Received: by 2002:a05:7412:b101:b0:e2:908c:2ebd with SMTP id az1csp3065273rdb; Wed, 15 Nov 2023 21:32:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IFYRbTX5sPXw+TenOX/btQBsM3N+iX2AzFPCkF07G17IYSQ7N1SpN/oegx+N92Myz2HaZta X-Received: by 2002:a17:902:d4cd:b0:1c9:ea71:8032 with SMTP id o13-20020a170902d4cd00b001c9ea718032mr8246012plg.31.1700112723473; Wed, 15 Nov 2023 21:32:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700112723; cv=none; d=google.com; s=arc-20160816; b=n0fjB0Eid8EmTFSQ7kvPkmoip3dou6sW0jyoblP2eXmE9jIMHljEHbRlxkWGLBxtte OjeEPdf09grhXCFgc7BcU7vh6uMmXWrMxcS32q+AWgvdBgde1mqO2gcZq3zM6m7a01Bd 4W8lPlAAAeuoHYgOP0hWfDpazQkNQTWwhmW9QVN+3ZXid4eBLD0I0uC5p4QmrQpr/gIx MWAM4W2kqf2TX/iOVsrqlA1LTLh3X2DosVba2f6V//NSszCMk+nT52NfU++ueOJXXgwH 6vvgOejHlBX+JnoHQKUsztyh8XAIE3PcNWhQk+2EXDzVlAFA63U2JLjcQIPZR7kWluRq pNUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4diCtTL3EivIaKd6Yrty+RIJmvtzTDLTo/nXfRxccPk=; fh=46LbSgwv+EeyRk319sH//TXuIW8l0u61vAS/eisa6S4=; b=Y4RG/lmnB0vPjQkaXVsnTfrT0nrG80SVMa7FyDcSdlPc6AVXQ9m5wCl9j4PLKlZ8ll L1LazthFT/HnDWzcfaU/25mxr0C3eIFgVHdeavCMA99ySpT1iF0f6PwBJS+btUo/ceQh dl8RUsD238A1h0MKP2GVGVdJ0nIMJTAUfvzBC3IDc6uLv9na5pV0tePotTWmDrpeuhyO cdS1af82uhax+oCTrWf+z+2GutfKczQp8v0c5UKPIlzoglbymRuyfhMyS7dLsrMYJaXW gPIEvSrp0zwsApYzVdj7XZu02X39ElhQ2v4UjhI9LBemon+n5nAuQNEjpaXhp24O3Loc 3Kdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BAzyXnv9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id p7-20020a170902e74700b001bbd70bdffbsi12171881plf.440.2023.11.15.21.32.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Nov 2023 21:32:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=BAzyXnv9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 8DCE38070E04; Wed, 15 Nov 2023 21:32:00 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230102AbjKPFby (ORCPT + 99 others); Thu, 16 Nov 2023 00:31:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229446AbjKPFbx (ORCPT ); Thu, 16 Nov 2023 00:31:53 -0500 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C63118D for ; Wed, 15 Nov 2023 21:31:49 -0800 (PST) Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-53eeb28e8e5so4466a12.1 for ; Wed, 15 Nov 2023 21:31:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1700112708; x=1700717508; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4diCtTL3EivIaKd6Yrty+RIJmvtzTDLTo/nXfRxccPk=; b=BAzyXnv9LHq75tPsgaJ3pvn5mvOcfTOaw7Vxzv3Qt6TKXfJpYHxBx4zOnXKgwzHvcv zUl050HjJz6yvJutrQKLq4GwbGhIW+aClp0w7e8KVZLYXTJH3SojZ/SMtr0iyzaKEWFO Pofb0gId5uugehW8XAIJRbwsaH8FjJfUCzd/Z/Ynnrr1dB89+UBAft7F/ok6BKSEEULf VMG/2Ripc/9ofcfxkoBOFwT1UvSDgtrfoVikztw1oXMTzyshUZKNPBqR+mfttu7f0lYe LiGX6nI+2f96Jh1HZWA7OiDEcQaD05hLvUzDRsH59fL7Fuf4vtl0g5FQMK2GHl+W4f53 0dkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700112708; x=1700717508; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4diCtTL3EivIaKd6Yrty+RIJmvtzTDLTo/nXfRxccPk=; b=XxzjAMqec8oUh7WxR/pf4cO/FlcJBS0fnxsbguK84NdtsUiChYLUm2J2sZPQmIBD4T zrxyj8/TRJ1ITurbQjuwNIU6Ez85NbvYNOz1oyJ9RdaTPp7Lnr2GUBrpoggZqMjwhnE7 n+mi4mhipnlBMmJsF/8CBkFmBvymhJG1pWAgJ6L0BoFx+tdFbLWj7qC6YERiDRknTAvP Zg32OrPAJL28Ynwj0BnOKxbYQHtVsjGUaRnOW5YcN2DBTSc7R59Xwh7LMRaxa2+MNE/1 TQdakR3lwb8qwe/v/IS0QUUDfUK8cfnijUDR2MZCE4vgm39OBv+MbAxPFSQFJdrJIXuh