From: Dov Murik <dovmurik@linux.ibm.com>
To: Borislav Petkov <bp@suse.de>
Cc: linux-efi@vger.kernel.org, Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>,
Greg KH <gregkh@linuxfoundation.org>,
Andrew Scull <ascull@google.com>,
Dave Hansen <dave.hansen@intel.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Lenny Szubowicz <lszubowi@redhat.com>,
Peter Gonda <pgonda@google.com>,
Matthew Garrett <mjg59@srcf.ucam.org>,
James Bottomley <jejb@linux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Jim Cadden <jcadden@ibm.com>,
Daniele Buono <dbuono@linux.vnet.ibm.com>,
linux-coco@lists.linux.dev,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Dov Murik <dovmurik@linux.ibm.com>
Subject: Re: [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area
Date: Fri, 1 Apr 2022 00:05:18 +0300 [thread overview]
Message-ID: <9e911444-0772-b3da-3e63-f5d49543c752@linux.ibm.com> (raw)
In-Reply-To: <YkVyIE8H4Ivb6J2l@zn.tnic>
On 31/03/2022 12:19, Borislav Petkov wrote:
> On Wed, Mar 30, 2022 at 09:11:54AM +0300, Dov Murik wrote:
>> If that's the case, we don't need a secure channel and secret injection.
>> You can use a simple "sev=debug" (or whatever) in the kernel
>> command-line to indicate your needs.
>
> Yeah, that would work for a normal SEV guest.
>
> However, if it is an -ES guest, you need to somehow tell it as the guest
> owner: "hey you're being debugged and that's fine."
>
> Because if you want to singlestep the thing, you're going to land in
> the #VC handler and destroy registers so you want to save them first if
> you're being debugged and then shovel them out to the host somehow. And
> that's another question but first things first.
>
> And "if you're being debugged" needs to be somehow told the guest
> through a secure channel so that the HV doesn't go and simply enable
> debugging by booting with "sev=debug" and bypass it all.
>
Note that the HV can also start the VM with SEV completely turned off.
Similarly, it can enable debugging and "fool" the guest. Of course all
this tricks will affect the measurement, and then the Guest Owner will
know that something is wrong and won't inject the secrets. If you don't
rely on secret injection anyway, then I think a kernel command-line
param is good enough. (I might be missing a scenario though)
Maybe you can use KVM_SEV_GET_ATTESTATION_REPORT (ask the host to do it
for you). But I think it returns only the launch digest, and you can't
figure out the SEV Policy field from it.
> And SNP has access to the policy in the attestation report, says Tom, so
> that's possible there.
True. But not in really early boot? This is all in the sev-guest
platform driver.
>
> So we need a way to add the debugging aspect to the measurement and be
> able to recreate that measurement quickly so that a simple debugging
> session of a kernel in a guest can work pretty much the same with a SEV*
> guest.
>
> I'm still digging the details tho...
>
prev parent reply other threads:[~2022-03-31 21:05 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-28 11:42 [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area Dov Murik
2022-02-28 11:42 ` [PATCH v8 1/4] efi: Save location of EFI confidential computing area Dov Murik
2022-02-28 11:42 ` [PATCH v8 2/4] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2022-03-01 12:24 ` Gerd Hoffmann
2022-02-28 11:42 ` [PATCH v8 3/4] efi: Load efi_secret module if EFI secret area is populated Dov Murik
2022-02-28 12:49 ` Ard Biesheuvel
2022-02-28 13:06 ` Dov Murik
2022-02-28 13:15 ` Ard Biesheuvel
2022-03-31 9:04 ` Dov Murik
2022-04-12 13:08 ` Ard Biesheuvel
2022-04-12 13:18 ` Dov Murik
2022-02-28 11:42 ` [PATCH v8 4/4] docs: security: Add secrets/coco documentation Dov Murik
2022-03-24 16:33 ` [PATCH v8 0/4] Allow guest access to EFI confidential computing secret area Borislav Petkov
2022-03-29 12:55 ` Dov Murik
2022-03-29 18:30 ` Borislav Petkov
2022-03-29 20:28 ` Dov Murik
2022-03-30 6:11 ` Dov Murik
2022-03-31 9:19 ` Borislav Petkov
2022-03-31 21:05 ` Dov Murik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e911444-0772-b3da-3e63-f5d49543c752@linux.ibm.com \
--to=dovmurik@linux.ibm.com \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ascull@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=dgilbert@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jcadden@ibm.com \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kraxel@redhat.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lszubowi@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=pgonda@google.com \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).