On 10/18/17 8:35 PM, Michael S. Tsirkin wrote:
On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert wrote:
* Michael S. Tsirkin (mst@redhat.com) wrote:
On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
> 11. GO verifies the measurement and if measurement matches then it may > give a secret blob -- which must be injected into the guest before > libvirt starts the VM. If verification failed, GO will request cloud > provider to destroy the VM.
I realised I'm missing something here: how does GO limit the secret to the specific VM? For example, what prevents hypervisor from launching two VMs with the same GO's DH, getting measurement from 1st one but injecting the secret into the second one?
Isn't that the 'trusted channel nonce currently associated with the guest' in the guest context?
Dave
Let me try to clarify the question. I understand that sometimes a key is shared between VMs. If this is allowed, it seems that a hypervisor can run any number of VMs with the same key. An unauthorised VM will not get a measurement that guest owner authorizes, but can the hypervisor get secret intended for an authorized VM and then inject it into an unauthorized one sharing the same key?
Michael, Yes, that's possible. This is why we recommend against a guest owner authorizing key sharing. There's no way for the guest owner to control what other guests the HV might install using the same key and mapping the same memory to. So a security-conscious customer, especially in a cloud environment, should never enable key sharing. Richard
Thanks,
-- MST
-- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK