[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <66161ce56ec783d1ec452a50b80b120bec8b56e8.camel@HansenPartnership.com>
Date: Fri, 04 Aug 2023 12:46:08 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Dionna Amalie Glaze <dionnaglaze@...gle.com>,
Dan Williams <dan.j.williams@...el.com>
Cc: Jarkko Sakkinen <jarkko@...nel.org>,
Peter Gonda <pgonda@...gle.com>, dhowells@...hat.com,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Samuel Ortiz <sameo@...osinc.com>, peterz@...radead.org,
linux-coco@...ts.linux.dev, keyrings@...r.kernel.org,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] keys: Introduce tsm keys
On Fri, 2023-08-04 at 09:37 -0700, Dionna Amalie Glaze wrote:
[...]
>
> The coming addition of the SVSM to further isolate the guest and
> provide extra "security devices" is also something to be aware of.
> There will be a vTPM protocol and a new type of attestation that's
> rooted to VMPL0 while Linux is still in VMPL3. I don't think this
> will make sev-guest an unnecessary device though, since it's still
> undecided how the TPM hierarchy can bind itself to the hardware in a
> non-adhoc manner: there's no "attested TPM" spec to have something
> between the null hierarchy and the more persistent attestation key
> hierarchy. And TCG isn't in the business of specifying how to
> virtualize the TPM technology, so we might have to manually link the
> two together by getting the tpm quote and then doing a further
> binding operation with the sev-guest device.
Just on this one, it's already specified in the latest SVSM doc:
https://lore.kernel.org/linux-coco/a2f31400-9e1c-c12a-ad7f-ea0265a12068@amd.com/
The Service Attestation Data on page 36-37. It says TPMT_PUBLIC of the
EK. However, what it doesn't say is *which* EK. I already sent in a
comment saying it should be the TCG template for the P-256 curve EK.
So asking the SVSM to give you the attestation report for the VTPM
service binds the EK of the vTPM.
James
Powered by blists - more mailing lists