Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp5126581rwb; Mon, 8 Aug 2022 12:39:25 -0700 (PDT) X-Google-Smtp-Source: AA6agR7GikYcQyO/wdEEB+FLVnu0jwc0HfsnBMSFA3Z1mdacs6pCAv8vC6S//JqQaaWuyjzVe1kB X-Received: by 2002:a05:6402:331f:b0:43d:931c:6945 with SMTP id e31-20020a056402331f00b0043d931c6945mr18929302eda.199.1659987565662; Mon, 08 Aug 2022 12:39:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659987565; cv=none; d=google.com; s=arc-20160816; b=mg6hM6D1nNyZYA2tNjX9xEeO1IuzICcShre5fAbuwNYbb7VpK6FoUQVzioJlLICBPp PNzOf0VpcxPyBFQ8YZy+iyfyAwbwRZ5O8B8XavOosxQ0NyCLrJrPfmsPceT0bPP7XDZF yqqg4AlPcQwRXDLjolz3apngzyqTZS1ROzRLKoUCHbrddPG5O4XOtZ9xcKw8s0/NzY4O 02l+LVsYdrfob8mBioG9jBV1t2QkiydBOHbeVtLpq+pmxmcOOSaiBthBm+Q5ipi+OIE7 MP3AvNK5pFw0xJVVK8uvhQxxGWpMHxPS0q2etKgmQ80rH9bVJJ8WTzsJfcmbFTrd4EfT yivg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=KBxnTL7K25Hs8Wv1cjszwJQN73tLNnDr4U0ROfrziZM=; b=zlJWA0delmvEU3OrkfX9kNVrNKvf2mJrW+izqMgzxOMxiWBFzU3Kulwb6RZAbb6fIb hCnA+P0Yzm3Jm637eHeFDcTnScQ/kO2eEYSfYIZAis6RZCNd+wlox9pjMxF4oBx6gIEg D+k6wb4cDNKaLFr64PJoXP95fmFGqOaeGibB+9ncYRODOluQaS1ifa5vCftsGeipBbA4 vwbmQT6MLxecZ0n9E26yPphWGqdpsW1/bYxRlJ+jx3kibdU0UA2RFUaY5aozJwtjzjTO CUravGUMvQiNO57vXis07RZfBn1kvpZhBVXAQN1GGNG/9DsebN/3/BzuffeSeq0ltOVx EAfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=bmhDQvAo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nd19-20020a170907629300b00711f63ebdb3si338887ejc.565.2022.08.08.12.38.51; Mon, 08 Aug 2022 12:39:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=bmhDQvAo; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244117AbiHHT14 (ORCPT + 99 others); Mon, 8 Aug 2022 15:27:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243846AbiHHT1z (ORCPT ); Mon, 8 Aug 2022 15:27:55 -0400 Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6242A1A04B for ; Mon, 8 Aug 2022 12:27:54 -0700 (PDT) Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-328303afa6eso91061257b3.10 for ; Mon, 08 Aug 2022 12:27:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=KBxnTL7K25Hs8Wv1cjszwJQN73tLNnDr4U0ROfrziZM=; b=bmhDQvAoVXlswYykpII5N+dpGoKRhyIPQd6917OIYRgTBKCDiocZ8hBciok/W8LUze EIjX5hN3yiimne61Nb3aTNlb9nBZQmslL5TCM0d1LA7i2zQ/H/4aTTagUPnTlBHd7NNH jp49XCAYeppQJH6DZPAkhkhwaPCdGbr5LzxpBy1SPKkfFCpwOrhcOT7IXsuqUQ7ZkHXk 2EN9b/GFRVyKWz6SZA4dRgUqR4NSQvsXiltm/yl8BfV5WDZTRhGGdA6KVukBUihgBOyH 55C0EgVneBrxf/TZZbWXKThHVk8W/icGPUW+SM47rOw7socQV2WRJvnbyYLErUkfE5Gt l21w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=KBxnTL7K25Hs8Wv1cjszwJQN73tLNnDr4U0ROfrziZM=; b=QKu6VFXaMJHY7o9DNyOEXXXMWYuU7KA/J4UfgNlDOjSmgg4upO8G8lDSxJ/vlOGlLV dhS6ecNk2tifjmjNTvuQpDWZXU544C5ll3BpU9540nGshObb6Eyw7zbEjOYJpFg2Oqpg yhA/jELF4eUcG4cUJCsfUgrS6dwgu4h6XNF28Q6DAN+RwYC3IcOCKuXEtRY9E6msu3o/ dg13bRi877lAsF0e9R9OlOo1HA7BzTNuoiB4dIdSnHZpu67xYqbqrP7vQXkl3uskKi1C aaFYBWp4pqSDmeA+C44wchBORBWjrXJroKYG6ZH0/Y4UFyXOpDmsT0PBpvFlAlUbLsa0 O8Wg== X-Gm-Message-State: ACgBeo1aHRQsmvVCFRQ2KUzJ2fGSXiK5AasFDpJkqPuZZ5DXhtoEVPbb ljXpA7aN90EqsUKMDD3gUMMm7YFPj2zG1NLGBXlTNQ== X-Received: by 2002:a0d:da41:0:b0:329:91e7:fd06 with SMTP id c62-20020a0dda41000000b0032991e7fd06mr10086726ywe.436.1659986873539; Mon, 08 Aug 2022 12:27:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dionna Amalie Glaze Date: Mon, 8 Aug 2022 12:27:42 -0700 Message-ID: Subject: Re: [PATCH Part2 v6 17/49] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command To: Jarkko Sakkinen Cc: Ashish Kalra , "the arch/x86 maintainers" , LKML , "open list:X86 KVM CPUs" , linux-coco@lists.linux.dev, Linux Memory Management List , linux-crypto@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , "Lendacky, Thomas" , hpa@zytor.com, Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , vkuznets@redhat.com, Jim Mattson , Andy Lutomirski , dave.hansen@linux.intel.com, slp@redhat.com, Peter Gonda , Peter Zijlstra , srinivas.pandruvada@linux.intel.com, David Rientjes , dovmurik@linux.ibm.com, tobin@ibm.com, Borislav Petkov , "Roth, Michael" , Vlastimil Babka , "Kirill A. Shutemov" , Andi Kleen , tony.luck@intel.com, Marc Orr , Kuppuswamy Sathyanarayanan , Alper Gun , dgilbert@redhat.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org To preface, I don't want to delay this patch set, only have the conversation at the most appropriate place. > > > The SEV-SNP firmware provides the SNP_CONFIG command used to set the > > system-wide configuration value for SNP guests. The information includes > > the TCB version string to be reported in guest attestation reports. > The system-wide aspect of this makes me wonder if we can also have a VM instance-specific extension. This is important for the use case that we may see secure boot variables included in the launch measurement, making offline signing of the UEFI image impossible. We can't sign the cross-product of all UEFI builds and every user's EFI variables. We'd like to include an instance-specific certificate that specifies the platform-endorsed golden measurement of the UEFI. An alternative that doesn't require a change to the kernel is to just make this certificate fetchable from a FAMILY_ID-keyed, predetermined URL prefix + IMAGE_ID + '.crt', but this requires a download (and continuous hosting) to do something as routine as collecting an attestation report. It's up to the upstream community to determine if that is an acceptable cost to keep the complexity of a certificate table merge operation out of the kernel. The SNP API specification gives an interpretation to the data blob here as a table of GUID/offset pairs followed by data blobs that presumably are at the appropriate offsets into the data pages. The spec allows for the host to add any number of GUID/offset pairs it wants, with 3 specific GUIDs recommended for the AMD PSP certificate chain. The snp_guest_ext_guest_request function in ccp is what passes back the certificate data that was previously stored, so I'm wondering if it can take an extra (pointer,len) pair of VM instance certificate data to merge with the host certificate data before returning to the guest. The new required length is the sum total of both the header certs and instance certs. The operation to copy the data is no longer a memcpy but a header merge that tracks the offset shifts caused by a larger header and other certificates in the remaining data pages. I can propose my own patch on top of this v6 patch set that adds a KVM ioctl like KVM_{GET,SET}_INSTANCE_SNP_EXT_CONFIG and then pass along the stored certificate blob in the request call. I'd prefer to have the design agreed upon upfront though. -- -Dionna Glaze, PhD (she/her)