fn get_and_store_chain(
     fw: &mut Firmware,
     tee_config: &TeeConfig,
     curl_agent: &mut CurlAgent,
-) -> Result<certs::Chain, Error> {
+) -> Result<certs::sev::Chain, Error> {
     let cert_config: SevCertConfig =
         serde_json::from_str(&tee_config.tee_data).map_err(Error::ParseSevCertConfig)?;
 
     if !cert_config.vendor_chain.is_empty() {
         let filepath = Path::new(&cert_config.vendor_chain);
         let mut file = File::open(filepath).map_err(Error::OpenChainFile)?;
-        Ok(certs::Chain::decode(&mut file, ()).map_err(|_| Error::DecodeChain)?)
+        Ok(certs::sev::Chain::decode(&mut file, ()).map_err(|_| Error::DecodeChain)?)
     } else {
         let chain = fetch_chain(fw, curl_agent)?;
         let mut file = File::create("/tmp/libkrun-sev.chain").map_err(|_| Error::OpenTmpFile)?;
@@ -250,7 +251,7 @@ fn get_and_store_chain(
 #[derive(Serialize, Deserialize)]
 struct SessionRequest {
     build: sev::Build,
-    chain: sev::certs::Chain,
+    chain: sev::certs::sev::Chain,
 }
 
 /// Payload received from the attestation server on session request.
@@ -408,6 +409,7 @@ impl AmdSev {
 
         if !self.tee_config.attestation_url.is_empty() {
             let tee_pubkey = TeePubKey {
+                kty: "".to_string(),
                 alg: "".to_string(),
                 k_mod: "".to_string(),
                 k_exp: "".to_string(),