microsoft
diff --git a/‎openhcl/underhill_attestation/src/lib.rs‎
Lines changed: 21 additions & 30 deletions b/‎openhcl/underhill_attestation/src/lib.rs‎
Lines changed: 21 additions & 30 deletions
diff --git a/‎vm/devices/get/guest_emulation_transport/src/client.rs‎
Lines changed: 7 additions & 9 deletions b/‎vm/devices/get/guest_emulation_transport/src/client.rs‎
Lines changed: 7 additions & 9 deletions
diff --git a/‎vm/devices/tpm/src/lib.rs‎
Lines changed: 23 additions & 45 deletions b/‎vm/devices/tpm/src/lib.rs‎
Lines changed: 23 additions & 45 deletions
@@ -47,6 +47,10 @@ use secure_key_release::VmgsEncryptionKeys;
 use static_assertions::const_assert_eq;
 use std::fmt::Debug;
 use tee_call::TeeCall;
+use telemetry::log_op;
+use telemetry::log_op_begin;
+use telemetry::log_op_end_err;
+use telemetry::log_op_end_ok;
 use telemetry::LogOpType;
 use thiserror::Error;
 use zerocopy::FromZeros;
@@ -370,14 +374,14 @@ pub async fn initialize_platform_security(
     let vmgs_encrypted: bool = vmgs.is_encrypted();
 
     let start_time = std::time::SystemTime::now();
-    tracing::info!(
+    log_op_begin!(
+        LogOpType::DecryptVmgs,
         ?tcb_version,
         vmgs_encrypted,
-        op_type = ?LogOpType::BeginDecryptVmgs,
         "Deriving keys"
     );
 
-    let derived_keys_result = get_derived_keys(
+    let result = get_derived_keys(
         get,
         tee_call,
         vmgs,
@@ -394,18 +398,15 @@ pub async fn initialize_platform_security(
     )
     .await
     .map_err(|e| {
-        tracing::error!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::DecryptVmgs,
-            success = false,
-            err = &e as &dyn std::error::Error,
-            latency = std::time::SystemTime::now()
-                .duration_since(start_time)
-                .map_or(0, |d| d.as_millis()),
+        log_op_end_err!(
+            LogOpType::DecryptVmgs,
+            e,
+            start_time,
             "Failed to derive keys"
         );
         AttestationErrorInner::GetDerivedKeys(e)
-    })?;
+    });
+    let derived_keys_result = result?;
 
     // All Underhill VMs use VMGS encryption
     tracing::info!("Unlocking VMGS");
@@ -420,14 +421,10 @@ pub async fn initialize_platform_security(
     )
     .await
     {
-        tracing::error!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::DecryptVmgs,
-            success = false,
-            err = &e as &dyn std::error::Error,
-            latency = std::time::SystemTime::now()
-                .duration_since(start_time)
-                .map_or(0, |d| d.as_millis()),
+        log_op_end_err!(
+            LogOpType::DecryptVmgs,
+            e,
+            start_time,
             "Failed to unlock datastore"
         );
         get.event_log_fatal(guest_emulation_transport::api::EventLogId::ATTESTATION_FAILED)
@@ -436,17 +433,15 @@ pub async fn initialize_platform_security(
         Err(AttestationErrorInner::UnlockVmgsDataStore(e))?
     }
 
-    tracing::info!(
-        CVM_ALLOWED,
-        op_type = ?LogOpType::DecryptVmgs,
-        success = true,
+    log_op_end_ok!(
+        LogOpType::DecryptVmgs,
+        start_time,
         decrypt_gsp_type = ?derived_keys_result
             .key_protector_settings
             .decrypt_gsp_type,
         encrypt_gsp_type = ?derived_keys_result
             .key_protector_settings
             .encrypt_gsp_type,
-        latency = std::time::SystemTime::now().duration_since(start_time).map_or(0, |d| d.as_millis()),
         "Unlocked datastore"
     );
 
@@ -972,11 +967,7 @@ async fn get_derived_keys(
 
         derived_keys.ingress = derived_keys_by_id.ingress;
 
-        tracing::info!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::ConvertEncryptionType,
-            "Converting GSP method."
-        );
+        log_op!(LogOpType::ConvertEncryptionType, "Converting GSP method.");
     }
 
     let egress_seed;
 
@@ -15,6 +15,8 @@ use mesh::rpc::Rpc;
 use mesh::rpc::RpcSend;
 use std::sync::Arc;
 use telemetry::LogOpType;
+use telemetry::log_op_begin;
+use telemetry::log_op_end_ok;
 use user_driver::DmaClient;
 use vpci::bus_control::VpciBusEvent;
 use zerocopy::IntoBytes;
@@ -350,9 +352,8 @@ impl GuestEmulationTransportClient {
         let start_time = std::time::SystemTime::now();
         getrandom::fill(&mut buffer).expect("rng failure");
 
-        tracing::info!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::BeginGspCallback,
+        log_op_begin!(
+            LogOpType::GspCallback,
             "Getting guest state protection data"
         );
 
@@ -367,12 +368,9 @@ impl GuestEmulationTransportClient {
             .call(msg::Msg::GuestStateProtection, Box::new(gsp_request))
             .await;
 
