[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221027150558.722062-1-pgonda@google.com>
Date: Thu, 27 Oct 2022 08:05:56 -0700
From: Peter Gonda <pgonda@...gle.com>
To: thomas.lendacky@....com
Cc: Peter Gonda <pgonda@...gle.com>,
Dionna Glaze <dionnaglaze@...gle.com>,
Borislav Petkov <bp@...e.de>,
Michael Roth <michael.roth@....com>,
Haowen Bai <baihaowen@...zu.com>,
Yang Yingliang <yangyingliang@...wei.com>,
Marc Orr <marcorr@...gle.com>,
David Rientjes <rientjes@...gle.com>,
Ashish Kalra <Ashish.Kalra@....com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: [PATCH V3 0/2] Fix security issue in SNP guest AES-GCM usage
Currently the ASP and SNP guest use an AES-GCM bases secure channel to
communicate with each other. The IV for this encryption scheme is a
sequence that each party maintains. Currently the ASP requires the
sequence number of the request to be exactly one more than its saved
sequence number and the ASP only increments its saved sequence number
after a successful command. That means if the guest request ever fails
it can only ever retry that exact encrypted command or discontinue its
use of that VMPCK. If it were to try another command it would either
need to reuse the sequence number which is the IC. That can lead to the
encryption scheme failing with AES-GCM. Or if it incremented the
sequence number the ASP would never accept the command due to sequence
number mismatch.
https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf
Cc: Dionna Glaze <dionnaglaze@...gle.com>
Cc: Borislav Petkov <bp@...e.de>
Cc: Tom Lendacky <thomas.lendacky@....com>
Cc: Michael Roth <michael.roth@....com>
Cc: Haowen Bai <baihaowen@...zu.com>
Cc: Yang Yingliang <yangyingliang@...wei.com>
Cc: Marc Orr <marcorr@...gle.com>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Ashish Kalra <Ashish.Kalra@....com>
Cc: linux-kernel@...r.kernel.org
Cc: kvm@...r.kernel.org
Peter Gonda (2):
virt: sev: Prevent IV reuse in SNP guest driver
virt: sev: Allow for retrying SNP extended requests
arch/x86/include/asm/svm.h | 6 ++
arch/x86/kernel/sev.c | 28 ++++++--
drivers/virt/coco/sev-guest/sev-guest.c | 93 ++++++++++++++++---------
3 files changed, 91 insertions(+), 36 deletions(-)
--
2.38.0.135.g90850a2211-goog
Powered by blists - more mailing lists