lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <66161ce56ec783d1ec452a50b80b120bec8b56e8.camel@HansenPartnership.com>
Date:   Fri, 04 Aug 2023 12:46:08 -0400
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Dionna Amalie Glaze <dionnaglaze@...gle.com>,
        Dan Williams <dan.j.williams@...el.com>
Cc:     Jarkko Sakkinen <jarkko@...nel.org>,
        Peter Gonda <pgonda@...gle.com>, dhowells@...hat.com,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Samuel Ortiz <sameo@...osinc.com>, peterz@...radead.org,
        linux-coco@...ts.linux.dev, keyrings@...r.kernel.org,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] keys: Introduce tsm keys

On Fri, 2023-08-04 at 09:37 -0700, Dionna Amalie Glaze wrote:
[...]
> 
> The coming addition of the SVSM to further isolate the guest and
> provide extra "security devices" is also something to be aware of.
> There will be a vTPM protocol and a new type of attestation that's
> rooted to VMPL0 while Linux is still in VMPL3. I don't think this
> will make sev-guest an unnecessary device though, since it's still
> undecided how the TPM hierarchy can bind itself to the hardware in a
> non-adhoc manner: there's no "attested TPM" spec to have something
> between the null hierarchy and the more persistent attestation key
> hierarchy. And TCG isn't in the business of specifying how to
> virtualize the TPM technology, so we might have to manually link the
> two together by getting the tpm quote and then doing a further
> binding operation with the sev-guest device.

Just on this one, it's already specified in the latest SVSM doc:

https://lore.kernel.org/linux-coco/a2f31400-9e1c-c12a-ad7f-ea0265a12068@amd.com/

The Service Attestation Data on page 36-37.  It says TPMT_PUBLIC of the
EK.  However, what it doesn't say is *which* EK.  I already sent in a
comment saying it should be the TCG template for the P-256 curve EK.

So asking the SVSM to give you the attestation report for the VTPM
service binds the EK of the vTPM.

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