From: "Jörg Rödel" <jroedel@suse.de>
To: James Bottomley <jejb@linux.ibm.com>
Cc: "Christophe de Dinechin Dupont de Dinechin" <cdupontd@redhat.com>,
"\"Daniel P. Berrangé\"" <berrange@redhat.com>,
linux-coco@lists.linux.dev, amd-sev-snp@lists.suse.com
Subject: Re: SVSM initiated early attestation / guest secrets injection
Date: Fri, 20 Jan 2023 09:37:35 +0100 [thread overview]
Message-ID: <Y8pSzx1g8THT3rnC@suse.de> (raw)
In-Reply-To: <ad022a0c7cbe2b77da830e1bc0864d7841aab375.camel@linux.ibm.com>
On Thu, Jan 19, 2023 at 04:29:23PM -0500, James Bottomley wrote:
> How can they stay there? Even if the SVSM is the point of first
> contact to receive the secret, it must give the secret to higher VMPLs
> to try the mount, so the higher VMPLs have to destroy the secret they
> were given on failure.
My thinking was that the SVSM will only hand out the secrets once the
code in higher VMPLs has proven itself to be trusted. But it is possible
for an attacker to create an image with the expected parts to get the
measurements right and then use a fall-back mount if decryption fails to
steal the secret.
But such mount fallbacks a generally a bad idea in a CVM.
Regards,
--
Jörg Rödel
jroedel@suse.de
SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
next prev parent reply other threads:[~2023-01-20 8:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-12 14:39 SVSM initiated early attestation / guest secrets injection Daniel P. Berrangé
2023-01-13 17:22 ` Jörg Rödel
2023-01-13 18:02 ` James Bottomley
2023-01-14 16:57 ` Jörg Rödel
2023-01-19 14:05 ` Christophe de Dinechin Dupont de Dinechin
2023-01-19 14:10 ` James Bottomley
2023-01-19 21:18 ` Jörg Rödel
2023-01-19 21:29 ` James Bottomley
2023-01-20 8:37 ` Jörg Rödel [this message]
2023-01-20 8:57 ` Daniel P. Berrangé
2023-01-20 12:39 ` James Bottomley
2023-01-20 12:51 ` Daniel P. Berrangé
2023-01-20 17:10 ` James Bottomley
2023-01-20 12:32 ` James Bottomley
2023-01-13 18:28 ` Daniel P. Berrangé
2023-01-13 18:52 ` Dionna Amalie Glaze
2023-01-16 9:36 ` Daniel P. Berrangé
2023-01-14 17:08 ` Jörg Rödel
2023-01-14 18:22 ` James Bottomley
2023-01-16 16:55 ` Jörg Rödel
2023-01-16 16:59 ` James Bottomley
2023-01-17 16:47 ` Jörg Rödel
2023-01-16 17:13 ` Daniel P. Berrangé
2023-01-17 16:53 ` Jörg Rödel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8pSzx1g8THT3rnC@suse.de \
--to=jroedel@suse.de \
--cc=amd-sev-snp@lists.suse.com \
--cc=berrange@redhat.com \
--cc=cdupontd@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=linux-coco@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).