From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nOKIY-0004nQ-Is for mharc-grub-devel@gnu.org; Sun, 27 Feb 2022 09:13:18 -0500 Received: from eggs.gnu.org ([209.51.188.92]:55572) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOKIW-0004jt-HE for grub-devel@gnu.org; Sun, 27 Feb 2022 09:13:16 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:46220) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOKIQ-000315-B9 for grub-devel@gnu.org; Sun, 27 Feb 2022 09:13:12 -0500 Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 21RDgTfK003054; Sun, 27 Feb 2022 14:13:02 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=ioCBfwjz+FFnt+dG6nlC5X0GTHJEV3e7PpnOpeg6wgw=; b=Ht6/n61Fc2u5wEloY5dxq60sBjtv3rE6KwbxJ+lR07NzsP09gk6hcP7kIoV06i7/eMKf NDmzAWbNnGOYaPNOGQrR+6bcWcJd9d8+CyNTO+sqNGuIecdYzlHc7jvsG4axGQsdMJFs 4tS1TXPpLraMyq8JypHC5c7EKnrID7sEz38O96uA4PrRaiicjF7gTu5cKDlYO16gGEkv pA3WF+CVnqhqbJDZfymRFLJnP5Jwl/UYugyiCIe/gBaITcaIMsgOFgGWw/svoIRGgg2c Q0lxilkrariOEwS9pTZVGcl3q6U6v7OFJ2HJtoShAj8AW+zcY/jwOr/dFY8tEL0kFL5L Rg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3egae0rgas-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Feb 2022 14:13:01 +0000 Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 21RED1rP004211; Sun, 27 Feb 2022 14:13:01 GMT Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 3egae0rgak-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Feb 2022 14:13:01 +0000 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 21RE8nqr009839; Sun, 27 Feb 2022 14:13:00 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma05wdc.us.ibm.com with ESMTP id 3efbu9m3bv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Feb 2022 14:13:00 +0000 Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 21RECwkC34341354 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 27 Feb 2022 14:12:58 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04226124058; Sun, 27 Feb 2022 14:12:58 +0000 (GMT) Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 98F5812405A; Sun, 27 Feb 2022 14:12:54 +0000 (GMT) Received: from [9.160.8.241] (unknown [9.160.8.241]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP; Sun, 27 Feb 2022 14:12:54 +0000 (GMT) Message-ID: <209199d1-1d7d-cc31-e352-148f0a3fcf80@linux.ibm.com> Date: Sun, 27 Feb 2022 16:12:52 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [PATCH v4 0/2] use confidential computing provisioned secrets for disk decryption Content-Language: en-US To: Heinrich Schuchardt , James Bottomley Cc: thomas.lendacky@amd.com, ashish.kalra@amd.com, brijesh.singh@amd.com, david.kaplan@amd.com, jon.grimm@amd.com, tobin@ibm.com, frankeh@us.ibm.com, Dr David Alan Gilbert , dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, Javier Martinez Canillas , GNUtoo@cyberdimension.org, ps@pks.im, development@efficientek.com, Daniel Kiper , The development of GNU GRUB , Dov Murik References: <20220207152944.27183-1-jejb@linux.ibm.com> From: Dov Murik In-Reply-To: Content-Type: text/plain; charset=UTF-8 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 7yxkiTT455ebvDvmEj9S_9E8niL9CUaT X-Proofpoint-ORIG-GUID: d5vONJPjME_8NBuUoGsYW6q9S8aT0ajJ Content-Transfer-Encoding: 8bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-02-27_05,2022-02-26_01,2022-02-23_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 impostorscore=0 adultscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 mlxlogscore=957 priorityscore=1501 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2202270099 Received-SPF: pass client-ip=148.163.158.5; envelope-from=dovmurik@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Feb 2022 14:13:16 -0000 On 26/02/2022 10:04, Heinrich Schuchardt wrote: > On 2/7/22 16:29, James Bottomley wrote: >> From: James Bottomley >> >> v4: Update to new password passing API and fold in review comments >>      original patch 1 (which contained a password passing API) is >>      removed and patch 2 is updated and patch 3 largely unchanged. >> >> v3: make password getter specify prompt requirement.  