[libvirt PATCH v3 02/12] tools: support validating SEV firmware boot measurements

Ján Tomko jtomko at redhat.com
Fri Nov 4 13:15:37 UTC 2022 

On a Wednesday in 2022, Daniel P. Berrangé wrote:
>The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
>domain launch measurement, to a computed launch measurement. This
>determines whether the domain has been tampered with during launch.
>
>This initial implementation requires all inputs to be provided
>explicitly, and as such can run completely offline, without any
>connection to libvirt.
>
>The tool is placed in the libvirt-client-qemu sub-RPM since it is
>specific to the QEMU driver.
>
>Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
>---
> docs/manpages/meson.build                |   1 +
> docs/manpages/virt-qemu-sev-validate.rst | 207 ++++++++++++++++++
> libvirt.spec.in                          |   2 +
> tools/meson.build                        |   5 +
> tools/virt-qemu-sev-validate             | 263 +++++++++++++++++++++++
> 5 files changed, 478 insertions(+)
> create mode 100644 docs/manpages/virt-qemu-sev-validate.rst
> create mode 100755 tools/virt-qemu-sev-validate
>
>diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst
>new file mode 100644
>index 0000000000..36de9becfd
>--- /dev/null
>+++ b/docs/manpages/virt-qemu-sev-validate.rst

[...]

>+Guest config options
>+--------------------
>+
>+These options provide items needed to calculate the expected domain launch
>+measurement. This will then be compared to the reported launch measurement.
>+
>+``-f PATH``, ``--firmware=PATH``
>+
>+Path to the firmware loader binary. This is the EDK2 build that knows how to
>+initialize AMD SEV. For the validation to be trustworthy it important that the
>+firmware build used has no support for loading non-volatile variables from
>+NVRAM, even if NVRAM is expose to the guest.
>+
>+``--tik PATH``
>+
>+TIK file for domain. This file must be exactly 16 bytes in size and contains the
>+unique transport integrity key associated with the domain session launch data.
>+This is mutually exclusive with the ``--tk`` argument.
>+
>+``--tek PATH``
>+
>+TEK file for domain. This file must be exactly 16 bytes in size and contains the
>+unique transport encryption key associated with the domain session launch data.
>+This is mutually exclusive with the ``--tk`` argument.
>+
>+``--tek PATH``

--tk

>+
>+TEK/TIK combined file for the domain. This file must be exactly 32 bytes in
>+size, with the first 16 bytes containing the TEK and the last 16 bytes
>+containing the TIK.  This is mutually exclusive with the ``--tik`` and ``--tek``
>+arguments.
>+

[...]

>+COPYRIGHT
>+=========
>+
>+Copyright (C) 2022 by Red Hat, Inc.
>+
>+
>+LICENSE
>+=======
>+
>+``virt-qemu-sev-validate`` is distributed under the terms of the GNU GPL v2+.

The license here says GPLv2+, but LGPL-2.1+ in the SPDX identifier below.

>+This is free software; see the source for copying conditions. There
>+is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
>+PURPOSE
>+
>+
>diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate
>new file mode 100755
>index 0000000000..c0837cc2c7
>--- /dev/null
>+++ b/tools/virt-qemu-sev-validate
>@@ -0,0 +1,263 @@
>+#!/usr/bin/python3
>+#
>+# SPDX-License-Identifier: LGPL-2.1-or-later
>+#
>+# Validates a guest AMD SEV launch measurement
>+#

[...]

>+def parse_command_line():
>+    parser = argparse.ArgumentParser(
>+        description='Validate guest AMD SEV launch measurement')
>+    parser.add_argument('--debug', '-d', action='store_true',
>+                        help='Show debug information')
>+    parser.add_argument('--quiet', '-q', action='store_true',
>+                        help='Do not display status')
>+
>+    # Arguments related to the state of the launched guest
>+    vmstate = parser.add_argument_group("Virtual machine launch state")
>+    vmstate.add_argument('--measurement', '-m', required=True,
>+                         help='Measurement for the running domain')
>+    vmstate.add_argument('--api-major', type=int, required=True,
>+                         help='SEV API major version for the running domain')
>+    vmstate.add_argument('--api-minor', type=int, required=True,
>+                         help='SEV API major version for the running domain')

*minor

>+    vmstate.add_argument('--build-id', type=int, required=True,
>+                         help='SEV build ID for the running domain')
>+    vmstate.add_argument('--policy', type=int, required=True,
>+                         help='SEV policy for the running domain')
>+
>+    # Arguments related to calculation of the expected launch measurement
>+    vmconfig = parser.add_argument_group("Virtual machine config")
>+    vmconfig.add_argument('--firmware', '-f', required=True,
>+                          help='Path to the firmware binary')
>+    vmconfig.add_argument('--tik',
>+                          help='TIK file for domain')
>+    vmconfig.add_argument('--tek',
>+                          help='TEK file for domain')
>+    vmconfig.add_argument('--tk',
>+                          help='TEK/TIK combined file for domain')
>+
>+    return parser.parse_args()

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano

More information about the libvir-list mailing list