From: "Stefan Berger" <stefanb@us.ibm.com>
To: Matthew Garrett <mjg59@coreos.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
pbonzini@redhat.com, qemu-devel@nongnu.org,
stefanb@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH] hw/misc: Add simple measurement hardware
Date: Mon, 18 Jul 2016 19:40:44 -0400 [thread overview]
Message-ID: <OF4F03FC00.F020A4A5-ON00257FF4.008155CC-85257FF4.00821669@notes.na.collabserv.com> (raw)
In-Reply-To: <CAPeXnHu+pKB=SdfvJmJr87kCRZf0i-Ljs7iZZbBpd4aMxiq2Bw@mail.gmail.com>
Matthew Garrett <mjg59@coreos.com> wrote on 07/18/2016 05:26:03 PM:
>
> On Fri, Jul 15, 2016 at 11:11 AM, Stefan Berger <stefanb@us.ibm.com>
wrote:
> >
> >
> > Typically the TPM is there for the reason: it is a hardware root
> of trust that signs the current state of the PCRs that were
> accumulated by measurements starting early on during BIOS init. Now
> with this device, apart from exposing this via HMP, how would one be
> sure that, if the current list of the PCRs is presented to an
> attesting client, that the kernel or attestation server not just
> completely fake the state of the PCRs? My assumption here is that
> the state of this device's PCRs will be exposed to user level
> application that can then use this in some form of attestation, right?
>
>
> Userspace will be able to grab it, but the idea is that the hypervisor
> API will allow a copy to be obtained - either a signed copy from the
> local API endpoint, or directly via a remote API endpoint. The guest
> won't be able to fake the former case, and isn't involved at all in
> the latter case.
>
The TPM security's model related to logs, the state of the PCRs, and
attestation involves the following pieces:
- PCRs
- measurement log
- EK + certificate
- platform certificate
- AIK + certificate
- quotes (signatures) on PCR state with keys that cannot leave the TPM
(AIKs)
- infrastructure to issue the AIK certificates based on EK + certificate +
platform certificate
How does the security model of this device and its presumed infrastructure
look like? Does the hypervisor then also support IMA measurement lists or
is this restricted to firmware?
Stefan
next prev parent reply other threads:[~2016-07-18 23:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 21:09 [Qemu-devel] [PATCH] hw/misc: Add simple measurement hardware Matthew Garrett
2016-07-15 11:29 ` Dr. David Alan Gilbert
2016-07-15 18:11 ` Stefan Berger
2016-07-18 21:26 ` Matthew Garrett
2016-07-18 23:40 ` Stefan Berger [this message]
2016-07-18 23:52 ` Matthew Garrett
2016-07-19 0:08 ` Stefan Berger
2016-07-19 0:39 ` Matthew Garrett
2016-07-19 0:46 ` Stefan Berger
2016-07-19 0:49 ` Matthew Garrett
2016-07-18 21:19 ` Matthew Garrett
2016-07-19 9:38 ` Dr. David Alan Gilbert
2016-08-05 23:17 ` [Qemu-devel] [PATCH V2] " Matthew Garrett
2016-08-06 2:53 ` Eric Blake
2016-08-06 3:56 ` Stefan Berger
2016-08-08 19:43 ` Matthew Garrett
2016-08-09 14:58 ` Stefan Berger
2016-06-23 23:36 [Qemu-devel] [PATCH] " Matthew Garrett
2016-07-14 7:32 ` Matthew Garrett
2016-07-14 14:54 ` Daniel P. Berrange
2016-07-15 0:10 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OF4F03FC00.F020A4A5-ON00257FF4.008155CC-85257FF4.00821669@notes.na.collabserv.com \
--to=stefanb@us.ibm.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=mjg59@coreos.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.