attestation: enable end-to-end testing

Cargo.lock

@@ -2516,6 +2516,7 @@ dependencies = [
 name = "get_resources"
 version = "0.0.0"
 dependencies = [
+ "inspect",
  "mesh",
  "thiserror 2.0.16",
  "vm_resource",
@@ -2714,6 +2715,7 @@ dependencies = [
  "get_protocol",
  "getrandom 0.3.3",
  "guest_emulation_device",
+ "guestmem",
  "guid",
  "hvdef",
  "inspect",
@@ -7743,6 +7745,7 @@ dependencies = [
  "disklayer_ram",
  "get_protocol",
  "getrandom 0.3.3",
+ "guest_emulation_device",
  "guest_emulation_transport",
  "guid",
  "mesh",
@@ -7754,9 +7757,11 @@ dependencies = [
  "serde_json",
  "static_assertions",
  "tee_call",
+ "test_with_tracing",
  "thiserror 2.0.16",
  "time",
  "tracing",
+ "user_driver_emulated_mock",
  "vmgs",
  "vmgs_format",
  "zerocopy 0.8.25",

openhcl/tee_call/src/lib.rs

@@ -47,6 +47,7 @@ static_assertions::const_assert_eq!(
 );
 
 /// Type of the TEE
+#[derive(Debug)]
 pub enum TeeType {
     /// AMD SEV-SNP
     Snp,

openhcl/underhill_attestation/Cargo.toml

@@ -40,6 +40,10 @@ disklayer_ram.workspace = true
 disk_backend.workspace = true
 vmgs = { workspace = true, features = ["encryption_ossl", "test_helpers"] }
 vmgs_format.workspace = true
+guest_emulation_transport = { workspace = true, features = ["test_utilities"] }
+guest_emulation_device = { workspace = true, features = ["test_igvm_agent"] }
+test_with_tracing.workspace = true
+user_driver_emulated_mock.workspace = true
 
 [lints]
 workspace = true

openhcl/underhill_attestation/src/hardware_key_sealing.rs

@@ -181,42 +181,9 @@ impl HardwareKeyProtectorExt for HardwareKeyProtector {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::test_utils::MockTeeCall;
     use zerocopy::FromBytes;
 
-    struct MockTeeCall;
-
-    impl tee_call::TeeCall for MockTeeCall {
-        fn get_attestation_report(
-            &self,
-            _report_data: &[u8; 64],
-        ) -> Result<tee_call::GetAttestationReportResult, tee_call::Error> {
-            Ok(tee_call::GetAttestationReportResult {
-                report: vec![],
-                tcb_version: None,
-            })
-        }
-
-        fn supports_get_derived_key(&self) -> Option<&dyn tee_call::TeeCallGetDerivedKey> {
-            Some(self)
-        }
-
-        fn tee_type(&self) -> tee_call::TeeType {
-            tee_call::TeeType::Snp
-        }
-    }
-
-    impl tee_call::TeeCallGetDerivedKey for MockTeeCall {
-        fn get_derived_key(&self, _tcb_version: u64) -> Result<[u8; 32], tee_call::Error> {
-            const TEST_HW_DERIVED_KEY: [u8; tee_call::HW_DERIVED_KEY_LENGTH] = [
-                0xe0, 0xd8, 0x29, 0x04, 0xd6, 0x19, 0xd8, 0xdb, 0xd5, 0xd3, 0xba, 0x1c, 0x3c, 0x07,
-                0x2f, 0xaa, 0x56, 0x90, 0xa8, 0x95, 0x3e, 0x66, 0x69, 0x2e, 0xb9, 0xe7, 0xb4, 0xca,
-                0xaa, 0x3a, 0x92, 0x47,
-            ];
-
-            Ok(TEST_HW_DERIVED_KEY)
-        }
-    }
-
     #[test]
     fn hardware_derived_keys() {
         const PLAINTEXT: [u8; 32] = [
@@ -235,7 +202,7 @@ mod tests {
             filtered_vpci_devices_allowed: true,
             vm_unique_id: "".to_string(),
         };
-        let mock_call = Box::new(MockTeeCall {}) as Box<dyn tee_call::TeeCall>;
+        let mock_call = Box::new(MockTeeCall::new(0x1234)) as Box<dyn tee_call::TeeCall>;
         let mock_get_derived_key_call = mock_call.supports_get_derived_key().unwrap();
         let result = HardwareDerivedKeys::derive_key(
             mock_get_derived_key_call,