On 10/18/17 8:35 PM, Michael S. Tsirkin wrote:
On Wed, Oct 18, 2017 at 08:18:48PM +0100, Dr. David Alan Gilbert
wrote:
> * Michael S. Tsirkin (mst(a)redhat.com) wrote:
>> On Fri, Sep 08, 2017 at 10:48:10AM -0500, Brijesh Singh wrote:
>>>>> > 11. GO verifies the measurement and if measurement matches
then it may
>>>>> > give a secret blob -- which must be injected into the
guest before
>>>>> > libvirt starts the VM. If verification failed, GO will
request cloud
>>>>> > provider to destroy the VM.
>>
>> I realised I'm missing something here: how does GO limit the
>> secret to the specific VM? For example, what prevents hypervisor
>> from launching two VMs with the same GO's DH, getting measurement
>> from 1st one but injecting the secret into the second one?
>
> Isn't that the 'trusted channel nonce currently associated with the
> guest' in the guest context?
>
> Dave
Let me try to clarify the question. I understand that sometimes a key
is shared between VMs. If this is allowed, it seems that a hypervisor
can run any number of VMs with the same key. An unauthorised VM
will not get a measurement that guest owner authorizes, but
can the hypervisor get secret intended for an authorized VM and
then inject it into an unauthorized one sharing the same key?
Michael,
Yes, that's possible. This is why we recommend against a guest
owner authorizing key sharing. There's no way for the guest owner to
control what other guests the HV might install using the same key and
mapping the same memory to.
So a security-conscious customer, especially in a cloud
environment, should never enable key sharing.
Richard
>> Thanks,
>>
>> --
>> MST
>>
> --
> Dr. David Alan Gilbert / dgilbert(a)redhat.com / Manchester, UK