linux-coco.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
	"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
	"Jeremi Piotrowski" <jpiotrowski@linux.microsoft.com>,
	"Claudio Siqueira de Carvalho" <cclaudio@ibm.com>,
	"Rödel, Jörg" <jroedel@suse.com>
Cc: "Lange, Jon" <jlange@microsoft.com>,
	"Dong, Eddie" <eddie.dong@intel.com>,
	 "Johnson, Simon P" <simon.p.johnson@intel.com>,
	"Reshetova, Elena" <elena.reshetova@intel.com>,
	"Nakajima, Jun" <jun.nakajima@intel.com>,
	"Perez, Ronald" <ronald.perez@intel.com>,
	 "linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: Re: Coconut-SVSM - vTPM support for Intel TD Partitioning
Date: Fri, 02 Aug 2024 08:27:41 -0400	[thread overview]
Message-ID: <13ea31e26a9891722748c5d6e823f77b6c8b7809.camel@HansenPartnership.com> (raw)
In-Reply-To: <MW4PR11MB58721C73775C3AD60D8C50338CB22@MW4PR11MB5872.namprd11.prod.outlook.com>

On Thu, 2024-08-01 at 22:38 +0000, Yao, Jiewen wrote:
> Hi
> As follow up, we have drafted the vTPM document and put to
> https://github.com/intel-staging/td-partitioning-svsm/blob/svsm-tdp-vtpm/Documentation/TD%20Partitioning%20based%20virtual%20TPM%20Design%20Guide%20Rev%200.5.1.pdf
> .
> It describes the current TD Partitioning based vTPM design.

So this design follows what was in the ephemeral vTPM paper

https://dl.acm.org/doi/abs/10.1145/3627106.3627112

and is what IBM demoed at LPC.  However, the weakness in this design is
that there's no challenge for the platform attestation used in place of
the EK certificate.  We tried to argue around that because the
ephemeral EK changes on every boot and should thus mitigate any replay
concerns, but that can't extend to a stateful vTPM and we needed to
support both (and letting the attesting party provide the nonce even in
terms of the EK hash is still not good security practice).  That's why
the SVSM API includes a vTPM attestation protocol that allows the
external verifier to provide a nonce and dispenses with the EK cert
emulation protocol.

Regards,

James


  parent reply	other threads:[~2024-08-02 12:27 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <MW4PR11MB5872CE9BEF8361203F72EDFD8C3B2@MW4PR11MB5872.namprd11.prod.outlook.com>
2024-03-28  6:29 ` question on vTPM interface in coconut-svsm Yao, Jiewen
2024-03-28  8:11   ` Reshetova, Elena
2024-03-28  9:11     ` Joerg Roedel
2024-03-28 12:03   ` James Bottomley
2024-03-28 12:22     ` Jeremi Piotrowski
2024-03-28 12:33       ` James Bottomley
2024-03-28 13:41         ` Jeremi Piotrowski
2024-03-28 13:54           ` James Bottomley
2024-03-28 14:09             ` Jeremi Piotrowski
2024-07-04  3:07             ` Coconut-SVSM - vTPM support for Intel TD Partitioning Yao, Jiewen
2024-08-01 22:38               ` Yao, Jiewen
2024-08-02  5:23                 ` Dionna Amalie Glaze
2024-08-02 10:02                   ` Yao, Jiewen
2024-08-02 12:27                 ` James Bottomley [this message]
2024-08-02 15:40                 ` James Bottomley
2024-08-03  1:54                   ` Dionna Amalie Glaze
2024-08-03  2:19                     ` James Bottomley
2024-08-05  9:55                       ` Reshetova, Elena
2024-08-05 15:21                         ` James Bottomley
2024-08-06  8:21                           ` Reshetova, Elena
2024-08-06 15:51                             ` Claudio Siqueira de Carvalho
2024-08-06 16:23                               ` James Bottomley
2024-08-07 11:28                                 ` Reshetova, Elena
2024-08-07 12:21                                   ` James Bottomley
2024-08-07 16:04                                     ` Reshetova, Elena
2024-08-16  3:38                                       ` Yao, Jiewen
2024-08-16 16:13                                         ` Dionna Amalie Glaze
2024-08-19  5:54                                           ` Yao, Jiewen
2024-08-06 16:19                             ` James Bottomley
2024-08-07  8:46                               ` Reshetova, Elena
2024-08-16  3:09                                 ` Yao, Jiewen
2024-08-16  3:27                   ` Yao, Jiewen
2024-04-08  8:50   ` question on vTPM interface in coconut-svsm Joerg Roedel
2024-04-08 15:05     ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=13ea31e26a9891722748c5d6e823f77b6c8b7809.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=cclaudio@ibm.com \
    --cc=eddie.dong@intel.com \
    --cc=elena.reshetova@intel.com \
    --cc=jejb@linux.ibm.com \
    --cc=jiewen.yao@intel.com \
    --cc=jlange@microsoft.com \
    --cc=jpiotrowski@linux.microsoft.com \
    --cc=jroedel@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=linux-coco@lists.linux.dev \
    --cc=ronald.perez@intel.com \
    --cc=simon.p.johnson@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).