XQHQ== X-Gm-Message-State: AOJu0Yzn+o8cwbJXzyMWFU5pTaO98WBpwIQWF5PZIb5bu32lE8lRPV+X unjCS5rk6nPtCSNI7CI3aQGBjRuBy3IfujrgvMt+tg== X-Received: by 2002:a05:6402:1bcb:b0:547:3f1:84e0 with SMTP id ch11-20020a0564021bcb00b0054703f184e0mr60685edb.7.1700112707847; Wed, 15 Nov 2023 21:31:47 -0800 (PST) MIME-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <20231110220756.7hhiy36jc6jiu7nm@amd.com> In-Reply-To: From: Dionna Amalie Glaze Date: Wed, 15 Nov 2023 21:31:34 -0800 Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event To: Sean Christopherson Cc: Michael Roth , Alexey Kardashevskiy , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh , Dan Williams Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 15 Nov 2023 21:32:00 -0800 (PST) > > So we're sort of complicating the more common case to support a more niche > > one (as far as userspace is concerned anyway; as far as kernel goes, your > > approach is certainly simplest :)). > > > > Instead, maybe a compromise is warranted so the requirements on userspace > > side are less complicated for a more basic deployment: > > > > 1) If /dev/sev is used to set a global certificate, then that will be > > used unconditionally by KVM, protected by simple dumb mutex during > > usage/update. > > 2) If /dev/sev is not used to set the global certificate is the value > > is NULL, we assume userspace wants full responsibility for managing > > certificates and exit to userspace to request the certs in the manner > > you suggested. > > > > Sean, Dionna, would this cover your concerns and address the certificate > > update use-case? > > Honestly, no. I see zero reason for the kernel to be involved. IIUC, there's no > privileged operations that require kernel intervention, which means that shoving > a global cert into /dev/sev is using the CCP driver as middleman. Just use a > userspace daemon. I have a very hard time believing that passing around large-ish > blobs of data in userspace isn't already a solved problem. ping sathyanarayanan.kuppuswamy@linux.intel.com and +Dan Williams I think for a uniform experience for all coco technologies, we need someone from Intel to weigh in on supporting auxblob through a similar vmexit. Whereas the quoting enclave gets its PCK cert installed by the host, something like the firmware's SBOM [1] could be delivered in auxblob. The proposal to embed the compressed SBOM binary in a coff section of the UEFI doesn't get it communicated to user space, so this is a good place to get that info about the expected TDMR in. The SBOM proposal itself would need additional modeling in the coRIM profile to have extra coco-specific measurements or we need to find some other method of getting this info bundled with the attestation report. My own plan for SEV-SNP was to have a bespoke signed measurement of the UEFI in the GUID table, but that doesn't extend to TDX. If we're looking more at an industry alignment on coRIM for SBOM formats (yes please), then it'd be great to start getting that kind of info plumbed to the user in a uniform way that doesn't have to rely on servers providing the endorsements. [1] https://uefi.org/blog/firmware-sbom-proposal -- -Dionna Glaze, PhD (she/her)