td-shim,td-shim-interface: add no-tdx-signature-check feature

Allow skipping signature check feature for TPA TD

Signed-off-by: Stanislaw Grams <[email protected]>

Author: sgrams

td-shim-interface/Cargo.toml

@@ -16,3 +16,6 @@ scroll = { version = "0.10", default-features = false, features = ["derive"] }
 zerocopy = { version = "0.7.31", features = ["derive"] }
 
 log = "0.4.13"
+
+[features]
+no-tdx-signature-check = []

td-shim-interface/src/metadata.rs

@@ -98,14 +98,19 @@ impl TdxMetadataDescriptor {
     }
 
     pub fn is_valid(&self) -> bool {
-        let len = self.length;
+        #[cfg(not(feature = "no-tdx-signature-check"))]
+        if self.signature != TDX_METADATA_SIGNATURE
+            return false;
 
-        !(self.signature != TDX_METADATA_SIGNATURE
-            || self.version != 1
+        let len = self.length;
+        if self.version != 1
             || self.number_of_section_entry == 0
             || len < 16
             || (len - 16) % 32 != 0
             || (len - 16) / 32 != self.number_of_section_entry)
+            return false;
+
+        true
     }
 
     pub fn as_bytes(&self) -> &[u8] {

td-shim/Cargo.toml

@@ -51,6 +51,7 @@ tdx = ["tdx-tdcall", "td-exception/tdx", "td-logger/tdx", "x86"]
 lazy-accept = ["tdx"]
 ring-hash = ["cc-measurement/ring"]
 sha2-hash = ["cc-measurement/sha2"]
+no-tdx-signature-check = ["td-shim-interface/no-tdx-signature-check"]
 main = [
     "log",
     "td-loader",