From: Borislav Petkov <bp@suse.de>
To: Dov Murik <dovmurik@linux.ibm.com>
Cc: linux-efi@vger.kernel.org, Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>,
Greg KH <gregkh@linuxfoundation.org>,
Andrew Scull <ascull@google.com>,
Dave Hansen <dave.hansen@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Peter Gonda <pgonda@google.com>,
Matthew Garrett <mjg59@srcf.ucam.org>,
James Bottomley <jejb@linux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Jim Cadden <jcadden@ibm.com>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
linux-coco@lists.linux.dev,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area
Date: Tue, 29 Mar 2022 20:30:15 +0200 [thread overview]
Message-ID: <YkNQNzNa02Sndu+q@zn.tnic> (raw)
In-Reply-To: <f2fb7553-0313-6393-c93c-2bb6619086dc@linux.ibm.com>
Hi Dov,
On Tue, Mar 29, 2022 at 03:55:38PM +0300, Dov Murik wrote:
> Let's see if I understand this correctly:
>
> You want the guest to know if the its own SEV VM policy allows
> debugging. And that flag has to be trusted -- so passed from the Guest
> Owner in a secure channel (otherwise the host could set it to
> ALLOW_DEBUGGING even though the Guest Owner didn't approve that).
Yeah, and then dump all the guest memory and thus bypass the whole
memory encryption fun. So yeah, it should be encrypted and accessible
only to the guest and supplied by the guest owner.
> The SEV launch secrets area can also be read by grub [1], for example,
> to fetch a luks passphrase from there (instead of from keyboard).
> That's why its structure is generic.
Ok, fair enough.
> I think Guest Owner can add a 1-byte predefined secret to the SEV secret
> table, let's say an entry with GUID 2b91a212-b0e1-4816-b021-1e9991ddb6af
> and value "\x01" to indicate debugging is allowed.
>
> With the efi_secrets module, a 1-byte file called
> /sys/kernel/security/secrets/coco/2b91a212-b0e1-4816-b021-1e9991ddb6af
I'd love it if that were more user-friendly:
/sys/kernel/security/secrets/coco/attributes
and there's:
debugging:1
...
and others.
> will appear with "\x01" in its content.
>
> This can indicate to the guest that debugging was permitted by the Guest
> Owner.
But yeah, that should be the gist of the functionality.
> If you want this unified in the kernel, maybe we can look for this entry
> and set the relevant kernel variable.
So now that I think of it, it would be even nicer if the fact whether
guest debugging is allowed, were available to the guest *very early*
during boot. Because I think the most important cases where you'd want
to singlestep a SEV* guest with the qemu gdbstub is early guest kernel
boot code. So it would be cool if we'd have access to the debugging
setting that early.
Lemme have a look at your patches in detail to get an idea what's
happening there.
Thx.
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Ivo Totev, HRB 36809, AG Nürnberg
next prev parent reply other threads:[~2022-03-29 18:36 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-28 11:42 [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area Dov Murik
2022-02-28 11:42 ` [PATCH v8 1/4] efi: Save location of EFI confidential computing area Dov Murik
2022-02-28 11:42 ` [PATCH v8 2/4] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2022-03-01 12:24 ` Gerd Hoffmann
2022-02-28 11:42 ` [PATCH v8 3/4] efi: Load efi_secret module if EFI secret area is populated Dov Murik
2022-02-28 12:49 ` Ard Biesheuvel
2022-02-28 13:06 ` Dov Murik
2022-02-28 13:15 ` Ard Biesheuvel
2022-03-31 9:04 ` Dov Murik
2022-04-12 13:08 ` Ard Biesheuvel
2022-04-12 13:18 ` Dov Murik
2022-02-28 11:42 ` [PATCH v8 4/4] docs: security: Add secrets/coco documentation Dov Murik
2022-03-24 16:33 ` [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area Borislav Petkov
2022-03-29 12:55 ` Dov Murik
2022-03-29 18:30 ` Borislav Petkov [this message]
2022-03-29 20:28 ` Dov Murik
2022-03-30 6:11 ` Dov Murik
2022-03-31 9:19 ` Borislav Petkov
2022-03-31 21:05 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YkNQNzNa02Sndu+q@zn.tnic \
--to=bp@suse.de \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ascull@google.com \
--cc=ashish.kalra@amd.com \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=dgilbert@redhat.com \
--cc=dovmurik@linux.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=jcadden@ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kraxel@redhat.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lszubowi@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=pgonda@google.com \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.