[libvirt] [Qemu-devel] libvirt/QEMU/SEV interaction

Richard Relph richard.relph at amd.com
Fri Oct 20 14:26:02 UTC 2017

On 10/18/17 8:35 PM, Michael S. Tsirkin wrote:
> On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert wrote:
>> * Michael S. Tsirkin (mst at redhat.com) wrote:
>>> On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
>>>>>>       > 11. GO verifies the measurement and if measurement matches then it may
>>>>>>       >  give a secret blob -- which must be injected into the guest before
>>>>>>       >  libvirt starts the VM. If verification failed, GO will request cloud
>>>>>>       >  provider to destroy the VM.
>>> I realised I'm missing something here: how does GO limit the
>>> secret to the specific VM? For example, what prevents hypervisor
>>> from launching two VMs with the same GO's DH, getting measurement
>>> from 1st one but injecting the secret into the second one?
>> Isn't that the 'trusted channel nonce currently associated with the
>> guest' in the guest context?
>> Dave
> Let me try to clarify the question. I understand that sometimes a key
> is shared between VMs. If this is allowed, it seems that a hypervisor
> can run any number of VMs with the same key. An unauthorised VM
> will not get a measurement that guest owner authorizes, but
> can the hypervisor get secret intended for an authorized VM and
> then inject it into an unauthorized one sharing the same key?

     Yes, that's possible. This is why we recommend against a guest 
owner authorizing key sharing. There's no way for the guest owner to 
control what other guests the HV might install using the same key and 
mapping the same memory to.
     So a security-conscious customer, especially in a cloud 
environment, should never enable key sharing.


>>> Thanks,
>>> -- 
>>> MST
>> --
>> Dr. David Alan Gilbert / dgilbert at redhat.com / Manchester, UK

More information about the libvir-list mailing list