From: Alexander Graf <graf@amazon.com>
To: "Jörg Rödel" <jroedel@suse.de>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: <amd-sev-snp@lists.suse.com>, <linux-coco@lists.linux.dev>,
<kvm@vger.kernel.org>
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Wed, 22 Mar 2023 10:43:38 +0100 [thread overview]
Message-ID: <444b0d8d-3a8c-8e6d-1df3-35f57046e58e@amazon.com> (raw)
In-Reply-To: <ZBrIFnlPeCsP0x2g@suse.de>
Hi Jörg,
On 22.03.23 10:19, Jörg Rödel wrote:
> On Tue, Mar 21, 2023 at 07:53:58PM +0000, Dr. David Alan Gilbert wrote:
>> OK; the other thing that needs to get nailed down for the vTPM's is the
>> relationship between the vTPM attestation and the SEV attestation.
>> i.e. how to prove that the vTPM you're dealing with is from an SNP host.
>> (Azure have a hack of putting an SNP attestation report into the vTPM
>> NVRAM; see
>> https://github.com/Azure/confidential-computing-cvm-guest-attestation/blob/main/cvm-guest-attestation.md
>> )
> When using the SVSM TPM protocol it should be proven already that the
> vTPM is part of the SNP trusted base, no? The TPM communication is
> implicitly encrypted by the VMs memory key and the SEV attestation
> report proves that the correct vTPM is executing.
What you want to achieve eventually is to take a report from the vTPM
and submit only that to an external authorization entity that looks at
it and says "Yup, you ran in SEV-SNP, I trust your TCB, I trust your TPM
implementation, I also trust your PCR values" and based on that provides
access to whatever resource you want to access.
To do that, you need to link SEV-SNP and TPM measurements/reports
together. And the easiest way to do that is by providing the SEV-SNP
report as part of the TPM: You can then use the hash of the SEV-SNP
report as signing key for example.
I think the key here is that you need to propagate that link to an
external party, not (only) to the VM.
Alex
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
next prev parent reply other threads:[~2023-03-22 9:43 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43 ` Jörg Rödel
2023-03-21 13:43 ` James Bottomley
2023-03-21 15:14 ` Jörg Rödel
2023-03-21 17:48 ` Dr. David Alan Gilbert
2023-03-21 18:50 ` Jörg Rödel
2023-03-21 20:05 ` James Bottomley
2023-03-22 1:29 ` Marc Orr
2023-03-22 17:57 ` Daniel P. Berrangé
2023-03-22 9:15 ` Jörg Rödel
2023-03-22 18:07 ` Daniel P. Berrangé
2023-03-22 18:24 ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25 ` Jörg Rödel
2023-03-21 16:56 ` Dr. David Alan Gilbert
2023-03-21 19:03 ` Jörg Rödel
2023-03-21 19:53 ` Dr. David Alan Gilbert
2023-03-22 9:19 ` Jörg Rödel
2023-03-22 9:43 ` Alexander Graf [this message]
2023-03-22 10:34 ` Dr. David Alan Gilbert
2023-03-22 17:37 ` Dionna Amalie Glaze
2023-03-22 17:47 ` Dr. David Alan Gilbert
2023-03-22 21:53 ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01 ` Dionna Amalie Glaze
2023-04-13 16:57 ` James Bottomley
2023-04-14 9:00 ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26 ` Jörg Rödel
2023-05-03 15:24 ` Dionna Amalie Glaze
2023-05-03 15:43 ` James Bottomley
2023-05-03 16:10 ` Daniel P. Berrangé
2023-05-03 16:51 ` Claudio Carvalho
2023-05-03 17:16 ` Alexander Graf
2023-05-05 15:34 ` Jörg Rödel
2023-05-05 15:47 ` Daniel P. Berrangé
2023-05-04 17:04 ` James Bottomley
2023-05-05 12:35 ` Christophe de Dinechin
2023-05-06 12:48 ` James Bottomley
2023-05-08 5:16 ` Alexander Graf
2023-05-05 15:02 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=444b0d8d-3a8c-8e6d-1df3-35f57046e58e@amazon.com \
--to=graf@amazon.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=dgilbert@redhat.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).