From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Peter Xu" <peterx@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Cornelia Huck" <cohuck@redhat.com>,
"Daniel P.Berrangé" <berrange@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
"Michael Roth" <michael.roth@amd.com>,
"Sean Christopherson" <seanjc@google.com>,
"Claudio Fontana" <cfontana@suse.de>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Isaku Yamahata" <isaku.yamahata@gmail.com>,
"Chenyi Qiang" <chenyi.qiang@intel.com>
Subject: Re: [PATCH v3 31/70] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM
Date: Tue, 19 Dec 2023 16:27:53 +0800 [thread overview]
Message-ID: <8532ca57-629e-41e2-93ef-4b1e25587d0c@intel.com> (raw)
In-Reply-To: <87edfjsjvx.fsf@pond.sub.org>
On 12/18/2023 9:46 PM, Markus Armbruster wrote:
> Xiaoyao Li <xiaoyao.li@intel.com> writes:
>
>> On 12/1/2023 7:00 PM, Markus Armbruster wrote:
>>> Xiaoyao Li <xiaoyao.li@intel.com> writes:
>>>
>>>> From: Isaku Yamahata <isaku.yamahata@intel.com>
>>>>
>>>> Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
>>>> can be provided for TDX attestation.
>>>>
>>>> So far they were hard coded as 0. Now allow user to specify those values
>>>> via property mrconfigid, mrowner and mrownerconfig. They are all in
>>>> base64 format.
>>>>
>>>> example
>>>> -object tdx-guest, \
>>>> mrconfigid=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,\
>>>> mrowner=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v,\
>>>> mrownerconfig=ASNFZ4mrze8BI0VniavN7wEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWeJq83v
>>>>
>>>> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
>>>> Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
>>>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>>>> ---
>>>> Changes in v3:
>>>> - use base64 encoding instread of hex-string;
>>>> ---
>>>> qapi/qom.json | 11 +++++-
>>>> target/i386/kvm/tdx.c | 85 +++++++++++++++++++++++++++++++++++++++++++
>>>> target/i386/kvm/tdx.h | 3 ++
>>>> 3 files changed, 98 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/qapi/qom.json b/qapi/qom.json
>>>> index 3a29659e0155..fd99aa1ff8cc 100644
>>>> --- a/qapi/qom.json
>>>> +++ b/qapi/qom.json
>>>> @@ -888,10 +888,19 @@
>>>> # pages. Some guest OS (e.g., Linux TD guest) may require this to
>>>> # be set, otherwise they refuse to boot.
>>>> #
>>>> +# @mrconfigid: base64 encoded MRCONFIGID SHA384 digest
>>>> +#
>>>> +# @mrowner: base64 encoded MROWNER SHA384 digest
>>>> +#
>>>> +# @mrownerconfig: base64 MROWNERCONFIG SHA384 digest
>>>
>>> Can we come up with a description that tells the user a bit more clearly
>>> what we're talking about? Perhaps starting with this question could
>>> lead us there: what's an MRCONFIGID, and why should I care?
>>
>> Below are the definition from TDX spec:
>>
>> MRCONFIGID: Software-defined ID for non-owner-defined configuration of the guest TD – e.g., run-time or OS configuration.
>>
>> MROWNER: Software-defined ID for the guest TD’s owner
>>
>> MROWNERCONFIG: Software-defined ID for owner-defined configuration of the guest TD – e.g., specific to the workload rather than the run-time or OS
>
> Have you considered using this for the doc comments? I'd omit
> "software-defined" in this context.
sure. I will use them in the next version.
>> They are all attestation related, and input by users who launches the TD . Software inside TD can retrieve them with TDREPORT and verify if it is the expected value.
>>
>> MROWNER is to identify the owner of the TD, MROWNERCONFIG is to pass OWNER's configuration. And MRCONFIGID contains configuration specific to OS level instead of OWNER.
>>
>> Below is the explanation from Intel inside, hope it can get you more clear:
>>
>> "These are primarily intended for general purpose, configurable software in a minimal TD. So, not a legacy VM image cloud customer wanting to move their VM out into the cloud. Also it’s not necessarily the case that any workload will use them all.
>>
>> MROWNER is for declaring the owner of the TD. An example use case would be an vHSM TD. HSMs need to know who their administrative contact is. You could customize the HSM image and measurements, but then people can’t recognize that this is the vHSM product from XYZ. So you put the unmodified vHSM stack in the TD, which will include MRTD/RTMRs that reflect the vHSM, and the owner’s public key in MROWNER. Now, when the vHSM starts up, to determine who is authorized to send commands, it does a TDREPORT, and looks at MROWNER.
>>
>> Extending this model, there could be important configuration information from the owner. In that case, MROWNERCONFIG is set to the hash of the config file that the vHSM should accept.
>>
>> This results in an attestable environment that explicitly indicates that it’s a well recognized vHSM TD, being administered by MROWNER and loading the configuration information that matches MROWNERCONFIG.
>>
>> Extending this idea of configuration of generally recognized software, it could be that there is a shim OS under the vHSM that itself is configurable. So MRCONFIGID, which isn’t a great name, can include configuration information intended for the OS level. The ID is confusing, but MRCONFIGID was the name we used for this register for SGX, so we kept the name."
>
> Include a reference to this document?
That was the email reply from internal attestation folks.
but I can add the link to this mail in the version.
>>>> +#
>>>> # Since: 8.2
>>>> ##
>>>> { 'struct': 'TdxGuestProperties',
>>>> - 'data': { '*sept-ve-disable': 'bool' } }
>>>> + 'data': { '*sept-ve-disable': 'bool',
>>>> + '*mrconfigid': 'str',
>>>> + '*mrowner': 'str',
>>>> + '*mrownerconfig': 'str' } }
>>>> ##
>>>> # @ThreadContextProperties:
>>> [...]
>>>
>
next prev parent reply other threads:[~2023-12-19 8:29 UTC|newest]
Thread overview: 161+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 7:14 [PATCH v3 00/70] QEMU Guest memfd + QEMU TDX support Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 01/70] *** HACK *** linux-headers: Update headers to pull in gmem APIs Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 02/70] RAMBlock: Add support of KVM private guest memfd Xiaoyao Li
2023-11-15 10:20 ` Daniel P. Berrangé
2023-11-16 3:34 ` Xiaoyao Li
2023-11-15 17:54 ` David Hildenbrand
2023-11-16 2:45 ` Xiaoyao Li
2023-11-20 9:19 ` David Hildenbrand
2023-11-30 7:35 ` Xiaoyao Li
2023-11-17 20:35 ` Isaku Yamahata
2023-11-30 8:31 ` Xiaoyao Li
2023-11-20 9:24 ` David Hildenbrand
2023-11-30 7:37 ` Xiaoyao Li
2023-11-30 11:01 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 03/70] RAMBlock/guest_memfd: Enable KVM_GUEST_MEMFD_ALLOW_HUGEPAGE Xiaoyao Li
2023-11-15 18:10 ` David Hildenbrand
2023-11-16 2:47 ` Xiaoyao Li
2023-11-20 9:26 ` David Hildenbrand
2023-11-30 7:32 ` Xiaoyao Li
2023-11-30 10:59 ` David Hildenbrand
2023-11-30 16:01 ` Sean Christopherson
2023-11-30 16:54 ` David Hildenbrand
2023-11-30 17:46 ` Peter Xu
2023-11-30 17:57 ` David Hildenbrand
2023-11-30 18:09 ` David Hildenbrand
2023-11-30 17:51 ` Daniel P. Berrangé
2023-11-30 18:22 ` David Hildenbrand
2023-12-01 11:22 ` Claudio Fontana
2023-11-30 8:00 ` Xiaoyao Li
2023-12-01 11:00 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 04/70] HostMem: Add mechanism to opt in kvm guest memfd via MachineState Xiaoyao Li
2023-11-15 18:14 ` David Hildenbrand
2023-11-16 2:53 ` Xiaoyao Li
2023-11-20 9:30 ` David Hildenbrand
2023-11-30 7:38 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 05/70] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot Xiaoyao Li
2023-11-17 20:50 ` Isaku Yamahata
2023-12-04 6:48 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 06/70] kvm: Introduce support for memory_attributes Xiaoyao Li
2023-11-15 10:38 ` Daniel P. Berrangé
2023-11-16 3:40 ` Xiaoyao Li
2023-12-12 13:56 ` Wang, Wei W
2023-12-21 6:11 ` Xiaoyao Li
2023-12-21 10:36 ` Wang, Wei W
