From: "Jörg Rödel" <jroedel@suse.de>
To: Claudio Carvalho <cclaudio@linux.ibm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
amd-sev-snp@lists.suse.com, linux-coco@lists.linux.dev,
kvm@vger.kernel.org, Carlos Bilbao <carlos.bilbao@amd.com>,
Klaus Kiwi <kkiwi@redhat.com>
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Fri, 5 May 2023 17:34:20 +0200 [thread overview]
Message-ID: <ZFUh/KlLXJF+2hoJ@suse.de> (raw)
In-Reply-To: <cc22183359d107dc0be58b4f9509c8d785313879.camel@linux.ibm.com>
Hi Claudio,
On Wed, May 03, 2023 at 12:51:17PM -0400, Claudio Carvalho wrote:
> Thanks. I would be happy to collaborate in that discussion.
Great, I will send out that email early next week to get the discussion
rolling.
> I think the crypto support requires more design discussion since it is required
> in multiple places.
>
> The experience I've had adding SVSM-vTPM support is that the SVSM needs crypto
> for requesting an attestation report (SNP_GUEST_REQUEST messages sent to the
> security processor PSP have to be encrypted with AES_GCM) and the vTPM also
> needs crypto for the TPM crypto operations. We could just duplicate the crypto
> library, or find a way to share it (e.g. vdso approach).
>
> For the SVSM, it would be rust code talking to the crypto library; for the vTPM
> it would be the vTPM (most likely an existing C implementation) talking to the
> crypto library.
Right, where to place and how to share the crypto code needs more
discussion, there are multiple possible approaches. I have seen that you
have a talk at KVM Forum, so we can meet there in a larger group and
discuss those and other questions in person.
I think from this thread and other discussions happening it became clear
that there are currently a lot of different opinions on what the SVSM
should do and how it should look like. It would be great if we as a
community can get closer together on those questions (which is certainly
helpful for combining efforts).
Regards,
--
Jörg Rödel
jroedel@suse.de
SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
next prev parent reply other threads:[~2023-05-05 15:34 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43 ` Jörg Rödel
2023-03-21 13:43 ` James Bottomley
2023-03-21 15:14 ` Jörg Rödel
2023-03-21 17:48 ` Dr. David Alan Gilbert
2023-03-21 18:50 ` Jörg Rödel
2023-03-21 20:05 ` James Bottomley
2023-03-22 1:29 ` Marc Orr
2023-03-22 17:57 ` Daniel P. Berrangé
2023-03-22 9:15 ` Jörg Rödel
2023-03-22 18:07 ` Daniel P. Berrangé
2023-03-22 18:24 ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25 ` Jörg Rödel
2023-03-21 16:56 ` Dr. David Alan Gilbert
2023-03-21 19:03 ` Jörg Rödel
2023-03-21 19:53 ` Dr. David Alan Gilbert
2023-03-22 9:19 ` Jörg Rödel
2023-03-22 9:43 ` Alexander Graf
2023-03-22 10:34 ` Dr. David Alan Gilbert
2023-03-22 17:37 ` Dionna Amalie Glaze
2023-03-22 17:47 ` Dr. David Alan Gilbert
2023-03-22 21:53 ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01 ` Dionna Amalie Glaze
2023-04-13 16:57 ` James Bottomley
2023-04-14 9:00 ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26 ` Jörg Rödel
2023-05-03 15:24 ` Dionna Amalie Glaze
2023-05-03 15:43 ` James Bottomley
2023-05-03 16:10 ` Daniel P. Berrangé
2023-05-03 16:51 ` Claudio Carvalho
2023-05-03 17:16 ` Alexander Graf
2023-05-05 15:34 ` Jörg Rödel [this message]
2023-05-05 15:47 ` Daniel P. Berrangé
2023-05-04 17:04 ` James Bottomley
2023-05-05 12:35 ` Christophe de Dinechin
2023-05-06 12:48 ` James Bottomley
2023-05-08 5:16 ` Alexander Graf
2023-05-05 15:02 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFUh/KlLXJF+2hoJ@suse.de \
--to=jroedel@suse.de \
--cc=amd-sev-snp@lists.suse.com \
--cc=carlos.bilbao@amd.com \
--cc=cclaudio@linux.ibm.com \
--cc=kkiwi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.