[RFC PATCH v1 0/5] Add virDomainGetSevAttestationReport API
Daniel P. Berrangé
berrange at redhat.com
Thu Apr 21 16:40:04 UTC 2022
On Thu, Apr 21, 2022 at 12:35:27PM -0400, Tyler Fanelli wrote:
> On 4/20/22 5:45 AM, Daniel P. Berrangé wrote:
> > > > But as is it's not clear what this buys us over the launch measurement
> > > > we already report with virDomainGetLaunchSecurityInfo
> > > >
> > > >
> > > > If we figure out what the point of this is, IMO we can more easily
> > > > reason about whether it makes sense to add a Sev specific libvirt API,
> > > > and whether we need virTypedParams for both input and output. For
> > > > example if the API really is specific to this one and only KVM ioctl/QMP
> > > > command, we could hardcode the parameters and skip the virTypedParams
> > > > question entirely.
> > > Interesting, although wouldn't hardcoding an nonce basically render it
> > > useless? User-specified nonce would allow a user to verify that their call
> > > was propagated to firmware at that instance. If they can't supply the nonce,
> > > they can't verify it's an attestation report from that specific call.
> > The launch blob contains a unique TIK/TEK pair, so if the launch
> > measurement validates, the guest owner knows it is associated with
> > a running VM that was created with their designated launch blob.
> >
> > A nonce is usually needed to avoid replay attacks, but I'm not seeing
> > what attack vector is actually present in the SEV/SEV-ES scenario,
> > since AFAIK, the attestation report content never changes once the
> > VM is running.
> >
> > Overall I'm not seeing the need for this API with SEV/SEV-ES at least,
> > and with SEV-SNP IIUC the attestation report is not available to the
> > host, only to the guest ?
>
> Realizing that my assumption of LAUNCH_MEASURE needing to be called while VM
> is paused is false, I tend to agree. With that in mind, what is the point of
> "query-sev-attestation-report" in QEMU? What was it's original purpose if it
> offers no real benefits compared to "query-sev-launch-measure"?
I'm thinking the author didn't rememeber that we cached LAUNCH_MEASURE
in QEMU.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list