2023-12-21 11:53 ` Xiaoyao Li
2023-12-21 13:47 ` Wang, Wei W
2024-01-09 5:47 ` Xiaoyao Li
2024-01-09 14:53 ` Wang, Wei W
2024-01-09 16:32 ` Xiaoyao Li
2024-01-10 1:53 ` Wang, Wei W
2023-11-15 7:14 ` [PATCH v3 07/70] physmem: Relax the alignment check of host_startaddr in ram_block_discard_range() Xiaoyao Li
2023-11-15 18:20 ` David Hildenbrand
2023-11-16 2:56 ` Xiaoyao Li
2023-11-20 9:56 ` David Hildenbrand
2023-12-04 7:35 ` Xiaoyao Li
2023-12-04 7:53 ` Xiaoyao Li
2023-12-04 9:52 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 08/70] physmem: replace function name with __func__ " Xiaoyao Li
2023-11-15 18:21 ` David Hildenbrand
2023-12-04 7:40 ` Xiaoyao Li
2023-12-04 9:49 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 09/70] physmem: Introduce ram_block_convert_range() for page conversion Xiaoyao Li
2023-11-17 21:03 ` Isaku Yamahata
2023-12-08 7:59 ` Xiaoyao Li
2023-12-08 11:52 ` David Hildenbrand
2023-12-21 6:18 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 10/70] kvm: handle KVM_EXIT_MEMORY_FAULT Xiaoyao Li
2023-11-15 10:42 ` Daniel P. Berrangé
2023-11-16 5:16 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 11/70] trace/kvm: Add trace for page convertion between shared and private Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 12/70] *** HACK *** linux-headers: Update headers to pull in TDX API changes Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 13/70] i386: Introduce tdx-guest object Xiaoyao Li
2023-12-01 10:52 ` Markus Armbruster
2023-12-04 7:59 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 14/70] target/i386: Implement mc->kvm_type() to get VM type Xiaoyao Li
2023-11-15 10:49 ` Daniel P. Berrangé
2023-11-16 6:22 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 15/70] target/i386: Parse TDX vm type Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 16/70] target/i386: Introduce kvm_confidential_guest_init() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 17/70] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 18/70] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Xiaoyao Li
2023-11-15 10:54 ` Daniel P. Berrangé
2023-12-07 7:18 ` Xiaoyao Li
2023-11-17 21:18 ` Isaku Yamahata
2023-12-07 7:16 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 19/70] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object Xiaoyao Li
2023-11-17 21:20 ` Isaku Yamahata
2023-11-15 7:14 ` [PATCH v3 20/70] i386/tdx: Adjust the supported CPUID based on TDX restrictions Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 21/70] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 22/70] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 23/70] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 24/70] i386/kvm: Move architectural CPUID leaf generation to separate helper Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 25/70] kvm: Introduce kvm_arch_pre_create_vcpu() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 26/70] i386/tdx: Initialize TDX before creating TD vcpus Xiaoyao Li
2023-11-15 11:01 ` Daniel P. Berrangé
2023-12-04 8:28 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 27/70] i386/tdx: Add property sept-ve-disable for tdx-guest object Xiaoyao Li
2023-12-01 10:53 ` Markus Armbruster
2023-11-15 7:14 ` [PATCH v3 28/70] i386/tdx: Make sept_ve_disable set by default Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 29/70] i386/tdx: Wire CPU features up with attributes of TD guest Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 30/70] i386/tdx: Validate TD attributes Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 31/70] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM Xiaoyao Li
2023-11-15 17:32 ` Daniel P. Berrangé
2023-12-01 11:00 ` Markus Armbruster
2023-12-14 3:07 ` Xiaoyao Li
2023-12-18 13:46 ` Markus Armbruster
2023-12-19 8:27 ` Xiaoyao Li [this message]
