[PATCH v8 0/4] Allow guest access to EFI confidential computing secret area
Borislav Petkov
bp at suse.de
Thu Mar 24 16:33:12 UTC 2022
On Mon, Feb 28, 2022 at 11:42:50AM +0000, Dov Murik wrote:
> Confidential computing (coco) hardware such as AMD SEV (Secure Encrypted
> Virtualization) allows guest owners to inject secrets into the VMs
> memory without the host/hypervisor being able to read them. In SEV,
> secret injection is performed early in the VM launch process, before the
> guest starts running.
>
> OVMF already reserves designated area for secret injection (in its
> AmdSev package; see edk2 commit 01726b6d23d4 "OvmfPkg/AmdSev: Expose the
> Sev Secret area using a configuration table" [1]), but the secrets were
> not available in the guest kernel.
>
> The patch series keeps the address of the EFI-provided memory for
> injected secrets, and exposes the secrets to userspace via securityfs
> using a new efi_secret kernel module. The module is autoloaded (by the
> EFI driver) if the secret area is populated.
Right, so this thing.
Tom and I were talking about SEV* guest debugging today and I believe
there might be another use case for this: SEV-ES guests cannot find out
from an attestation report - like SNP guests can - whether they're being
debugged or not so it would be very helpful if the fact that a -ES guest
is being debugged, could be supplied through such a secrets blob.
Because then, when I'm singlestepping the guest with gdb over the
gdbstub, the guest could determine based on those guest-owner previously
injected secrets whether it should allow debugging or not.
And this is where your set comes in.
However, I'm wondering if - instead of defining your own secrets structs
etc - you could use the SNP confidential computing blob machinery the
SNP set is adding. In particular:
https://lore.kernel.org/all/20220307213356.2797205-30-brijesh.singh@amd.com/
And you're adding another GUID but maybe you could simply use the SNP
thing called EFI_CC_BLOB_GUID and mimick that layout.
That should unify things more. And then guest kernel code could query
the blob also for debugging policy and so on.
Thoughts, opinions?
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Ivo Totev, HRB 36809, AG Nürnberg
More information about the Linux-security-module-archive
mailing list