intel · haitaohuang · Apr 12, 2026 · Apr 12, 2026
@@ -0,0 +1 @@
+{"id":"ALLOW-ALL-0000-0000-0000-000000000000","version":"2.0","policySvn":1,"policy":[]}
@@ -1 +1 @@
-{"id":"251E9C0A-0BB3-4B1F-8BEB-381F155CB8C6","version":"2.0","policySvn":1,"policy":[{"global":{"tcb":{"tcbDate":{"operation":"greater-or-equal","reference":"2023-08-09T00:00:00Z"},"tcbStatusAccepted":{"operation":"allow-list","reference":["UpToDate"]}},"platform":{"fmspc":{"operation":"equal","reference":"90C06F000000"}}}}],"forwardPolicy":[{"servtd":{"migtdIdentity":{"tcbDate":{"operation":"greater-or-equal","reference":"self"},"tcbStatusAccepted":{"operation":"allow-list","reference":["UpToDate"]}}}}]}
+{"id":"251E9C0A-0BB3-4B1F-8BEB-381F155CB8C6","version":"2.0","policySvn":1,"policy":[{"global":{"tcb":{"tcbDate":{"operation":"greater-or-equal","reference":"2023-08-09T00:00:00Z"}},"platform":{"fmspc":{"operation":"equal","reference":"90C06F000000"}}}},{"servtd":{"migtdIdentity":{"tcbDate":{"operation":"greater-or-equal","reference":"2026-04-03T00:00:00Z"}}}}]}
@@ -5,7 +5,7 @@
 IGVM_FILE ?= target/release/migtd.igvm
 LOG_LEVEL ?= trace
 # Common features for IGVM images
-IGVM_FEATURES_BASE ?= vmcall-raw,stack-guard,main,vmcall-interrupt,oneshot-apic
+IGVM_FEATURES_BASE ?= vmcall-raw,stack-guard,main,vmcall-interrupt,oneshot-apic,spdm_attestation
 IGVM_FEATURES_GET_QUOTE ?= $(IGVM_FEATURES_BASE),igvm-attest
 # test_disable_ra_and_accept_all feature disables remote attestation and skips policy verification, bypassing RATLS security
 # test feature skips the compilation of attestation library when the remote attestation is not enabled or needed
@@ -17,6 +17,8 @@ IGVM_MANIFEST ?= config/Azure/servtd_info.json
 .PHONY: build-igvm-reject build-igvm-reject-all
 .PHONY: generate-hash-verbose generate-hash-accept-verbose
 .PHONY: build-igvm-get-quote build-igvm-get-quote-all generate-hash-get-quote
+.PHONY: build-igvm-mock-quote generate-policy-mock-quote
+.PHONY: build-igvm-mock-quote-allow-all generate-policy-mock-quote-allow-all
 
 .DEFAULT_GOAL := build-igvm-all
 
@@ -27,6 +29,8 @@ help:
 	@echo "  build-igvm-reject               - Build IGVM with v1 policy which will be rejected because on empty quote generation."
 	@echo "  build-igvm-reject-all           - Build IGVM with v1 policy which will be rejected because on empty quote generation."
 	@echo "  build-igvm-get-quote-all        - Build IGVM with v2 policy which will call getquote durining initialization."
+	@echo "  build-igvm-mock-quote           - Build IGVM with v2 policy using mock quote data for testing."
+	@echo "  build-igvm-mock-quote-allow-all - Build IGVM with allow-all v2 policy using mock quote data."
 
 pre-build:
 	@if ! command -v rustc >/dev/null 2>&1 || ! rustc --version | grep -q "1.88.0"; then \
@@ -70,7 +74,7 @@ build-igvm:
 build-igvm-all: pre-build build-igvm generate-hash
 
 build-igvm-reject:
-	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_GET_QUOTE) --log-level $(LOG_LEVEL) \
+	cd ../../ && cargo image --no-default-features --features $(IGVM_FEATURES_BASE) --log-level $(LOG_LEVEL) \
 	 --image-format igvm --output $(IGVM_FILE) --debug
 
 build-igvm-reject-all: pre-build build-igvm-reject generate-hash
@@ -88,4 +92,41 @@ build-igvm-get-quote:
 generate-hash-get-quote:
 	cd ../../ && cargo run -p migtd-hash -- --image $(IGVM_FILE) --manifest $(IGVM_MANIFEST) --policy-v2
 
-build-igvm-get-quote-all: pre-build build-igvm-get-quote generate-hash-get-quote
+build-igvm-get-quote-all: pre-build build-igvm-get-quote generate-hash-get-quote
+
+generate-policy-mock-quote:
+	chmod +x ./build_azure_mock_test.sh
+	./build_azure_mock_test.sh
+	@if [ $$? -ne 0 ]; then \
+		echo "Failed to generate policy with mock report"; \
+		exit 1; \
+	fi
+
+build-igvm-mock-quote: pre-build generate-policy-mock-quote
+	cd ../../ && cargo image --policy-v2 --debug \
+	 --image-format igvm \
+	 --no-default-features \
+	 --features $(IGVM_FEATURES_BASE),use-mock-quote \
+	 --log-level $(LOG_LEVEL) \
+	 --policy-issuer-chain config/Azure/policy_issuer_chain.pem \
+	 --policy config/Azure/policy_v2_signed.json \
+	 --output $(IGVM_FILE)
+
+generate-policy-mock-quote-allow-all:
+	chmod +x ./build_azure_mock_test.sh
+	./build_azure_mock_test.sh --allow-all
+	@if [ $$? -ne 0 ]; then \
+		echo "Failed to generate allow-all policy with mock report"; \
+		exit 1; \
+	fi
+
+build-igvm-mock-quote-allow-all: pre-build generate-policy-mock-quote-allow-all
+	cd ../../ && cargo image --policy-v2 --debug \
+	 --image-format igvm \
+	 --no-default-features \
+	 --features vmcall-raw,stack-guard,main,vmcall-interrupt,oneshot-apic,spdm_attestation,use-mock-quote \
+	 --log-level $(LOG_LEVEL) \
+	 --policy-issuer-chain config/Azure/policy_issuer_chain.pem \
+	 --policy config/Azure/policy_v2_signed.json \
+	 --output $(IGVM_FILE)
+
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"id":"ALLOW-ALL-0000-0000-0000-000000000000","version":"2.0","policySvn":1,"policy":[]}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"id":"251E9C0A-0BB3-4B1F-8BEB-381F155CB8C6","version":"2.0","policySvn":1,"policy":[{"global":{"tcb":{"tcbDate":{"operation":"greater-or-equal","reference":"2023-08-09T00:00:00Z"},"tcbStatusAccepted":{"operation":"allow-list","reference":["UpToDate"]}},"platform":{"fmspc":{"operation":"equal","reference":"90C06F000000"}}}}],"forwardPolicy":[{"servtd":{"migtdIdentity":{"tcbDate":{"operation":"greater-or-equal","reference":"self"},"tcbStatusAccepted":{"operation":"allow-list","reference":["UpToDate"]}}}}]}
		{"id":"251E9C0A-0BB3-4B1F-8BEB-381F155CB8C6","version":"2.0","policySvn":1,"policy":[{"global":{"tcb":{"tcbDate":{"operation":"greater-or-equal","reference":"2023-08-09T00:00:00Z"}},"platform":{"fmspc":{"operation":"equal","reference":"90C06F000000"}}}},{"servtd":{"migtdIdentity":{"tcbDate":{"operation":"greater-or-equal","reference":"2026-04-03T00:00:00Z"}}}}]}