From: Peter Gonda <pgonda@google.com>
To: thomas.lendacky@amd.com
Cc: Peter Gonda <pgonda@google.com>,
Dionna Glaze <dionnaglaze@google.com>,
Borislav Petkov <bp@suse.de>, Michael Roth <michael.roth@amd.com>,
Haowen Bai <baihaowen@meizu.com>,
Yang Yingliang <yangyingliang@huawei.com>,
Marc Orr <marcorr@google.com>,
David Rientjes <rientjes@google.com>,
Ashish Kalra <Ashish.Kalra@amd.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: [PATCH V3 0/2] Fix security issue in SNP guest AES-GCM usage
Date: Thu, 27 Oct 2022 08:05:56 -0700 [thread overview]
Message-ID: <20221027150558.722062-1-pgonda@google.com> (raw)
Currently the ASP and SNP guest use an AES-GCM bases secure channel to
communicate with each other. The IV for this encryption scheme is a
sequence that each party maintains. Currently the ASP requires the
sequence number of the request to be exactly one more than its saved
sequence number and the ASP only increments its saved sequence number
after a successful command. That means if the guest request ever fails
it can only ever retry that exact encrypted command or discontinue its
use of that VMPCK. If it were to try another command it would either
need to reuse the sequence number which is the IC. That can lead to the
encryption scheme failing with AES-GCM. Or if it incremented the
sequence number the ASP would never accept the command due to sequence
number mismatch.
https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf
Cc: Dionna Glaze <dionnaglaze@google.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Cc: Haowen Bai <baihaowen@meizu.com>
Cc: Yang Yingliang <yangyingliang@huawei.com>
Cc: Marc Orr <marcorr@google.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Ashish Kalra <Ashish.Kalra@amd.com>
Cc: linux-kernel@vger.kernel.org
Cc: kvm@vger.kernel.org
Peter Gonda (2):
virt: sev: Prevent IV reuse in SNP guest driver
virt: sev: Allow for retrying SNP extended requests
arch/x86/include/asm/svm.h | 6 ++
arch/x86/kernel/sev.c | 28 ++++++--
drivers/virt/coco/sev-guest/sev-guest.c | 93 ++++++++++++++++---------
3 files changed, 91 insertions(+), 36 deletions(-)
--
2.38.0.135.g90850a2211-goog
next reply other threads:[~2022-10-27 15:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 15:05 Peter Gonda [this message]
2022-10-27 15:05 ` [PATCH V3 1/2] virt: sev: Prevent IV reuse in SNP guest driver Peter Gonda
2022-10-27 18:06 ` Tom Lendacky
2022-10-27 20:10 ` Peter Gonda
2022-10-27 20:30 ` Peter Gonda
2022-10-27 15:05 ` [PATCH V3 2/2] virt: sev: Allow for retrying SNP extended requests Peter Gonda
2022-10-27 17:27 ` Dionna Amalie Glaze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221027150558.722062-1-pgonda@google.com \
--to=pgonda@google.com \
--cc=Ashish.Kalra@amd.com \
--cc=baihaowen@meizu.com \
--cc=bp@suse.de \
--cc=dionnaglaze@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcorr@google.com \
--cc=michael.roth@amd.com \
--cc=rientjes@google.com \
--cc=thomas.lendacky@amd.com \
--cc=yangyingliang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox