Set disk identifier for confidential UVM's scratch and Pass UVM measurement info to sidecar GCS

go.mod

@@ -5,7 +5,7 @@ go 1.23.0
 require (
 	github.com/Microsoft/cosesign1go v1.4.0
 	github.com/Microsoft/didx509go v0.0.3
-	github.com/Microsoft/go-winio v0.6.2
+	github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/containerd/cgroups/v3 v3.0.5

go.sum

@@ -5,8 +5,8 @@ github.com/Microsoft/cosesign1go v1.4.0 h1:VdiqzsilEE6t1GQi98I/h0WpVFM7AyMEeyP8u
 github.com/Microsoft/cosesign1go v1.4.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8=
 github.com/Microsoft/didx509go v0.0.3 h1:n/owuFOXVzCEzSyzivMEolKEouBm9G0NrEDgoTekM8A=
 github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29 h1:0kQAzHq8vLs7Pptv+7TxjdETLf/nIqJpIB4oC6Ba4vY=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29/go.mod h1:ZWa7ssZJT30CCDGJ7fk/2SBTq9BIQrrVjrcss0UW2s0=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY=

internal/gcs-sidecar/host.go

@@ -182,6 +182,7 @@ func (h *Host) SetWCOWConfidentialUVMOptions(ctx context.Context, securityPolicy
 
 	h.securityPolicyEnforcer = p
 	h.securityPolicyEnforcerSet = true
+	h.uvmReferenceInfo = securityPolicyRequest.EncodedUVMReference
 
 	return nil
 }

internal/oci/uvm.go

@@ -248,6 +248,7 @@ func handleWCOWSecurityPolicy(ctx context.Context, a map[string]string, wopts *u
 	wopts.SecurityPolicyEnforcer = ParseAnnotationsString(a, annotations.WCOWSecurityPolicyEnforcer, wopts.SecurityPolicyEnforcer)
 	wopts.DisableSecureBoot = ParseAnnotationsBool(ctx, a, annotations.WCOWDisableSecureBoot, false)
 	wopts.GuestStateFilePath = ParseAnnotationsString(a, annotations.WCOWGuestStateFile, uvm.GetDefaultConfidentialVMGSPath())
+	wopts.UVMReferenceInfoFile = ParseAnnotationsString(a, annotations.WCOWReferenceInfoFile, uvm.GetDefaultReferenceInfoFilePath())
 	wopts.IsolationType = "SecureNestedPaging"
 	if noSecurityHardware := ParseAnnotationsBool(ctx, a, annotations.NoSecurityHardware, false); noSecurityHardware {
 		wopts.IsolationType = "GuestStateOnly"

internal/protocol/guestresource/resources.go

@@ -244,10 +244,5 @@ type LCOWSecurityPolicyFragment struct {
 type WCOWConfidentialOptions struct {
 	EnforcerType          string `json:"EnforcerType,omitempty"`
 	EncodedSecurityPolicy string `json:"EncodedSecurityPolicy,omitempty"`
-	// Optional security policy
-	WCOWSecurityPolicy string
-	// Set when there is a security policy to apply on actual SNP hardware, use this rathen than checking the string length
-	WCOWSecurityPolicyEnabled bool
-	// Set which security policy enforcer to use (open door or rego). This allows for better fallback mechanic.
-	WCOWSecurityPolicyEnforcer string
+	EncodedUVMReference   string `json:"EncodedUVMReference,omitempty"`
 }

internal/uvm/create_wcow.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/go-winio/pkg/guid"
+	"github.com/Microsoft/go-winio/vhd"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
@@ -31,11 +32,24 @@ import (
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 )
 
+var (
+	// A predefined GUID for UtilityVMs to identify a scratch VHD that is completely empty/unformatted.
+	// This GUID is set in the metadata of the VHD and thus can be reliably used to identify the disk.
+	// a7b3c5d1-4e2f-4a8b-9c6d-1e3f5a7b9c2d
+	unformattedScratchIdentifier = &guid.GUID{
+		Data1: 0xa7b3c5d1,
+		Data2: 0x4e2f,
+		Data3: 0x4a8b,
+		Data4: [8]byte{0x9c, 0x6d, 0x1e, 0x3f, 0x5a, 0x7b, 0x9c, 0x2d},
+	}
+)
+
 type ConfidentialWCOWOptions struct {
 	GuestStateFilePath     string // The vmgs file path
 	SecurityPolicyEnabled  bool   // Set when there is a security policy to apply on actual SNP hardware, use this rathen than checking the string length
 	SecurityPolicy         string // Optional security policy
 	SecurityPolicyEnforcer string // Set which security policy enforcer to use (open door or rego). This allows for better fallback mechanic.
+	UVMReferenceInfoFile   string // Path to the file that contains the signed UVM measurements
 
