Missing TPM device information in attestation report on aws m6a.large instance(sev-snp+tpm)

[liangxiao1]

Describe the bug

I deployed the trustee server on aws and enabled sev-snp+tpm on client(m6a.large).
kbs-client can retrieve the attestation report successfully, but it misses TPM device information in attestation report.

How to reproduce

1. setup the truestee server follow the guide
2. launch an m6a.large instance with sev-snp+tpm enabled
3. get and check the attestation report from the client.

#/usr/local/bin/kbs-client --url https://trusteeserver:8080 --cert-file /home/ec2-user/trustee_keys/srv_host.crt attest --tee-key-file /home/ec2-user/trustee_keys/tee_key.pem > test/attestation_token
# cat test/attestation_token |jq -R 'split(".") | .[0],.[1] | @base64d | fromjson'

CoCo version information

kbs 0.1.0

What TEE are you seeing the problem on

None

Failing command and relevant log output

[Xynnn007]

cc @mkulke

[bpradipt]

@liangxiao1 have you checked if the AMI being used has NitroTPM support or not ?
Ref: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-nitrotpm-support-on-ami.html

[liangxiao1]

@liangxiao1 have you checked if the AMI being used has NitroTPM support or not ? Ref: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-nitrotpm-support-on-ami.html

@bpradipt I enabled the NitroTPM when registered AMI and can found this device during boot. Thanks

$ aws ec2 describe-images --image-ids ami-07fc715d7e748d69f --query Images[*].TpmSupport --region us-east-2
[
    "v2.0"
]
# dmesg|grep -Ei "tpm|sev"
[    0.000000] efi: TPMFinalLog=0xbf3e7000 SMBIOS=0xbf1bc000 ACPI=0xbf37e000 ACPI 2.0=0xbf37e014 MEMATTR=0xbe1c0018 MOKvar=0xbf1ab000 TPMEventLog=0xbe1c2018 
[    0.014293] ACPI: TPM2 0x00000000BF374000 00004C (v04 AMAZON AMZNTPM2 00000001 AMZN 00000001)
[    0.014306] ACPI: Reserving TPM2 table memory at [mem 0xbf374000-0xbf37404b]
[   13.211680] Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
[   13.213643] SEV: Status: SEV SEV-ES SEV-SNP 
[   13.369650] SEV: APIC: wakeup_secondary_cpu() replaced with wakeup_cpu_via_vmgexit()
[   13.947634] SEV: Using SNP CPUID table, 64 entries present.
[   16.090002] SEV: SNP guest platform device initialized.
[   16.893167] tpm_crb MSFT0101:00: Disabling hwrng
[   22.347141] systemd[1]: systemd 252-46.el9_5.2 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   22.353964] systemd[1]: Detected confidential virtualization sev-snp.
[   35.845007] systemd[1]: systemd 252-46.el9_5.2 running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
[   40.263033] systemd[1]: TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
[   43.377037] sev-guest sev-guest: Initialized SEV guest driver (using vmpck_id 0)