-        tracing::info!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::GspCallback,
-            latency = std::time::SystemTime::now()
-                .duration_since(start_time)
-                .map_or(0, |d| d.as_millis()),
+        log_op_end_ok!(
+            LogOpType::GspCallback,
+            start_time,
             "Got guest state protection data"
         );
 
 
@@ -50,6 +50,10 @@ use std::sync::Arc;
 use std::task::Poll;
 use std::task::Waker;
 use telemetry::LogOpType;
+use telemetry::log_op_begin;
+use telemetry::log_op_end;
+use telemetry::log_op_end_err;
+use telemetry::log_op_end_ok;
 use thiserror::Error;
 use tpm_helper::CommandDebugInfo;
 use tpm_helper::TpmCommandError;
@@ -587,9 +591,8 @@ impl Tpm {
             // The procedure also generates randomized AK based on the TPM seed
             // and writes the AK into `TPM_AZURE_AIK_HANDLE` NV store.
             let start_time = std::time::SystemTime::now();
-            tracing::info!(
-                CVM_ALLOWED,
-                op_type = ?LogOpType::BeginVtpmKeysProvision,
+            log_op_begin!(
+                LogOpType::VtpmKeysProvision,
                 key_type = ?KeyType::AkPub,
                 bios_guid = %self.bios_guid,
                 force_ak_regen,
@@ -599,16 +602,12 @@ impl Tpm {
                 .tpm_engine_helper
                 .create_ak_pub(force_ak_regen)
                 .map_err(|e| {
-                    tracing::error!(
-                        CVM_ALLOWED,
-                        op_type = ?LogOpType::VtpmKeysProvision,
+                    log_op_end_err!(
+                        LogOpType::VtpmKeysProvision,
+                        e,
+                        start_time,
                         key_type = ?KeyType::AkPub,
                         bios_guid = %self.bios_guid,
-                        success = false,
-                        err = &e as &dyn std::error::Error,
-                        latency = std::time::SystemTime::now()
-                            .duration_since(start_time)
-                            .map_or(0, |d| d.as_millis()),
                         "Error creating AKPub key"
                     );
                     TpmErrorKind::CreateAkPublic(e)
@@ -621,50 +620,30 @@ impl Tpm {
             let ak_pub_hash = ak_pub_hasher.finalize();
             self.ak_pub_hash = base64::engine::general_purpose::STANDARD.encode(ak_pub_hash);
 
-            tracing::info!(
-                CVM_ALLOWED,
-                op_type = ?LogOpType::VtpmKeysProvision,
+            log_op_end_ok!(
+                LogOpType::VtpmKeysProvision,
+                start_time,
                 key_type = ?KeyType::AkPub,
                 bios_guid = %self.bios_guid,
                 pub_key = self.ak_pub_hash,
-                success = true,
-                latency = std::time::SystemTime::now()
-                    .duration_since(start_time)
-                    .map_or(0, |d| d.as_millis()),
                 "Created AKPub key"
             );
 
             let start_time = std::time::SystemTime::now();
-            tracing::info!(
-                CVM_ALLOWED,
-                op_type = ?LogOpType::BeginVtpmKeysProvision,
+            log_op_begin!(
+                LogOpType::VtpmKeysProvision,
                 key_type = ?KeyType::EkPub,
                 "Creating EKPub key"
             );
-            let ek_pub = self.tpm_engine_helper.create_ek_pub().map_err(|e| {
-                tracing::error!(
-                    CVM_ALLOWED,
-                    op_type = ?LogOpType::VtpmKeysProvision,
-                    key_type = ?KeyType::EkPub,
-                    success = false,
-                    err = &e as &dyn std::error::Error,
-                    latency = std::time::SystemTime::now()
-                        .duration_since(start_time)
-                        .map_or(0, |d| d.as_millis()),
-                    "Error creating EKPub key"
-                );
-                TpmErrorKind::CreateEkPublic(e)
-            })?;
-            tracing::info!(
-                CVM_ALLOWED,
-                op_type = ?LogOpType::VtpmKeysProvision,
+            let ek_pub_result = self.tpm_engine_helper.create_ek_pub().map_err(TpmErrorKind::CreateEkPublic);
+            log_op_end!(
+                LogOpType::VtpmKeysProvision,
+                ek_pub_result,
+                start_time,
                 key_type = ?KeyType::EkPub,
-                success = true,
-                latency = std::time::SystemTime::now()
-                    .duration_since(start_time)
-                    .map_or(0, |d| d.as_millis()),
                 "Created EKPub key"
             );
+            let ek_pub = ek_pub_result?;
 
             self.keys = Some(TpmKeys { ak_pub, ek_pub });
             tracing::info!(
@@ -1032,9 +1011,8 @@ impl Tpm {
             return Ok(());
         }
 
-        tracing::info!(
-            CVM_ALLOWED,
-            op_type = ?LogOpType::BeginAkCertProvision,
+        log_op_begin!(
+            LogOpType::AkCertProvision,
             is_renew,
             pub_key = self.ak_pub_hash,
             bios_guid = %self.bios_guid,