lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250416055433.2980510-1-binbin.wu@linux.intel.com>
Date: Wed, 16 Apr 2025 13:54:31 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: pbonzini@...hat.com,
	seanjc@...gle.com,
	kvm@...r.kernel.org
Cc: rick.p.edgecombe@...el.com,
	kai.huang@...el.com,
	adrian.hunter@...el.com,
	reinette.chatre@...el.com,
	xiaoyao.li@...el.com,
	tony.lindgren@...el.com,
	isaku.yamahata@...el.com,
	yan.y.zhao@...el.com,
	chao.gao@...el.com,
	mikko.ylinen@...ux.intel.com,
	linux-kernel@...r.kernel.org,
	binbin.wu@...ux.intel.com
Subject: [PATCH v2 0/1] TDX attestation support

Hi,

Paolo mentioned possibly wanting to include attestation in the initial TDX
support. Please consider it with that as the tentative plan. If it is not
included in the initial support, it would require an opt-in when the
support is added.

Notable changes since v1 [0]
============================
- KVM only checks the SHARED bit of the GPA from TDX guests and drops it
  before exiting to userspace to avoid bleeding the SHARED bit into its
  exit ABI [1].  Other sanity checks are skipped.
- Dropped the patch for TDG.VP.VMCALL<SetupEventNotifyInterrupt>, which has
  no users.
- Use number 40 for KVM_EXIT_TDX_GET_QUOTE since this could probably win the
  race upstream with AMD's SNP certificate-fetching patch [2].

Overview
========
TDX Guest-Host Communication Interface (GHCI) [3] spec defines two
TDVMCALLs for TDX attestation mechanism.

- TDG.VP.VMCALL<GetQuote>
  GetQuote is a doorbell-like interface used by TDX guests to request VMM
  to generate a TD-Quote signed by a service hosting TD-Quoting Enclave
  operating on the host.
- TDG.VP.VMCALL<SetupEventNotifyInterrupt>
  SetupEventNotifyInterrupt can be used by TDX guests to specify an
  interrupt vector as an event-notify vector for GetQuote operation, which
  may take several seconds. If a TDX guest has setup the event-notify
  vector, the host VMM injects an interrupt with the specified vector to
  the TDX guest on completion of the operation.

TDG.VP.VMCALL<SetupEventNotifyInterrupt> is optional and is not used by TDX
guests, this patch series adds only the support for TDG.VP.VMCALL<GetQuote>
to enable TDX attestation on KVM side. KVM forwards the requests to
userspace VMM.  Instead of using a single KVM_EXIT_TDX, it's preferred that
each TDVMCALL that KVM wants to forward needs a dedicated KVM_EXIT_<reason>
and associated struct in the exit union [4].  The TDVMCALLs supported in [5]
reuse the existing KVM exit reasons.  For TDX attestation support, add a TDX
specific KVM exit reasons based on the discussion in the PUCK meeting on
2025.02.19 [6].  After returning from userspace, KVM sets the return code
specified by userspace before resuming the vCPU.


Base of this series
===================
This series is based on kvm/next or kvm-coco-queue with the commit:
- 'fd02aa45bda6' ("Merge branch 'kvm-tdx-initial' into HEAD").

Repos
=====
The full KVM branch is here:
https://github.com/intel/tdx/tree/tdx_kvm_dev-2025-04-15

A matching QEMU is here:
https://github.com/intel-staging/qemu-tdx/tree/tdx-qemu-wip-2025-04-15

It requires TDX module 1.5.06.00.0744 [7], or later.
A working edk2 commit is 95d8a1c ("UnitTestFrameworkPkg: Use TianoCore
mirror of subhook submodule").


Testing
=======
This patch series has been tested as part of the development branch for the
TDX base series.  The testing consisted of TDX kvm-unit-tests and booting a
Linux TD, and TDX enhanced KVM selftests.  It also passed the TDX related
test cases defined in the LKVS test suite as described in:
https://github.com/intel/lkvs/blob/main/KVM/docs/lkvs_on_avocado.md

The functionality of GetQuote has been tested with the Quote Generation
Service deployed on the host, thanks to Mikko Ylinen.

KVM selftests patch below, which is based on the latest TDX KVM selftests
patch series [8], was used to test the flows of GetQuote as well:
https://github.com/intel/tdx/commit/12b51b65b88ee95c3b0ce8ebc623408ecd8eea49


[0] https://lore.kernel.org/kvm/20250402001557.173586-1-binbin.wu@linux.intel.com
[1] https://lore.kernel.org/kvm/Z_Z61UlNM1vlEdW1@google.com
[2] https://lore.kernel.org/kvm/20250219151505.3538323-2-michael.roth@amd.com
[3] https://cdrdv2.intel.com/v1/dl/getContent/726792
[4] https://lore.kernel.org/kvm/Zg18ul8Q4PGQMWam@google.com
[5] https://lore.kernel.org/kvm/20250222014225.897298-1-binbin.wu@linux.intel.com
[6] https://drive.google.com/file/d/1fk957DWsyqWk-K-FqhBxdUtgrQYcZrqH/view?usp=drive_link&resourcekey=0-JFJuzmaZIux6_D6lhcxT7Q
[7] https://github.com/intel/tdx-module/releases/tag/TDX_1.5.06
[8] https://lore.kernel.org/kvm/20250414214801.2693294-1-sagis@google.com

Binbin Wu (1):
  KVM: TDX: Handle TDG.VP.VMCALL<GetQuote>

 Documentation/virt/kvm/api.rst | 25 +++++++++++++++++++++++++
 arch/x86/kvm/vmx/tdx.c         | 30 ++++++++++++++++++++++++++++++
 include/uapi/linux/kvm.h       |  7 +++++++
 3 files changed, 62 insertions(+)

-- 
2.46.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