feat(tdx): add TDX RTMR extension support with UEFI marker

- Added `UEFI_MARKER_DIGEST_BYTES` constant for TDX RTMR extension.
- Implemented RTMR3 extension in `tee-key-preexec` for TDX attestation flow.
- Updated `rtmr-calc` to use `UEFI_MARKER_DIGEST_BYTES` for RTMR1 extension.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>

bin/tee-key-preexec/src/main.rs

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: Apache-2.0
-// Copyright (c) 2024 Matter Labs
+// Copyright (c) 2024-2025 Matter Labs
 
 //! Pre-exec for binary running in a TEE needing attestation of a secret signing key
 
@@ -11,7 +11,10 @@ use clap::Parser;
 use secp256k1::{rand, Secp256k1};
 use std::{ffi::OsString, os::unix::process::CommandExt, process::Command};
 use teepot::{
-    ethereum::public_key_to_ethereum_address, prover::reportdata::ReportDataV1, quote::get_quote,
+    ethereum::public_key_to_ethereum_address,
+    prover::reportdata::ReportDataV1,
+    quote::get_quote,
+    tdx::rtmr::{TdxRtmrEvent, UEFI_MARKER_DIGEST_BYTES},
 };
 use tracing::error;
 use tracing_log::LogTracer;
@@ -46,6 +49,18 @@ fn main_with_error() -> Result<()> {
     let report_data = ReportDataV1 { ethereum_address };
     let report_data_bytes: [u8; 64] = report_data.into();
     let tee_type = match get_quote(&report_data_bytes) {
+        Ok((teepot::quote::TEEType::TDX, quote)) => {
+            // In the case of TDX, we want to advance RTMR 3 after getting the quote,
+            // so that any breach can't generate a new attestation with the expected RTMRs
+            TdxRtmrEvent::default()
+                .with_rtmr_index(3)
+                .with_extend_data(UEFI_MARKER_DIGEST_BYTES)
+                .extend()?;
+
+            // save quote to file
+            std::fs::write(TEE_QUOTE_FILE, quote)?;
+            teepot::quote::TEEType::TDX.to_string()
+        }
         Ok((tee_type, quote)) => {
             // save quote to file
             std::fs::write(TEE_QUOTE_FILE, quote)?;