 	/* Below options are only included for testing/debugging purposes - shouldn't be used in regular scenarios */
 	IsolationType      string
@@ -77,6 +91,10 @@ func GetDefaultConfidentialEFIPath() string {
 	return filepath.Join(defaultConfidentialWCOWOSBootFilesPath(), "boot.vhd")
 }
 
+func GetDefaultReferenceInfoFilePath() string {
+	return filepath.Join(defaultConfidentialWCOWOSBootFilesPath(), "reference_info.cose")
+}
+
 // NewDefaultOptionsWCOW creates the default options for a bootable version of
 // WCOW. The caller `MUST` set the `BootFiles` on the returned value.
 //
@@ -406,6 +424,10 @@ func prepareSecurityConfigDoc(ctx context.Context, uvm *UtilityVM, opts *Options
 		return nil, errors.Wrap(err, "failed to grant vm access to scratch VHD")
 	}
 
+	if err = vhd.SetVirtualDiskIdentifier(opts.BootFiles.BlockCIMFiles.ScratchVHDPath, *unformattedScratchIdentifier); err != nil {
+		return nil, fmt.Errorf("set scratch VHD identifier: %w", err)
+	}
+
 	// boot depends on scratch being attached at LUN 0, it MUST ALWAYS remain at LUN 0
 	doc.VirtualMachine.Devices.Scsi[guestrequest.ScsiControllerGuids[0]].Attachments["0"] = hcsschema.Attachment{
 		Path:  opts.BootFiles.BlockCIMFiles.ScratchVHDPath,

internal/uvm/security_policy.go

@@ -53,6 +53,24 @@ func WithWCOWSecurityPolicyEnforcer(enforcer string) WCOWConfidentialUVMOpt {
 	}
 }
 
+// WithUVMReferenceInfo reads UVM reference info file and base64 encodes the
+// content before setting it for the resource. This is no-op if the
+// path is empty or the file doesn't exist.
+func WithWCOWUVMReferenceInfo(path string) WCOWConfidentialUVMOpt {
+	return func(ctx context.Context, r *guestresource.WCOWConfidentialOptions) error {
+		encoded, err := base64EncodeFileContents(path)
+		if err != nil {
+			if os.IsNotExist(err) {
+				log.G(ctx).WithField("filePath", path).Debug("UVM reference info file not found")
+				return nil
+			}
+			return fmt.Errorf("failed to read UVM reference info file: %w", err)
+		}
+		r.EncodedUVMReference = encoded
+		return nil
+	}
+}
+
 func (uvm *UtilityVM) SetWCOWConfidentialUVMOptions(ctx context.Context, opts ...WCOWConfidentialUVMOpt) error {
 	if uvm.operatingSystem != "windows" {
 		return errNotSupported

internal/uvm/start.go

@@ -341,6 +341,7 @@ func (uvm *UtilityVM) Start(ctx context.Context) (err error) {
 		copts := []WCOWConfidentialUVMOpt{
 			WithWCOWSecurityPolicy(uvm.createOpts.(*OptionsWCOW).SecurityPolicy),
 			WithWCOWSecurityPolicyEnforcer(uvm.createOpts.(*OptionsWCOW).SecurityPolicyEnforcer),
+			WithWCOWUVMReferenceInfo(uvm.createOpts.(*OptionsWCOW).UVMReferenceInfoFile),
 		}
 		if err := uvm.SetWCOWConfidentialUVMOptions(ctx, copts...); err != nil {
 			return err

test/go.mod

@@ -3,7 +3,7 @@ module github.com/Microsoft/hcsshim/test
 go 1.23.0
 
 require (
-	github.com/Microsoft/go-winio v0.6.2
+	github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29
 	github.com/Microsoft/hcsshim v0.13.0
 	github.com/containerd/cgroups/v3 v3.0.5
 	github.com/containerd/containerd/api v1.9.0

test/go.sum

@@ -6,8 +6,8 @@ github.com/Microsoft/cosesign1go v1.4.0 h1:VdiqzsilEE6t1GQi98I/h0WpVFM7AyMEeyP8u
 github.com/Microsoft/cosesign1go v1.4.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8=
 github.com/Microsoft/didx509go v0.0.3 h1:n/owuFOXVzCEzSyzivMEolKEouBm9G0NrEDgoTekM8A=
 github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29 h1:0kQAzHq8vLs7Pptv+7TxjdETLf/nIqJpIB4oC6Ba4vY=
+github.com/Microsoft/go-winio v0.6.3-0.20251027160822-ad3df93bed29/go.mod h1:ZWa7ssZJT30CCDGJ7fk/2SBTq9BIQrrVjrcss0UW2s0=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY=