Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp187163imj; Thu, 14 Feb 2019 18:14:59 -0800 (PST) X-Google-Smtp-Source: AHgI3Ibo2ReB0bDaRtmclQ/mZMFYkuK1rKfniyqNtTnguWXEZZzbqps2obqDXakGTvaipxbSsSqn X-Received: by 2002:a63:c22:: with SMTP id b34mr3049513pgl.398.1550196899635; Thu, 14 Feb 2019 18:14:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550196899; cv=none; d=google.com; s=arc-20160816; b=XXzZ0T9tvFk2m3/bH8yxtdBrxIOMS0YHmxD8CZFsXBUs2Zk3F502YG/7NpMq/bjb7I YammX5ZhzGEW4ElGMZYqrm4MKvw78+SjWMQoCYsddpTubSde6mTxt+itU9yVRP0x6cfG RSQMouLDsna4KnpkUqFuDT04/2OwFRge6HtAUbsJR5gyDCV3tLFCrQEM+UGGbWd/8DaI DLhbb25DGkHancMWP/VKcHV1NtSv4YwBY7b5Ch449Wx3GOzbUVSnVZ6t8asgUB65Sb5f KEHoNL260zij+YOCNRvzR/T6VNT77FFFD4Ueu6gU+BzqeCr+2cRJo8Edbm8Rbr0xbGpd I04Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version; bh=AuEDKfuBp1+raRwtt0FMOwcXttmIIcD2ACNX9+rQuYY=; b=ItId+HjBI6GcE0SZODrK/8q2mSvvpIQFAdH4Txd1cscc3md0qlVkJTk/JcErZp6SOq E4BDl9jp+KLxhPJwoqrTyRI4XdW8831av+Vf6Ud6jumo0eZrQyyb0yIHicx4/jLUOwX5 dI38AvzP/qYT6Poh26iG8U0gCqolURuHjCnBMCA24/ZyKqghshyVFSCeYhqH0JgigR7G vnfTzOVBp9kmI1rQ3K6deJf2uUcI/SlQmZuEPrx+O+Aw3YBzYCOG2U+BABdAB0YfJ945 wFG+/Wn6IIugCPYOErTvdAvr9pCPqsyxG4RU/z1D+Ndo56YycsWbAP07wV8GF6OtB2EN +gsg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7si4227223pll.301.2019.02.14.18.14.43; Thu, 14 Feb 2019 18:14:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2393035AbfBNVI4 (ORCPT + 99 others); Thu, 14 Feb 2019 16:08:56 -0500 Received: from mail-it1-f175.google.com ([209.85.166.175]:38481 "EHLO mail-it1-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387417AbfBNVI4 (ORCPT ); Thu, 14 Feb 2019 16:08:56 -0500 Received: by mail-it1-f175.google.com with SMTP id l66so7946670itg.3 for ; Thu, 14 Feb 2019 13:08:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=AuEDKfuBp1+raRwtt0FMOwcXttmIIcD2ACNX9+rQuYY=; b=K1ENEQW+sLiaseoTJPGV/e08UOmJpg46nssHHjq1E5UUu7DUsFgOst8sJTNA9zhnqi DquB8SPz8maTpAp1+BvSduc71LFvFdIb1N5Udq4qSSOhSAi6SNZWFAPgz/FX3+bqBB5S aqPgE0mD/yqJGWEED7j3EGxK8ExLH/+phDO8eE5lRZ60nTUPKELs91J0vai1ZAflNEVC VX9Okv6sABEspUIJ/11p/SopK15aJ25dbhemR1nmQ6TYoTJKaU0tXE7dSdS326YNX8Td TEnu5LUH08531+kH/4I1vyQ7SUPb7YDmlaao2fwPQbesArxjjkglyBR/P69atmQkfw9k AzIw== X-Gm-Message-State: AHQUAuaz6nZSxAeZ/dpI7pmL66YEZFk/I2sQF8L2tdn2OH33RN0jfCn8 F8sMfJofE+ADmfevItM4iXfssgDQivjPVjl7hODqxA== X-Received: by 2002:a24:6985:: with SMTP id e127mr3306678itc.28.1550178535442; Thu, 14 Feb 2019 13:08:55 -0800 (PST) MIME-Version: 1.0 From: Nathaniel McCallum Date: Thu, 14 Feb 2019 15:08:44 -0600 Message-ID: Subject: SEV Command Privilege Separation To: "Singh, Brijesh" , linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I've been working on wrapping various SEV kernel APIs for userspace consumption. There does not appear to be any privilege separation for these commands: you can run them all or none of them. This is less than ideal because it means that a compromise of the code which launches VMs could make permanent changes to the SEV certificate chain. These commands are required to attest the VM environment: SEV_PDH_CERT_EXPORT SEV_PLATFORM_STATUS SEV_GET_ID These commands manage the SEV certificate chain: SEV_PEK_CERT_IMPORT SEV_FACTORY_RESET SEV_PEK_GEN SEV_PEK_CSR SEV_PDH_GEN I would expect the first group of commands to be able to be called by whatever actor launches VMs. The latter group of commands should be able to be called by whatever actor manages the SEV environment. I don't have strong opinions on how this privilege separation should happen. It might be sufficient to distinguish these based on the mode of the open() call. This could then be managed with filesystem permissions. But I'm open to other ideas.