From: James Bottomley <jejb@linux.ibm.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Cc: "Dov Murik" <dovmurik@linux.ibm.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Christophe de Dinechin" <cdupontd@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"amd-sev-snp@lists.suse.com" <amd-sev-snp@lists.suse.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: Re: SVSM vTPM specification
Date: Wed, 19 Oct 2022 19:38:51 -0400 [thread overview]
Message-ID: <3a3408a4ede88c324d9b9237e291bc399af46792.camel@linux.ibm.com> (raw)
In-Reply-To: <CAAH4kHYT3uvqypi8XsrSeLzES8ncO_DRbzSdA1zF=csj3QyB4A@mail.gmail.com>
On Wed, 2022-10-19 at 15:14 -0700, Dionna Amalie Glaze wrote:
> > > Hmm, do we need also something like SNP_GET_EXT_REPORT which also
> > > returns the cert-chain stored in the host kernel? Or modify this
> > > call to also return the certs?
> >
> > Yes, good catch. I believe we do. Adding two more parameters (maybe
> > change this to a struct now?) for Cert Data GPA and Cert Data size
> > is the way to go. We want the Cert Data that is associated with the
> > attestation report that was generated, in an "atomic" way. Once
> > live migration is available, the VM could theoretically be migrated
> > in between two functions calls and then the VCEK wouldn't match.
> >
> > Thanks,
> > Tom
> >
>
> I thought that TPM2_EC_Emphemeral would get the EC public key and
> Tspi_Key_GetPubKey could be used to get the SRK public key.
I don't think I really follow this at all. Tspi_ was the old Trousers
(TPM 1.2) TSS API and TPM2_EC_Ephemeral is used to generate a random EC
key for use in the two phase commit protocol for doing ECDH.
> I might be mistaken, but I believe the TPM has commands for this
> already, so the vTPM protocol doesn't need an extra entrypoint. The
> TPM keys shouldn't change through live migration, so querying
> separately should work.
The keys/certificates being referred to above quote are the PSP chip
signing keys used to sign the attestation report. They do change if
the VM+SVSM is migrated to a new host. The vTPM will go with the VM so
its seeds will remain the same, but the attestation report binding the
SVSM to the vTPM will change signing keys.
James
next prev parent reply other threads:[~2022-10-19 23:39 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-12 16:38 SVSM vTPM specification Tom Lendacky
2022-10-12 17:33 ` Dr. David Alan Gilbert
2022-10-12 18:44 ` James Bottomley
2022-10-13 15:14 ` Tom Lendacky
2022-10-13 15:29 ` Daniele Buono
2022-10-13 15:30 ` James Bottomley
2022-10-18 20:22 ` Dov Murik
2022-10-19 5:47 ` Christophe de Dinechin
2022-10-19 6:39 ` Dov Murik
2022-10-19 8:08 ` Daniel P. Berrangé
2022-10-19 12:09 ` Christophe de Dinechin
2022-10-19 12:38 ` James Bottomley
2022-10-19 13:05 ` Daniel P. Berrangé
2022-10-19 14:43 ` Tom Lendacky
2022-10-19 15:20 ` James Bottomley
2022-10-19 21:58 ` Tom Lendacky
2022-10-19 20:57 ` Dov Murik
2022-10-19 22:04 ` Tom Lendacky
2022-10-19 22:14 ` Dionna Amalie Glaze
2022-10-19 23:38 ` James Bottomley [this message]
2022-10-19 22:36 ` [EXTERNAL] " David Altobelli
[not found] ` <CABayD+cYCj=uOtC5h1d781jh_B6XqxmZNfR69taEex7yvkizRw@mail.gmail.com>
[not found] ` <SJ0PR21MB132378C080FFED1E283B4051E92A9@SJ0PR21MB1323.namprd21.prod.outlook.com>
2022-10-20 20:29 ` James Bottomley
2022-10-21 0:02 ` [EXTERNAL] " Jon Lange
2022-10-21 13:04 ` James Bottomley
2022-10-21 16:31 ` [EXTERNAL] " Jon Lange
2022-10-22 3:20 ` James Bottomley
2022-10-24 4:51 ` [EXTERNAL] " Jon Lange
2022-10-24 10:59 ` Dr. David Alan Gilbert
2022-10-24 11:45 ` Dov Murik
2022-10-24 19:02 ` Tom Lendacky
2022-10-24 19:18 ` Dionna Amalie Glaze
2022-10-25 8:51 ` Dov Murik
2022-10-25 9:43 ` Christophe de Dinechin
2022-10-25 14:08 ` Tom Lendacky
2022-10-25 14:13 ` James Bottomley
2022-10-29 0:25 ` Steve Rutherford
2022-10-29 13:27 ` James Bottomley
2022-10-19 11:21 ` Dr. David Alan Gilbert
2022-10-19 11:45 ` James Bottomley
2022-10-12 19:05 ` James Bottomley
2022-10-13 18:54 ` Tom Lendacky
2022-10-13 19:20 ` James Bottomley
2022-10-13 20:54 ` Daniel P. Smith
2022-10-13 21:06 ` James Bottomley
2022-10-13 21:14 ` Daniel P. Smith
2022-10-13 21:41 ` James Bottomley
2022-10-14 17:16 ` Stuart Yoder
2022-10-14 21:46 ` Tom Lendacky
2022-10-16 16:29 ` Daniel P. Smith
2022-10-16 16:44 ` James Bottomley
2022-10-21 11:54 ` Daniel P. Smith
2022-10-21 12:31 ` James Bottomley
2022-10-18 20:45 ` Dov Murik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a3408a4ede88c324d9b9237e291bc399af46792.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=berrange@redhat.com \
--cc=cdupontd@redhat.com \
--cc=dgilbert@redhat.com \
--cc=dionnaglaze@google.com \
--cc=dovmurik@linux.ibm.com \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).