kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Alexander Graf <graf@amazon.com>
To: "Jörg Rödel" <jroedel@suse.de>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: <amd-sev-snp@lists.suse.com>, <linux-coco@lists.linux.dev>,
	<kvm@vger.kernel.org>
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Wed, 22 Mar 2023 10:43:38 +0100	[thread overview]
Message-ID: <444b0d8d-3a8c-8e6d-1df3-35f57046e58e@amazon.com> (raw)
In-Reply-To: <ZBrIFnlPeCsP0x2g@suse.de>

Hi Jörg,

On 22.03.23 10:19, Jörg Rödel wrote:

> On Tue, Mar 21, 2023 at 07:53:58PM +0000, Dr. David Alan Gilbert wrote:
>> OK; the other thing that needs to get nailed down for the vTPM's is the
>> relationship between the vTPM attestation and the SEV attestation.
>> i.e. how to prove that the vTPM you're dealing with is from an SNP host.
>> (Azure have a hack of putting an SNP attestation report into the vTPM
>> NVRAM; see
>> https://github.com/Azure/confidential-computing-cvm-guest-attestation/blob/main/cvm-guest-attestation.md
>> )
> When using the SVSM TPM protocol it should be proven already that the
> vTPM is part of the SNP trusted base, no? The TPM communication is
> implicitly encrypted by the VMs memory key and the SEV attestation
> report proves that the correct vTPM is executing.


What you want to achieve eventually is to take a report from the vTPM 
and submit only that to an external authorization entity that looks at 
it and says "Yup, you ran in SEV-SNP, I trust your TCB, I trust your TPM 
implementation, I also trust your PCR values" and based on that provides 
access to whatever resource you want to access.

To do that, you need to link SEV-SNP and TPM measurements/reports 
together. And the easiest way to do that is by providing the SEV-SNP 
report as part of the TPM: You can then use the hash of the SEV-SNP 
report as signing key for example.

I think the key here is that you need to propagate that link to an 
external party, not (only) to the VM.


Alex





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879



  reply	other threads:[~2023-03-22  9:43 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-21  9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43   ` Jörg Rödel
2023-03-21 13:43     ` James Bottomley
2023-03-21 15:14       ` Jörg Rödel
2023-03-21 17:48         ` Dr. David Alan Gilbert
2023-03-21 18:50           ` Jörg Rödel
2023-03-21 20:05         ` James Bottomley
2023-03-22  1:29           ` Marc Orr
2023-03-22 17:57             ` Daniel P. Berrangé
2023-03-22  9:15           ` Jörg Rödel
2023-03-22 18:07             ` Daniel P. Berrangé
2023-03-22 18:24               ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25   ` Jörg Rödel
2023-03-21 16:56     ` Dr. David Alan Gilbert
2023-03-21 19:03       ` Jörg Rödel
2023-03-21 19:53         ` Dr. David Alan Gilbert
2023-03-22  9:19           ` Jörg Rödel
2023-03-22  9:43             ` Alexander Graf [this message]
2023-03-22 10:34               ` Dr. David Alan Gilbert
2023-03-22 17:37                 ` Dionna Amalie Glaze
2023-03-22 17:47                   ` Dr. David Alan Gilbert
2023-03-22 21:53                     ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01   ` Dionna Amalie Glaze
2023-04-13 16:57   ` James Bottomley
2023-04-14  9:00     ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26   ` Jörg Rödel
2023-05-03 15:24     ` Dionna Amalie Glaze
2023-05-03 15:43       ` James Bottomley
2023-05-03 16:10       ` Daniel P. Berrangé
2023-05-03 16:51     ` Claudio Carvalho
2023-05-03 17:16       ` Alexander Graf
2023-05-05 15:34       ` Jörg Rödel
2023-05-05 15:47         ` Daniel P. Berrangé
2023-05-04 17:04     ` James Bottomley
2023-05-05 12:35       ` Christophe de Dinechin
2023-05-06 12:48         ` James Bottomley
2023-05-08  5:16           ` Alexander Graf
2023-05-05 15:02       ` Jörg Rödel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=444b0d8d-3a8c-8e6d-1df3-35f57046e58e@amazon.com \
    --to=graf@amazon.com \
    --cc=amd-sev-snp@lists.suse.com \
    --cc=dgilbert@redhat.com \
    --cc=jroedel@suse.de \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).