From: Dov Murik <dovmurik@linux.ibm.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>,
"Tobin Feldman-Fitzthum" <tobin@linux.ibm.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
James Bottomley <jejb@linux.ibm.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Dov Murik <dovmurik@linux.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Eric Blake <eblake@redhat.com>
Subject: Re: [PATCH] qapi, i386/sev: Add debug-launch-digest to launch-measure response
Date: Mon, 14 Feb 2022 10:15:16 +0200 [thread overview]
Message-ID: <3df428b3-b5d7-aacc-9639-d2c2dfca6ed7@linux.ibm.com> (raw)
In-Reply-To: <YffxpK99EibxdXG4@redhat.com>
On 31/01/2022 16:26, Daniel P. Berrangé wrote:
[...]
>
> IOW, I think there's only two scenarios that make sense
>
> 1. The combined launch digest over firmware, kernel hashes
> and VMSA state.
>
> 2. Individual hashes for each of firmware, kernel hashes table and
> VMSA state
>
Just one more data point relevant to this discussion: in SNP the guest
asks the PSP for a signed attestation report (MSG_REPORT_REQ). The
returned report (ATTESTATION_REPORT structure; see section 7.3 of [1])
includes a MEASUREMENT field which is the measurement calculated at
launch (it's a SHA384-based chain of hashes and not a hash of the entire
content as in SEV-ES; and GPAs are also included. Details in section
8.17). The entire report is signed with the signature appearing in a
separate SIGNATURE field.
Mimicking that in QEMU for SEV-ES would be in my opinion closer to
option (1) above.
Again, the proposed patch here doesn't yet include the VMSAs in the
GCTX.LD and therefore is lacking. Dave mentioned adding ioctl in KVM; I
think that Daniel once suggested adding a virtual file like
/sys/kernel/debug/kvm/617063-12/vcpu0/launch_vmsa with the 4KB VMSA content.
Note that AFAIK measured direct boot with -kernel is not yet supported
in SNP but we plan to add it (with similar hashes table) after the SNP
patches are accepted in OVMF.
[1] https://www.amd.com/system/files/TechDocs/56860.pdf
-Dov
prev parent reply other threads:[~2022-02-14 8:29 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-31 11:15 [PATCH] qapi, i386/sev: Add debug-launch-digest to launch-measure response Dov Murik
2022-01-31 11:44 ` Daniel P. Berrangé
2022-01-31 13:38 ` Dov Murik
2022-01-31 14:26 ` Daniel P. Berrangé
2022-02-01 21:43 ` Tobin Feldman-Fitzthum
2022-02-10 19:39 ` Dr. David Alan Gilbert
2022-02-11 10:06 ` Daniel P. Berrangé
2022-02-14 10:35 ` Dr. David Alan Gilbert
2022-02-14 8:15 ` Dov Murik [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3df428b3-b5d7-aacc-9639-d2c2dfca6ed7@linux.ibm.com \
--to=dovmurik@linux.ibm.com \
--cc=armbru@redhat.com \
--cc=ashish.kalra@amd.com \
--cc=berrange@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=dgilbert@redhat.com \
--cc=eblake@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).