Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp187163imj;
        Thu, 14 Feb 2019 18:14:59 -0800 (PST)
X-Google-Smtp-Source: AHgI3Ibo2ReB0bDaRtmclQ/mZMFYkuK1rKfniyqNtTnguWXEZZzbqps2obqDXakGTvaipxbSsSqn
X-Received: by 2002:a63:c22:: with SMTP id b34mr3049513pgl.398.1550196899635;
        Thu, 14 Feb 2019 18:14:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1550196899; cv=none;
        d=google.com; s=arc-20160816;
        b=XXzZ0T9tvFk2m3/bH8yxtdBrxIOMS0YHmxD8CZFsXBUs2Zk3F502YG/7NpMq/bjb7I
         YammX5ZhzGEW4ElGMZYqrm4MKvw78+SjWMQoCYsddpTubSde6mTxt+itU9yVRP0x6cfG
         RSQMouLDsna4KnpkUqFuDT04/2OwFRge6HtAUbsJR5gyDCV3tLFCrQEM+UGGbWd/8DaI
         DLhbb25DGkHancMWP/VKcHV1NtSv4YwBY7b5Ch449Wx3GOzbUVSnVZ6t8asgUB65Sb5f
         KEHoNL260zij+YOCNRvzR/T6VNT77FFFD4Ueu6gU+BzqeCr+2cRJo8Edbm8Rbr0xbGpd
         I04Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:subject:message-id:date:from
         :mime-version;
        bh=AuEDKfuBp1+raRwtt0FMOwcXttmIIcD2ACNX9+rQuYY=;
        b=ItId+HjBI6GcE0SZODrK/8q2mSvvpIQFAdH4Txd1cscc3md0qlVkJTk/JcErZp6SOq
         E4BDl9jp+KLxhPJwoqrTyRI4XdW8831av+Vf6Ud6jumo0eZrQyyb0yIHicx4/jLUOwX5
         dI38AvzP/qYT6Poh26iG8U0gCqolURuHjCnBMCA24/ZyKqghshyVFSCeYhqH0JgigR7G
         vnfTzOVBp9kmI1rQ3K6deJf2uUcI/SlQmZuEPrx+O+Aw3YBzYCOG2U+BABdAB0YfJ945
         wFG+/Wn6IIugCPYOErTvdAvr9pCPqsyxG4RU/z1D+Ndo56YycsWbAP07wV8GF6OtB2EN
         +gsg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p7si4227223pll.301.2019.02.14.18.14.43;
        Thu, 14 Feb 2019 18:14:59 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2393035AbfBNVI4 (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Thu, 14 Feb 2019 16:08:56 -0500
Received: from mail-it1-f175.google.com ([209.85.166.175]:38481 "EHLO
        mail-it1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387417AbfBNVI4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Feb 2019 16:08:56 -0500
Received: by mail-it1-f175.google.com with SMTP id l66so7946670itg.3
        for <linux-kernel@vger.kernel.org>; Thu, 14 Feb 2019 13:08:55 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=AuEDKfuBp1+raRwtt0FMOwcXttmIIcD2ACNX9+rQuYY=;
        b=K1ENEQW+sLiaseoTJPGV/e08UOmJpg46nssHHjq1E5UUu7DUsFgOst8sJTNA9zhnqi
         DquB8SPz8maTpAp1+BvSduc71LFvFdIb1N5Udq4qSSOhSAi6SNZWFAPgz/FX3+bqBB5S
         aqPgE0mD/yqJGWEED7j3EGxK8ExLH/+phDO8eE5lRZ60nTUPKELs91J0vai1ZAflNEVC
         VX9Okv6sABEspUIJ/11p/SopK15aJ25dbhemR1nmQ6TYoTJKaU0tXE7dSdS326YNX8Td
         TEnu5LUH08531+kH/4I1vyQ7SUPb7YDmlaao2fwPQbesArxjjkglyBR/P69atmQkfw9k
         AzIw==
X-Gm-Message-State: AHQUAuaz6nZSxAeZ/dpI7pmL66YEZFk/I2sQF8L2tdn2OH33RN0jfCn8
        F8sMfJofE+ADmfevItM4iXfssgDQivjPVjl7hODqxA==
X-Received: by 2002:a24:6985:: with SMTP id e127mr3306678itc.28.1550178535442;
 Thu, 14 Feb 2019 13:08:55 -0800 (PST)
MIME-Version: 1.0
From:   Nathaniel McCallum <npmccallum@redhat.com>
Date:   Thu, 14 Feb 2019 15:08:44 -0600
Message-ID: <CAOASepP1+ZzGfy62jO5S4ZtpYzPJKqVZntTPp8Xn-zK8Kd2k8A@mail.gmail.com>
Subject: SEV Command Privilege Separation
To:     "Singh, Brijesh" <brijesh.singh@amd.com>,
        linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

I've been working on wrapping various SEV kernel APIs for userspace
consumption. There does not appear to be any privilege separation for
these commands: you can run them all or none of them. This is less
than ideal because it means that a compromise of the code which
launches VMs could make permanent changes to the SEV certificate
chain.

These commands are required to attest the VM environment:
  SEV_PDH_CERT_EXPORT
  SEV_PLATFORM_STATUS
  SEV_GET_ID

These commands manage the SEV certificate chain:
  SEV_PEK_CERT_IMPORT
  SEV_FACTORY_RESET
  SEV_PEK_GEN
  SEV_PEK_CSR
  SEV_PDH_GEN

I would expect the first group of commands to be able to be called by
whatever actor launches VMs. The latter group of commands should be
able to be called by whatever actor manages the SEV environment.

I don't have strong opinions on how this privilege separation should
happen. It might be sufficient to distinguish these based on the mode
of the open() call. This could then be managed with filesystem
permissions. But I'm open to other ideas.