The libvirt QEMU driver provides all the functionality required for
launching a guest on AMD SEV(-ES) platforms, with a configuration
that enables attestation of the launch measurement. The documentation
for how to actually perform an attestation is severely lacking and
not suitable for mere mortals to understand. IOW, someone trying to
implement attestation is in for a world of pain and suffering.
This series doesn't fix the documentation problem, but it does
provide a reference implementation of a tool for performing
attestation of SEV(-ES) guests in the context of libvirt / KVM.
There will be other tools and libraries that implement attestation
logic too, but this tool is likely somewhat unique in its usage of
libvirt. Now for a attestation to be trustworthy you don't want to
perform it on the hypervisor host, since the goal is to prove that
the hypervisor has not acted maliciously. None the less it is still
beneficial to have libvirt integration to some extent.
When running this tool on a remote (trusted) host, it can connect
to the libvirt hypervisor and fetch the data provided by the
virDomainLaunchSecurityInfo API, which is safe to trust as the
key pieces are cryptographically measured.
Attestation is a complex problem though and it is very easy to
screw up and feed the wrong information and then waste hours trying
to figure out what piece was wrong, to cause the hash digest to
change. For debugging such problems, you can thus tell the tool
to operate insecurely, by querying libvirt for almost all of the
configuration information required to determine the expected
measurement. By comparing these results,to the results obtained
in offline mode it helps narrow down where the mistake lies.
So I view this tool as being useful in a number of ways:
* Quality assurance engineers needing to test libvirt/QEMU/KVM
get a simple and reliable tool for automating tests with.
* Users running simple libvirt deployments without any large
management stack, get a standalone tool for attestation
they can rely on.
* Developers writing/integrating attestation support into
management stacks above libvirt, get a reference against
which they can debug their own tools.
* Users wanting to demonstrate the core SEV/SEV-ES functionality
get a simple and reliable tool to illustrate the core concepts
involved.
Since I didn't fancy writing such complex logic in C, this tool is
a python3 program. As such, we don't want to include it in the
main libvirt-client RPM, nor any other existing RPM. THus, this
series puts it in a new libvirt-client-qemu RPM which, through no
co-inicidence at all, is the same RPM I invented a few days ago to
hold the virt-qemu-qmp-proxy command.
Note, people will have already seen an earlier version of this
tool I hacked up some months ago. This code is very significantly
changed since that earlier version, to make it more maintainable,
and simpler to use (especially for SEV-ES) but the general theme
is still the same.
Changed in v2:
- All the suggestions from Cole and Kashyap
Daniel P. Berrangé (12):
build-aux: only forbid gethostname in C files
tools: support validating SEV firmware boot measurements
tools: load guest config from libvirt
tools: support validating SEV direct kernel boot measurements
tools: load direct kernel config from libvirt
tools: support validating SEV-ES initial vCPU state measurements
tools: support automatically constructing SEV-ES vCPU state
tools: load CPU count and CPU SKU from libvirt
tools: support generating SEV secret injection tables
docs/kbase: describe attestation for SEV guests
scripts: add systemtap script for capturing SEV-ES VMSA
docs/manpages: add checklist of problems for SEV attestation
build-aux/syntax-check.mk | 1 +
docs/kbase/launch_security_sev.rst | 105 ++
docs/manpages/meson.build | 1 +
docs/manpages/virt-qemu-sev-validate.rst | 647 +++++++++++
examples/systemtap/amd-sev-es-vmsa.stp | 48 +
libvirt.spec.in | 2 +
tools/meson.build | 5 +
tools/virt-qemu-sev-validate | 1292 ++++++++++++++++++++++
8 files changed, 2101 insertions(+)
create mode 100644 docs/manpages/virt-qemu-sev-validate.rst
create mode 100644 examples/systemtap/amd-sev-es-vmsa.stp
create mode 100755 tools/virt-qemu-sev-validate
--
2.37.3