Re: [Qemu-devel] [Qemu-ppc] [PATCH v7 0/2] spapr-rtas: add ibm, get-vpd RTAS interface

["Daniel P. Berrangé" <berrange@redhat.com>]

On Fri, Apr 12, 2019 at 04:57:01PM +0200, Greg Kurz wrote:
> On Tue, 09 Apr 2019 18:24:07 +0200
> Andrea Bolognani <abologna@redhat.com> wrote:
> 
> > Apologies for taking this long to respond.
> > 
> 
> No problem :)
> 
> > On Mon, 2019-04-08 at 14:27 +1000, David Gibson wrote:
> > > On Tue, Apr 02, 2019 at 12:28:07PM +0200, Greg Kurz wrote:  
> > > > The recent fixes around "host-serial" and "host-model" simply moved
> > > > the decision to expose host data to the upper layer, ie. libvirt
> > > > which should be involved in this discussion.  
> > > 
> > > Right, that's deliberate.  Note that roughly-equivalent information on
> > > x86 is currently supplied via the SMBIOS.  OpenStack Nova sets that,
> > > rather than qemu, and I'd like to move towards a common configuration
> > > model with x86, though it's a fairly long path to there.
> > > 
> > > OpenStack had an equivalent security problem to our one, which it
> > > addressed by taking the host serial from /etc/machine-id if present
> > > rather than the real host info.  
> > 
> > IIUC the situation is a bit different between x86 and ppc64, because
> > while for the latter SPAPR defines a way for the guest to access
> > information about the host it's running on, that's not the case for
> > the former, at least to the best of my knowledge.
> > 
> > What OpenStack is doing is reading the machine-id (if explicitly
> > configured to do so: the default is to use the guest's own UUID[1])
> > and exposing that as the *guest* serial, not as the *host* serial.
> > 
> 
> Hmm... are you sure ? Daniel seems to be saying the opposite here:
> 
> https://bugs.launchpad.net/nova/+bug/1337349/comments/9

Note my comment is from 2014, where as Andrea is describing OpenStack's
impl in 2019 :-)

Originally Nova would populate guest SMBIOS with a UUID taken
from Host SMBIOS

My fix for the security problem made it use host /etc/machine-id
instead of Host SMBIOS when /etc/machine-id is available.

In Nova 2018, Nova was changed to use the guest instance UUID
instead of /etc/machine-id by default.

Anyway the key factor is to *never* expose and UUID you get
from the host hardware as vendors frequently treat these as
semi-secret keys.

If you need a UUID, it has to be software generated from
somewhere and not otherwise need to be kept private.

As long as QEMU lets this be configurable, libvirt can plumb
it into its sysinfo XML and thus we can ultimately delegate
the decision to the mgmt app like OpenStack.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|