From: "Stefan Berger" <stefanb@us.ibm.com>
To: Matthew Garrett <mjg59@coreos.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
pbonzini@redhat.com, qemu-devel@nongnu.org,
stefanb@linux.vnet.ibm.com
Subject: Re: [Qemu-devel] [PATCH] hw/misc: Add simple measurement hardware
Date: Mon, 18 Jul 2016 20:08:43 -0400 [thread overview]
Message-ID: <OF628EAA73.01FA2C09-ON00257FF5.000021B4-85257FF5.0000D069@notes.na.collabserv.com> (raw)
In-Reply-To: <CAPeXnHu2Es1-FSZLiuaTS0UkDfbTe9jAF0iz=BGc3_-=AnHb8A@mail.gmail.com>
Matthew Garrett <mjg59@coreos.com> wrote on 07/18/2016 07:52:22 PM:
> Subject: Re: [Qemu-devel] [PATCH] hw/misc: Add simple measurement
hardware
>
> On Mon, Jul 18, 2016 at 4:40 PM, Stefan Berger <stefanb@us.ibm.com>
wrote:
> > The TPM security's model related to logs, the state of the PCRs, and
> > attestation involves the following pieces:
> >
> > - PCRs
> > - measurement log
> > - EK + certificate
> > - platform certificate
> > - AIK + certificate
> > - quotes (signatures) on PCR state with keys that cannot leave the TPM
> > (AIKs)
> > - infrastructure to issue the AIK certificates based on EK +
certificate +
> > platform certificate
> >
> > How does the security model of this device and its presumed
infrastructure
> > look like? Does the hypervisor then also support IMA measurement lists
or is
> > this restricted to firmware?
>
> The model here is:
> - PCRs
> - measurement log
> - quote on PCR state with key held by hypervisor
>
> There's no fundamental reason why additional layers of key can't be
> introduced, but since all that complexity is on the hypervisor side
> it's out of scope for the qemu implementation. A mechanism for
> establishing trust between the hypervisor and the customer is
> obviously necessary, but there are already examples such as Amazon's
> Instance Identity Documents (
> http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-
> identity-documents.html
> ). The OS is free to continue to extend the PCRs after boot, so IMA
> could certainly be integrated with this.
>
The point of the TPM is that the device that holds the state of the PCRs
provides the signatures over their state rather than some other 'entity'
whose trustworthiness wouldn't be clear. Admittedly the device comes with
its own set of challenges.
next prev parent reply other threads:[~2016-07-19 0:08 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-23 21:09 [Qemu-devel] [PATCH] hw/misc: Add simple measurement hardware Matthew Garrett
2016-07-15 11:29 ` Dr. David Alan Gilbert
2016-07-15 18:11 ` Stefan Berger
2016-07-18 21:26 ` Matthew Garrett
2016-07-18 23:40 ` Stefan Berger
2016-07-18 23:52 ` Matthew Garrett
2016-07-19 0:08 ` Stefan Berger [this message]
2016-07-19 0:39 ` Matthew Garrett
2016-07-19 0:46 ` Stefan Berger
2016-07-19 0:49 ` Matthew Garrett
2016-07-18 21:19 ` Matthew Garrett
2016-07-19 9:38 ` Dr. David Alan Gilbert
2016-08-05 23:17 ` [Qemu-devel] [PATCH V2] " Matthew Garrett
2016-08-06 2:53 ` Eric Blake
2016-08-06 3:56 ` Stefan Berger
2016-08-08 19:43 ` Matthew Garrett
2016-08-09 14:58 ` Stefan Berger
2016-06-23 23:36 [Qemu-devel] [PATCH] " Matthew Garrett
2016-07-14 7:32 ` Matthew Garrett
2016-07-14 14:54 ` Daniel P. Berrange
2016-07-15 0:10 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=OF628EAA73.01FA2C09-ON00257FF5.000021B4-85257FF5.0000D069@notes.na.collabserv.com \
--to=stefanb@us.ibm.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=mjg59@coreos.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.