From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1mnl1Z-00028q-0g for mharc-grub-devel@gnu.org; Thu, 18 Nov 2021 12:16:37 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40514) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnl1Y-00028b-3k for grub-devel@gnu.org; Thu, 18 Nov 2021 12:16:36 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:51490) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mnl1M-000655-KE for grub-devel@gnu.org; Thu, 18 Nov 2021 12:16:35 -0500 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1AIGfZmO005621; Thu, 18 Nov 2021 17:16:05 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : content-transfer-encoding : mime-version; s=pp1; bh=wCsckS38bWGMBcgzqUMMLPJ0dq7sYJKwJS4680KFuDY=; b=aIxXRGAhIThUZPI0tomh5NCNyuHh6qKBZEyA9sK5GBqoY8z+uCFWDl+WGUukUai3IiUN rnpBF9yaxomwOp5H/VEd1BLDeUbYLOxNnhMIh91ojT4OoHU216PqiwvIwz8Cp9r+E1A1 DIFZHAk8EHCbSJG9RwhFTkVaV32yKzQMUVMhPVqhnTgGG1+BgjiB79zISRs6XkSeCUDs e/0K10y1hKkXf4BdlT8TM7H9pS7SRHJZnerDWogcXDiF+l/74bCsoY46i+tnMDpwqYrG Xj53wGVOHJghzIqpAzlruY/PvzQ0zSXNwk//tK5Bv9L2h3dei0wRoDKVjSFhT/VLdstg xw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 3cdtjtrtwm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Nov 2021 17:16:05 +0000 Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1AIGpPU0011765; Thu, 18 Nov 2021 17:16:04 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com with ESMTP id 3cdtjtrtvv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Nov 2021 17:16:04 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 1AIH3Y5q031487; Thu, 18 Nov 2021 17:16:02 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma01dal.us.ibm.com with ESMTP id 3ca50djjcb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Nov 2021 17:16:02 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 1AIHFxvp54264246 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 18 Nov 2021 17:15:59 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F9717805F; Thu, 18 Nov 2021 17:15:59 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 25A5E78064; Thu, 18 Nov 2021 17:15:57 +0000 (GMT) Received: from jarvis.int.hansenpartnership.com (unknown [9.211.93.152]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Thu, 18 Nov 2021 17:15:56 +0000 (GMT) Message-ID: <4dfd17487d44fa685f80d2e4af015fb217b50346.camel@linux.ibm.com> Subject: Re: [RESEND v3 0/3] use confidential computing provisioned secrets for disk decryption From: James Bottomley Reply-To: jejb@linux.ibm.com To: Daniel Kiper Cc: grub-devel@gnu.org, thomas.lendacky@amd.com, ashish.kalra@amd.com, brijesh.singh@amd.com, david.kaplan@amd.com, jon.grimm@amd.com, tobin@ibm.com, frankeh@us.ibm.com, "Dr . David Alan Gilbert" , dovmurik@linux.vnet.ibm.com, Dov.Murik1@il.ibm.com, Javier Martinez Canillas , GNUtoo@cyberdimension.org, ps@pks.im, development@efficientek.com Date: Thu, 18 Nov 2021 12:15:55 -0500 In-Reply-To: <20211118144901.ya6zilodda37t7yp@tomti.i.net-space.pl> References: <20211109135356.10695-1-jejb@linux.ibm.com> <20211118144901.ya6zilodda37t7yp@tomti.i.net-space.pl> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.4 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 5UK6VtlfEMvr3oweJKQzBXuFQsp20efp X-Proofpoint-ORIG-GUID: zAeD14RYfn9NTve-0K3SRDWrmaMsIVWr Content-Transfer-Encoding: 7bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-18_12,2021-11-17_01,2020-04-07_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 bulkscore=0 mlxlogscore=999 clxscore=1011 suspectscore=0 lowpriorityscore=0 impostorscore=0 phishscore=0 priorityscore=1501 mlxscore=0 adultscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2111180091 Received-SPF: pass client-ip=148.163.156.1; envelope-from=jejb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2021 17:16:36 -0000 On Thu, 2021-11-18 at 15:49 +0100, Daniel Kiper wrote: > Hey, > > Adding Denis, Patrick and Glenn... > > James, please add them to the loop next time. Sure ... is there some way of telling who should be cc'd (I'm not a fan of the kernel get_maintainer.pl but it gives you a list you can trim)? > > On Tue, Nov 09, 2021 at 08:53:53AM -0500, James Bottomley wrote: > > From: James Bottomley > > > > v3: make password getter specify prompt requirement. Update for > > TDX: > > Make name more generic and expand size of secret area > > > > > > https://github.com/tianocore/edk2/commit/96201ae7bf97c3a2c0ef386110bb93d25e9af1ba > > > > https://github.com/tianocore/edk2/commit/caf8b3872ae2ac961c9fdf4d1d2c5d072c207299 > > > > Redo the cryptodisk secret handler to make it completely > > generic > > and pluggable using a list of named secret providers. Also > > allow an optional additional argument for secret providers that may > > have more than one secret. > > > > v2: update geli.c to use conditional prompt and add callback for > > variable message printing and secret destruction > > > > To achieve encrypted disk images in the AMD SEV and other > > confidential computing encrypted virtual machines, we need to add > > the ability for grub to retrieve the disk passphrase from an OVMF > > provisioned > > configuration table. > > > > https://github.com/tianocore/edk2/commit/01726b6d23d4c8a870dbd5b96c0b9e3caf38ef3c > > > > The patches in this series modify grub to look for the disk > > passphrase in the secret configuration table and use it to decrypt > > any disks in the system if they are found. This is so an encrypted > > image with a properly injected password will boot without any user > > intervention. > > > > The three patches firstly modify the cryptodisk consumers to allow > > arbitrary password getters instead of the current console based > > one. The next patch adds a '-s module [id]' option to cryptodisk > > to allow it to use plugin provided passwords and the final one adds > > a sevsecret command to check for the secrets configuration table > > and provision the disk passphrase from it if an entry is > > found. With all this in place, the sequence to boot an encrypted > > volume without user intervention is: > > > > cryptomount -s efisecret > > source (crypto0)/boot/grub.cfg > > > > Assuming there's a standard Linux root partition. > > Thank you for posting this patch series. Unfortunately it conflicts > with [1] patches. And I want to take [1] first because it is an > important improvement for GRUB's crypto infrastructure. Additionally, > as Glenn said in [1], this crypto infra change should simplify your > code too. > > I have just finished reviewing Glenn's patches and waiting for v4. > I hope we will be able to merge it soon. If you could take a look at > the [1] and check if it does not make any troubles for you it would > be perfect. > > I will drop you a line when Glenn's patches are in the tree and you > can rebase your patch set on top of it. Yes, the rebase looks trivial. I'll do it and repost as soon as the patches are upstream. Regards, James