tdx-attester: log error on empty TSM report

tdx_guest TSM provider covers a wide range of errors which trigger an errno on outblob read but can also return empty reports without error. One such scenario seems to be when Qemu isn't connecting to TDX QGS properly (likely due to misconfiguration) but returns back with an empty buffer. Notify users about this scenario and log an error on empty TSM report but don't turn it into a new error because there isn't any. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Nov 28, 2024 · 7787164 · 7787164
1 parent 4709f0e
commit 7787164
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/attestation-agent/attester/src/tdx/mod.rs b/attestation-agent/attester/src/tdx/mod.rs
@@ -87,6 +87,7 @@ impl Attester for TdxAttester {
             },
             |tsm| {
                 tsm.attestation_report(TsmReportData::Tdx(report_data.clone()))
+                    .inspect(|outblob| {if outblob.is_empty() {log::error!("TSM provider returned an empty quote without an error")}})
                     .context("TDX Attester: quote generation using TSM reports failed")
             },
         )?;