2023-11-15 7:14 ` [PATCH v3 32/70] i386/tdx: Implement user specified tsc frequency Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 33/70] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 34/70] kvm/memory: Introduce the infrastructure to set the default shared/private value Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 35/70] i386/tdx: Make memory type private by default Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 36/70] kvm/tdx: Don't complain when converting vMMIO region to shared Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 37/70] kvm/tdx: Ignore memory conversion to shared of unassigned region Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 38/70] i386/tdvf: Introduce function to parse TDVF metadata Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 39/70] i386/tdx: Parse TDVF metadata for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 40/70] i386/tdx: Skip BIOS shadowing setup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 41/70] i386/tdx: Don't initialize pc.rom for TDX VMs Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 42/70] i386/tdx: Track mem_ptr for each firmware entry of TDVF Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 43/70] i386/tdx: Track RAM entries for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 44/70] headers: Add definitions from UEFI spec for volumes, resources, etc Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 45/70] i386/tdx: Setup the TD HOB list Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 46/70] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 47/70] memory: Introduce memory_region_init_ram_guest_memfd() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 48/70] i386/tdx: register TDVF as private memory Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 49/70] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 50/70] i386/tdx: Finalize TDX VM Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 51/70] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 52/70] i386/tdx: handle TDG.VP.VMCALL<GetQuote> Xiaoyao Li
2023-11-15 17:51 ` Daniel P. Berrangé
2023-11-15 17:58 ` Daniel P. Berrangé
2023-12-29 2:30 ` Xiaoyao Li
2024-01-08 14:44 ` Daniel P. Berrangé
2024-01-09 5:38 ` Xiaoyao Li
2023-12-01 11:02 ` Markus Armbruster
2023-12-07 7:38 ` Xiaoyao Li
2023-12-07 9:20 ` Markus Armbruster
2023-12-21 11:05 ` Daniel P. Berrangé
2023-12-22 3:14 ` Xiaoyao Li
2023-12-22 13:14 ` Daniel P. Berrangé
2023-12-25 12:34 ` Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 53/70] i386/tdx: setup a timer for the qio channel Xiaoyao Li
2023-11-15 18:02 ` Daniel P. Berrangé
2023-11-15 7:15 ` [PATCH v3 54/70] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 55/70] i386/tdx: Limit the range size for MapGPA Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 56/70] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 57/70] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility Xiaoyao Li
2023-12-01 11:11 ` Markus Armbruster
2023-12-07 8:11 ` Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 58/70] pci-host/q35: Move PAM initialization above SMRAM initialization Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 59/70] q35: Introduce smm_ranges property for q35-pci-host Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 60/70] i386/tdx: Disable SMM for TDX VMs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 61/70] i386/tdx: Disable PIC " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 62/70] i386/tdx: Don't allow system reset " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 63/70] i386/tdx: LMCE is not supported for TDX Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 64/70] hw/i386: add eoi_intercept_unsupported member to X86MachineState Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 65/70] hw/i386: add option to forcibly report edge trigger in acpi tables Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 66/70] i386/tdx: Don't synchronize guest tsc for TDs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 67/70] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 68/70] i386/tdx: Skip kvm_put_apicbase() " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 69/70] i386/tdx: Don't get/put guest state for TDX VMs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 70/70] docs: Add TDX documentation Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8532ca57-629e-41e2-93ef-4b1e25587d0c@intel.com \
--to=xiaoyao.li@intel.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=cfontana@suse.de \
--cc=chenyi.qiang@intel.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@gmail.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).