From: James Bottomley <jejb@linux.ibm.com>
To: "Jörg Rödel" <jroedel@suse.de>, "Tom Lendacky" <thomas.lendacky@amd.com>
Cc: Klaus Kiwi <kkiwi@redhat.com>,
linux-coco@lists.linux.dev, kvm@vger.kernel.org,
amd-sev-snp@lists.suse.com
Subject: Re: [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP
Date: Thu, 04 May 2023 13:04:09 -0400 [thread overview]
Message-ID: <614e66054c58048f2f43104cf1c9dcbc8745f292.camel@linux.ibm.com> (raw)
In-Reply-To: <ZFJTDtMK0QqXK5+E@suse.de>
On Wed, 2023-05-03 at 14:26 +0200, Jörg Rödel wrote:
> On Tue, May 02, 2023 at 06:03:55PM -0500, Tom Lendacky wrote:
[...]
> > - On the subject of priorities, the number one priority for the
> > linux-svsm project has been to quickly achieve production
> > quality vTPM support. The support for this is being actively worked
> > on by linux-svsm contributors and we'd want to find fastest path
> > towards getting that redirected into coconut-svsm (possibly
> > starting with CPL0
> > implementation until CPL3 support is available) and the project
> > hardened for a release. I imagine there will be some competing
> > priorities from coconut-svsm project currently, so wanted to
> > get this out on the table from the beginning.
>
> That has been under discussion for some time, and honestly I think
> the approach taken is the main difference between linux-svsm and
> COCONUT. My position here is, and that comes with a big 'BUT', that I
> am not fundamentally opposed to having a temporary solution for the
> TPM until CPL-3 support is at a point where it can run a TPM module.
OK, so this, for IBM, is directly necessary. We have the vTPM pull
request about ready to go and we'll probably send it still to the AMD
SVSM. Given that the AMD SVSM already has the openssl library and the
attestation report support, do you want to pull them into coconut
directly so we can base a coconut vTPM pull request on that?
> And here come the 'BUT': Since the goal of having one project is to
> bundle community efforts, I think that the joint efforts are better
> targeted at getting CPL-3 support to a point where it can run
> modules. On that side some input and help is needed, especially to
> define the syscall interface so that it suits the needs of a TPM
> implementation.
Crypto support in ring-0 is unavoidable if we want to retain control of
the VMPCK0 key in ring-0. I can't see us giving it to ring-3 because
that would give up control of the SVSM identity and basically make the
ring-0 separation useless because you can compromise ring-3 and get the
key and then communicate with the PSP as the SVSM.
I think the above problem also indicates no-one really has a fully
thought out security model that shows practically how ring-3 improves
the security posture. So I really think starting in ring-0 and then
moving pieces to ring-3 and discussing whether this materially improves
the security posture based on the code and how it operates gets us
around the lack of understanding of the security model because we
proceed by evolution.
The next question that's going to arise is *where* the crypto libraries
should reside. Given they're somewhat large, duplicating them for
every cpl-3 application plus cpl-3 seems wasteful, so some type of vdso
model sounds better (and might work instead of a syscall interfaces for
cpl-0 services that are pure code).
> It is also not the case that CPL-3 support is out more than a year or
> so. The RamFS is almost ready, as is the archive file inclusion[1].
> We will move to task management next, the goal is still to have basic
> support ready in 2H2023.
>
> [1] https://github.com/coconut-svsm/svsm/pull/27
Well, depending on how you order them, possibly. The vTPM has a simple
request/response model, so it really doesn't have much need of a
scheduler for instance. And we could obviously bring up cpl-3 before a
module loader/ram filesystem and move to that later.
> If there is still a strong desire to have COCONUT with a TPM (running
> at CPL-0) before CPL-3 support is usable, then I can live with
> including code for that as a temporary solution. But linking huge
> amounts of C code (like openssl or a tpm lib) into the SVSM rust
> binary kind of contradicts the goals which made us using Rust for
> project in the first place. That is why I only see this as a
> temporary solution.
I'm not sure it will be. If some cloud or distro wants to shoot for
FIPS compliance of the SVSM, for instance, a requirement will likely be
to use a FIPS certified crypto library ... and they're all currently in
C. That's not to say we shouldn't aim for minimizing the C
dependencies, but I don't see a "pure rust or else" approach
facilitating the initial utility of the project.
James
next prev parent reply other threads:[~2023-05-04 17:06 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-21 9:29 [ANNOUNCEMENT] COCONUT Secure VM Service Module for SEV-SNP Jörg Rödel
2023-03-21 11:09 ` James Bottomley
2023-03-21 12:43 ` Jörg Rödel
2023-03-21 13:43 ` James Bottomley
2023-03-21 15:14 ` Jörg Rödel
2023-03-21 17:48 ` Dr. David Alan Gilbert
2023-03-21 18:50 ` Jörg Rödel
2023-03-21 20:05 ` James Bottomley
2023-03-22 1:29 ` Marc Orr
2023-03-22 17:57 ` Daniel P. Berrangé
2023-03-22 9:15 ` Jörg Rödel
2023-03-22 18:07 ` Daniel P. Berrangé
2023-03-22 18:24 ` Dionna Amalie Glaze
2023-03-21 15:06 ` Dr. David Alan Gilbert
2023-03-21 15:25 ` Jörg Rödel
2023-03-21 16:56 ` Dr. David Alan Gilbert
2023-03-21 19:03 ` Jörg Rödel
2023-03-21 19:53 ` Dr. David Alan Gilbert
2023-03-22 9:19 ` Jörg Rödel
2023-03-22 9:43 ` Alexander Graf
2023-03-22 10:34 ` Dr. David Alan Gilbert
2023-03-22 17:37 ` Dionna Amalie Glaze
2023-03-22 17:47 ` Dr. David Alan Gilbert
2023-03-22 21:53 ` James Bottomley
2023-04-11 19:57 ` Tom Lendacky
2023-04-11 20:01 ` Dionna Amalie Glaze
2023-04-13 16:57 ` James Bottomley
2023-04-14 9:00 ` Jörg Rödel
2023-05-02 23:03 ` Tom Lendacky
2023-05-03 12:26 ` Jörg Rödel
2023-05-03 15:24 ` Dionna Amalie Glaze
2023-05-03 15:43 ` James Bottomley
2023-05-03 16:10 ` Daniel P. Berrangé
2023-05-03 16:51 ` Claudio Carvalho
2023-05-03 17:16 ` Alexander Graf
2023-05-05 15:34 ` Jörg Rödel
2023-05-05 15:47 ` Daniel P. Berrangé
2023-05-04 17:04 ` James Bottomley [this message]
2023-05-05 12:35 ` Christophe de Dinechin
2023-05-06 12:48 ` James Bottomley
2023-05-08 5:16 ` Alexander Graf
2023-05-05 15:02 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=614e66054c58048f2f43104cf1c9dcbc8745f292.camel@linux.ibm.com \
--to=jejb@linux.ibm.com \
--cc=amd-sev-snp@lists.suse.com \
--cc=jroedel@suse.de \
--cc=kkiwi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).