From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"Jeremi Piotrowski" <jpiotrowski@linux.microsoft.com>,
"Claudio Siqueira de Carvalho" <cclaudio@ibm.com>,
"Rödel, Jörg" <jroedel@suse.com>,
"Lange, Jon" <jlange@microsoft.com>,
"Dong, Eddie" <eddie.dong@intel.com>,
"Johnson, Simon P" <simon.p.johnson@intel.com>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
"Perez, Ronald" <ronald.perez@intel.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>
Subject: Re: Coconut-SVSM - vTPM support for Intel TD Partitioning
Date: Fri, 02 Aug 2024 22:19:45 -0400 [thread overview]
Message-ID: <f809dfb51e14d93ec5538fba31d3d1478d69484c.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAAH4kHbiDaZjae21b2XPpWyPehBhGghshqz0jYf29G2p_vGKVQ@mail.gmail.com>
On Fri, 2024-08-02 at 18:54 -0700, Dionna Amalie Glaze wrote:
> More questions / comments
>
> 1.1 "Get TPM AK Cert (signed by EK)". This is something I thought for
> a long time too. That's not what the EK does. The EK does not sign
> anything. It's used for proving ownership of both EK and AK for
> ActivateCredential to get an AKcert from a trusted CA.
> What is your intended communication channel between SVSM and a CA for
> this credential activation?
Well, that's only if you need a privacy preserving mechanism for
certifying to outside entities. If you're acting on behalf of the
machine to the machine owner, there's no credible point to the whole
encryption EK, signing AK dance and you might as well use a signing EK.
I just published tools for allowing certification of the null seed used
by the kernel for session salting:
https://lore.kernel.org/linux-integrity/20240802202606.12767-1-James.Bottomley@HansenPartnership.com
And it uses a signing EK for similar reasons (it's long lived and there
are no privacy concerns if it acts solely for the machine owner).
> 2.2.2 item 6, migration needs to ensure that the vTPM state is not
> duplicated, which is a possible host attack by spinning up two
> targets and directing migration to both. This needs to be explicitly
> required for TPM security.
> 2.2.3 item 8 I don't think the community has fully agreed that MMIO
> should be the command pathway for SVSM-based vTPM due to performance
> problems. This appears to disallow an SVSM service call
> implementation as an enlightenment path.
Well, no, for the AMD SNP SVSM an enlightened TPM interface makes the
most sense because everything else is enlightened.
That brings me to a curious point: is the Intel TDX SVSM going to
follow the SVSM protocol interface? because if it is, it will
naturally inherit the enlightened interface (the code will be present
in the kernel, so it only needs activating). However, if the Intel
SVSM were going to ignore the SVSM protocol spec then it would have to
reinvent everything and the CRB interface might make more sense.
Regards,
James
next prev parent reply other threads:[~2024-08-03 2:19 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <MW4PR11MB5872CE9BEF8361203F72EDFD8C3B2@MW4PR11MB5872.namprd11.prod.outlook.com>
2024-03-28 6:29 ` question on vTPM interface in coconut-svsm Yao, Jiewen
2024-03-28 8:11 ` Reshetova, Elena
2024-03-28 9:11 ` Joerg Roedel
2024-03-28 12:03 ` James Bottomley
2024-03-28 12:22 ` Jeremi Piotrowski
2024-03-28 12:33 ` James Bottomley
2024-03-28 13:41 ` Jeremi Piotrowski
2024-03-28 13:54 ` James Bottomley
2024-03-28 14:09 ` Jeremi Piotrowski
2024-07-04 3:07 ` Coconut-SVSM - vTPM support for Intel TD Partitioning Yao, Jiewen
2024-08-01 22:38 ` Yao, Jiewen
2024-08-02 5:23 ` Dionna Amalie Glaze
2024-08-02 10:02 ` Yao, Jiewen
2024-08-02 12:27 ` James Bottomley
2024-08-02 15:40 ` James Bottomley
2024-08-03 1:54 ` Dionna Amalie Glaze
2024-08-03 2:19 ` James Bottomley [this message]
2024-08-05 9:55 ` Reshetova, Elena
2024-08-05 15:21 ` James Bottomley
2024-08-06 8:21 ` Reshetova, Elena
2024-08-06 15:51 ` Claudio Siqueira de Carvalho
2024-08-06 16:23 ` James Bottomley
2024-08-07 11:28 ` Reshetova, Elena
2024-08-07 12:21 ` James Bottomley
2024-08-07 16:04 ` Reshetova, Elena
2024-08-16 3:38 ` Yao, Jiewen
2024-08-16 16:13 ` Dionna Amalie Glaze
2024-08-19 5:54 ` Yao, Jiewen
2024-08-06 16:19 ` James Bottomley
2024-08-07 8:46 ` Reshetova, Elena
2024-08-16 3:09 ` Yao, Jiewen
2024-08-16 3:27 ` Yao, Jiewen
2024-04-08 8:50 ` question on vTPM interface in coconut-svsm Joerg Roedel
2024-04-08 15:05 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f809dfb51e14d93ec5538fba31d3d1478d69484c.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=cclaudio@ibm.com \
--cc=dionnaglaze@google.com \
--cc=eddie.dong@intel.com \
--cc=elena.reshetova@intel.com \
--cc=jejb@linux.ibm.com \
--cc=jiewen.yao@intel.com \
--cc=jlange@microsoft.com \
--cc=jpiotrowski@linux.microsoft.com \
--cc=jroedel@suse.com \
--cc=jun.nakajima@intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=ronald.perez@intel.com \
--cc=simon.p.johnson@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).