Update for TDX: >>      Make name more generic and expand size of secret area >> >>      >> https://github.com/tianocore/edk2/commit/96201ae7bf97c3a2c0ef386110bb93d25e9af1ba >> >>      >> https://github.com/tianocore/edk2/commit/caf8b3872ae2ac961c9fdf4d1d2c5d072c207299 >> >> >>      Redo the cryptodisk secret handler to make it completely generic >>      and pluggable using a list of named secret providers.  Also allow >>      an optional additional argument for secret providers that may have >>      more than one secret. >> >> v2: update geli.c to use conditional prompt and add callback for >>      variable message printing and secret destruction >> >> To achieve encrypted disk images in the AMD SEV and other confidential >> computing encrypted virtual machines, we need to add the ability for >> grub to retrieve the disk passphrase from an OVMF provisioned >> configuration table. >> >> https://github.com/tianocore/edk2/commit/01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c >> >> >> (this now needs additional patches to update for the change in flow in >> v4) >> >> The patches in this series modify grub to look for the disk passphrase >> in the secret configuration table and use it to decrypt any disks in >> the system if they are found.  This is so an encrypted image with a >> properly injected password will boot without any user intervention. >> >> The three patches firstly modify the cryptodisk consumers to allow >> arbitrary password getters instead of the current console based one. >> The next patch adds a '-s module [id]' option to cryptodisk to allow >> it to use plugin provided passwords and the final one adds a sevsecret >> command to check for the secrets configuration table and provision the >> disk passphrase from it if an entry is found.  With all this in place, >> the sequence to boot an encrypted volume without user intervention is: >> >> cryptomount -s efisecret -a >> source (crypto0)/boot/grub.cfg >> >> Assuming there's a standard Linux root partition. >> >> James > > Is there a text document that defines the EFI secret table and its > contents? > Such documentation appears in the kernel driver we're proposing [1] to allow userspace programs to read secrets from the same area (similarly to how grub can read a secret from it). In that patch [1], look for "Structure of the EFI secret area" in efi_secret.c. Here's the relevant part: +/* + * Structure of the EFI secret area + * + * Offset Length + * (bytes) (bytes) Usage + * ------- ------- ----- + * 0 16 Secret table header GUID (must be 1e74f542-71dd-4d66-963e-ef4287ff173b) + * 16 4 Length of bytes of the entire secret area + * + * 20 16 First secret entry's GUID + * 36 4 First secret entry's length in bytes (= 16 + 4 + x) + * 40 x First secret entry's data + * + * 40+x 16 Second secret entry's GUID + * 56+x 4 Second secret entry's length in bytes (= 16 + 4 + y) + * 60+x y Second secret entry's data + * + * (... and so on for additional entries) + * + * The GUID of each secret entry designates the usage of the secret data. + */ Note that grub is looking for one entry from this table: an entry with GUID 736870e5-84f0-4973-92ec-06879ce3da0b (GRUB_EFI_DISKPASSWD_GUID). We'll also add similar documentation to kbs-rs [2] (Key Broker Service) which is one of the options for the Guest Owner server that generates this secret area (to be securely injected into the guest). [1] https://lore.kernel.org/linux-coco/20220201124413.1093099-4-dovmurik@linux.ibm.com/#Z31drivers:virt:coco:efi_secret:efi_secret.c [2] https://github.com/confidential-containers/kbs-rs -Dov > Best regards > > Heinrich > >> >> --- >> >> James Bottomley (2): >>    cryptodisk: add OS provided secret support >>    efi: Add API for retrieving the EFI secret for cryptodisk >> >>   grub-core/Makefile.core.def    |   8 ++ >>   grub-core/disk/cryptodisk.c    |  56 +++++++++++++- >>   grub-core/disk/efi/efisecret.c | 129 +++++++++++++++++++++++++++++++++ >>   include/grub/cryptodisk.h      |  14 ++++ >>   include/grub/efi/api.h         |  15 ++++ >>   5 files changed, 220 insertions(+), 2 deletions(-) >>   create mode 100644 grub-core/disk/efi/efisecret.c >> >