From: "Jörg Rödel" <jroedel@suse.de>
To: Jon Lange <jlange@microsoft.com>
Cc: Christophe de Dinechin Dupont de Dinechin <cdupontd@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"amd-sev-snp@lists.suse.com" <amd-sev-snp@lists.suse.com>
Subject: Re: [EXTERNAL] Re: SVSM Attestation and vTPM specification additions - v0.60
Date: Fri, 27 Jan 2023 09:35:06 +0100 [thread overview]
Message-ID: <Y9OMuuHz2utBASOm@suse.de> (raw)
In-Reply-To: <MN0PR21MB3072B01C5A138EA849D88BE4CACF9@MN0PR21MB3072.namprd21.prod.outlook.com>
Hi Jon,
On Thu, Jan 26, 2023 at 05:33:54PM +0000, Jon Lange wrote:
> One of the design goals of SVSM was to maximize the compatibility
> between all guest OSes and all SVSM implementations. The idea that
> there are SVSM-specific protocols seems, in general, to be directly
> contradictory to this goal. Why would it be desirable for a guest to
> have a conversation with its SVSM that is specific to the architecture
> of that SVSM? I would think it far superior to define every sort of
> interaction as a generic contract that could be supported by every
> SVSM implementation to maximize compatibility in accordance with the
> stated goal.
I agree in general that the SVSM implementations need to be compatible in
their guest-side interface and that a guest should not need to care which
SVSM implementation it is running on.
But I see still a need for implementation specific commands, which will
allow the guest owner to get information about the SVSM and which could
help with debugging in case of problems. These commands are tied to the
architecture of the underlying SVSM implementation and can not be
generic.
For example, an SVSM implementation can have one or more log buffers, it
can have a trace buffer (or not). Another SVSM might even allow the guest
OS to change some configuration data. In that area I see a clear need
for implemenation specific commands.
It probably makes sense to specify them in a way which allows the guest
OS to have a generic char driver to send implemenation specific commands
to every SVSM. On the guest OS side per-SVSM user-space tools can be used
with that char device.
> Put another way, seeing any upstream implementation that provides
> functionality that is complete with SVSM A but which cannot be
> achieved with SVSM B should not be viewed as a desirable feature of
> the protocol.
Implementation specific commands can also be used as a playground to
experiment with features that later can become part of the standard.
> Attestation itself is a generic concept that should be applicable to
> every SVSM. Why would anything related to attestation be implemented
> as specific to a single SVSM architecture?
I agree that things like attestation and vTPM must be part of the
generic protocol.
Regards,
--
Jörg Rödel
jroedel@suse.de
SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
next prev parent reply other threads:[~2023-01-27 8:35 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-10 18:54 SVSM Attestation and vTPM specification additions - v0.60 Tom Lendacky
2023-01-10 19:37 ` Tom Lendacky
2023-01-10 19:40 ` Dionna Amalie Glaze
2023-01-10 21:03 ` Tom Lendacky
2023-01-10 22:14 ` James Bottomley
2023-01-10 22:45 ` Tom Lendacky
2023-01-10 23:52 ` James Bottomley
2023-01-11 9:15 ` Christophe de Dinechin Dupont de Dinechin
2023-01-10 20:29 ` James Bottomley
2023-01-10 20:37 ` James Bottomley
2023-01-10 21:33 ` Tom Lendacky
2023-01-10 21:32 ` Tom Lendacky
2023-01-10 21:47 ` James Bottomley
2023-01-10 23:00 ` Tom Lendacky
2023-01-10 23:09 ` James Bottomley
2023-01-11 14:49 ` Tom Lendacky
2023-01-11 14:56 ` James Bottomley
2023-01-10 23:14 ` James Bottomley
2023-01-11 16:39 ` Christophe de Dinechin
2023-01-11 23:00 ` Tom Lendacky
2023-01-12 1:27 ` [EXTERNAL] " Jon Lange
2023-01-13 16:10 ` Tom Lendacky
2023-01-12 13:57 ` James Bottomley
2023-01-12 15:13 ` Tom Lendacky
2023-01-12 15:24 ` James Bottomley
2023-01-13 16:12 ` Tom Lendacky
2023-01-12 8:19 ` Dov Murik
2023-01-12 12:18 ` James Bottomley
2023-01-13 16:16 ` Tom Lendacky
2023-01-13 11:50 ` Nicolai Stange
2023-01-13 17:20 ` Tom Lendacky
2023-01-24 9:35 ` Jörg Rödel
2023-01-26 14:36 ` Tom Lendacky
2023-01-26 16:45 ` Christophe de Dinechin Dupont de Dinechin
2023-02-01 10:50 ` Jörg Rödel
2023-02-20 15:10 ` Tom Lendacky
2023-01-24 9:45 ` Jörg Rödel
2023-01-26 14:51 ` Tom Lendacky
2023-01-26 16:49 ` Christophe de Dinechin Dupont de Dinechin
2023-01-26 17:33 ` [EXTERNAL] " Jon Lange
2023-01-27 8:35 ` Jörg Rödel [this message]
2023-01-27 16:11 ` Jon Lange
2023-01-30 11:29 ` Jörg Rödel
2023-01-31 4:44 ` Jon Lange
2023-01-31 15:06 ` Tom Lendacky
2023-01-31 15:34 ` Jon Lange
2023-02-01 15:20 ` [EXTERNAL] " Christophe de Dinechin Dupont de Dinechin
2023-02-02 6:04 ` Jon Lange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y9OMuuHz2utBASOm@suse.de \
--to=jroedel@suse.de \
--cc=amd-sev-snp@lists.suse.com \
--cc=cdupontd@redhat.com \
--cc=jlange@microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).