Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp172574rwb; Fri, 4 Aug 2023 10:47:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEQ0RajPUfm2IFGJma+SDESg0MOB/Ba3WpJezH5aV7rCTizbsVSJsX+YaeuIOBcJ11fgxZ2 X-Received: by 2002:a05:6808:3c1:b0:3a4:894a:9f57 with SMTP id o1-20020a05680803c100b003a4894a9f57mr2553143oie.6.1691171223655; Fri, 04 Aug 2023 10:47:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691171223; cv=none; d=google.com; s=arc-20160816; b=mOyveGWpGReUCjcqTttWQdZsxwUmQbgsyjq/VLkohC9HiIxKvnqPyKW4HEeDFKd9iS T9mrY5076KT8AubZ+lkVHGt4nSvQasI+Avzm8CYhiDBlXFIICOhZO8OdryKSmAKT3pv1 tuROD3BwElgJWIHntZQ/wt53rapk8QoFchkU9KEsjeD6BH3MJu+ZhrtCNVINNUk6Zl7l W7g0QoYCNG9lVH0snfamlMDAX+RJORJkSIhLQ7H+Uh/boUiPvifN+w1t8BB0obfDh1gB zIE7xrKFIcYSLVobD34PT8AalqZ55+4c7krQTRPn01JH4u3V8y41/9Hoq+BmNHTor6y2 6uuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=fw7ye7s+c5NTrlNZDx18HldBwnXoQYg+VadoM3YrDk8=; fh=N+GU2PeZSCLcVuplKdL/hYqTUlqjSNaAYoAg0brzXVY=; b=JNLiDZDkhXv+6keQhhU315ShjggPwlDX5YxlWL1jKK/2z7VICI7oJpGIZlfeObEthY MEE6uslM0w6CrXulmHiEPg+QdBs0P/5wmmDWJ41wbwHaILiPcK7wZETI0uJqOHpldGWO 2bh6xW5LDd22DJudh8nfJFmc+dK2n2jdilhaLEYuE3RdJ/S0y+Obu8ryKkCpfzGykK3i JMQLXTVN4zJ4orlRkIEaXUffW9zqTpyj/QtVFdcc44kBtNM1T01I5jkBhMSBKylQX8zQ UtCPXEU5RuRL2kCr/H4rg08zcj3g35A80R906vGQEVciYxnIbXt+M21icHS8beOI/NFd RIhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=cuFMIwvw; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=cuFMIwvw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p10-20020a63fe0a000000b0055fdd303745si2105656pgh.421.2023.08.04.10.46.34; Fri, 04 Aug 2023 10:47:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=cuFMIwvw; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=cuFMIwvw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230395AbjHDQqQ (ORCPT + 99 others); Fri, 4 Aug 2023 12:46:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229708AbjHDQqP (ORCPT ); Fri, 4 Aug 2023 12:46:15 -0400 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A45A46B2; Fri, 4 Aug 2023 09:46:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1691167571; bh=0yfjbmOQ+REYZtNteufkayqRW7eIiIL04EP9auZ+Q2g=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=cuFMIwvw/3I+GVupCiRBVy7adfCSFtuaO7dpnolQvfQICOZcHyvRIN7yKcDkt4nAr DfdV9stamQazk0G4HCsUvOXX9oOcHWQYttB3CQhmOd3uudfLIView5+sn/aaDZLFm8 g3M4wzy7kIqJkQqlthE/Qd6+AxANzS/XoZMVAcx4= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 6B95F1281D1D; Fri, 4 Aug 2023 12:46:11 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id ctA5lkaDfDdb; Fri, 4 Aug 2023 12:46:11 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1691167571; bh=0yfjbmOQ+REYZtNteufkayqRW7eIiIL04EP9auZ+Q2g=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=cuFMIwvw/3I+GVupCiRBVy7adfCSFtuaO7dpnolQvfQICOZcHyvRIN7yKcDkt4nAr DfdV9stamQazk0G4HCsUvOXX9oOcHWQYttB3CQhmOd3uudfLIView5+sn/aaDZLFm8 g3M4wzy7kIqJkQqlthE/Qd6+AxANzS/XoZMVAcx4= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 0F1BE1281747; Fri, 4 Aug 2023 12:46:09 -0400 (EDT) Message-ID: <66161ce56ec783d1ec452a50b80b120bec8b56e8.camel@HansenPartnership.com> Subject: Re: [PATCH 1/4] keys: Introduce tsm keys From: James Bottomley To: Dionna Amalie Glaze , Dan Williams Cc: Jarkko Sakkinen , Peter Gonda , dhowells@redhat.com, Kuppuswamy Sathyanarayanan , Greg Kroah-Hartman , Samuel Ortiz , peterz@infradead.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Fri, 04 Aug 2023 12:46:08 -0400 In-Reply-To: References: <169057265210.180586.7950140104251236598.stgit@dwillia2-xfh.jf.intel.com> <169057265801.180586.10867293237672839356.stgit@dwillia2-xfh.jf.intel.com> <64cc650233ef9_782a329489@dwillia2-xfh.jf.intel.com.notmuch> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2023-08-04 at 09:37 -0700, Dionna Amalie Glaze wrote: [...] > > The coming addition of the SVSM to further isolate the guest and > provide extra "security devices" is also something to be aware of. > There will be a vTPM protocol and a new type of attestation that's > rooted to VMPL0 while Linux is still in VMPL3. I don't think this > will make sev-guest an unnecessary device though, since it's still > undecided how the TPM hierarchy can bind itself to the hardware in a > non-adhoc manner: there's no "attested TPM" spec to have something > between the null hierarchy and the more persistent attestation key > hierarchy. And TCG isn't in the business of specifying how to > virtualize the TPM technology, so we might have to manually link the > two together by getting the tpm quote and then doing a further > binding operation with the sev-guest device. Just on this one, it's already specified in the latest SVSM doc: https://lore.kernel.org/linux-coco/a2f31400-9e1c-c12a-ad7f-ea0265a12068@amd.com/ The Service Attestation Data on page 36-37. It says TPMT_PUBLIC of the EK. However, what it doesn't say is *which* EK. I already sent in a comment saying it should be the TCG template for the P-256 curve EK. So asking the SVSM to give you the attestation report for the VTPM service binds the EK of the vTPM. James