| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Sep 2023 23:21:28 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"Williams, Dan J" <dan.j.williams@...el.com>,
"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
"jpiotrowski@...ux.microsoft.com" <jpiotrowski@...ux.microsoft.com>
CC: "bp@...en8.de" <bp@...en8.de>,
"peterz@...radead.org" <peterz@...radead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"thomas.lendacky@....com" <thomas.lendacky@....com>,
"dionnaglaze@...gle.com" <dionnaglaze@...gle.com>,
"brijesh.singh@....com" <brijesh.singh@....com>,
"Yamahata, Isaku" <isaku.yamahata@...el.com>,
"tglx@...utronix.de" <tglx@...utronix.de>
Subject: Re: [PATCH v3 5/5] virt: sevguest: Add TSM_REPORTS support for
SNP_{GET, GET_EXT}_REPORT
On Sun, 2023-09-03 at 19:57 -0700, Kuppuswamy Sathyanarayanan wrote:
>
> On 9/3/2023 7:14 PM, Huang, Kai wrote:
> > On Fri, 2023-09-01 at 09:38 -0700, Dan Williams wrote:
> > > > The extended guest request is another topic, since userspace has to be aware of
> > > > where the kernel choses to put the extended data, and fixup all the offsets in the
> > > > table (section 4.1.8.1 in [2]). It would be better to return this data through a
> > > > separate file.
> > >
> > > I notice that the TDX report also includes a certificate blob, so if
> > > that is a common concept then yes, it makes sense to have a separate
> > > file for that.
> >
> > + Sathy and Isaku.
> >
> > It is a common concept from the perspective of "concept", because we need
> > certificates to verify the attestation blob anyway. But in implementation,
> > unlike to SEV, TDX doesn't have a command to return certificates separately or
> > independently [1] -- they are embed to the Quote itself, or theoretically can be
> > fetched from Intel.
> >
> > More, for TDX (SGX based attestation) certificates blob itself isn't mandatory
> > to be part of the Quote. Instead, TDX Quote can choose to include some more
> > basic platform identification which can in turn be used to get those
> > certificates from Intel's provisioning certificate service [2].
> >
> > [1] I am not sure whether we can add one or already have one in the latest TDX
> > development. Maybe Sathy or Isaku can help to confirm.
> >
> > [2]: Table 9: QE Certification Data
> > https://download.01.org/intel-sgx/dcap-1.0.1/docs/Intel_SGX_ECDSA_QuoteGenReference_DCAP_API_Linux_1.0.1.pdf
>
> Yes. TDX does not have any special command to fetch the certificate blob
> separately. Currently, it is fetched as part of Quote data. But, since the
> certificate blob is fixed per boot (unlike Quote data), I think it makes
> sense to add a separate command for it.
>
I thought about this for a while, but I think we probably don't have enough
justification to do so. Intel attestation userspace stack has already fully
adopted parsing Quote with the certificates blob, so I guess they just don't
have motivation to use the new interface.
However perhaps this shouldn't be a strong factor to impact whether kernel
should provide a separate file for certificates blob (or extended data in
general). If some vendor doesn't support such operation, I suppose we can just
return error when userspace accesses that file.
Powered by blists - more mailing lists