[libvirt PATCH 0/2] tools: some fixes to VMSA construction when validating SEV boot

Daniel P. Berrangé (2): tools: fix handling of CPU family/model/stepping in SEV validation tools: fix VMSA construction with explicit CPU family/model/stepping tools/virt-qemu-sev-validate | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) -- 2.41.0

The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index 209f19a4a8..c279741004 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM): raise InsecureUsageException( "Using CPU SKU from capabilities is not secure") + mode = doc.xpath("/domain/cpu/@mode") + if mode != "host-passthrough": + raise UnsupportedUsageException( + "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used") + sig = capsdoc.xpath("/capabilities/host/cpu/signature") if len(sig) != 1: raise UnsupportedUsageException( -- 2.41.0

On Fri, Aug 25, 2023 at 13:52:57 +0100, Daniel P. Berrangé wrote:
The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 5 +++++ 1 file changed, 5 insertions(+)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

On Fri, Aug 25, 2023 at 01:52:57PM +0100, Daniel P. Berrangé wrote:
The SEV-ES boot measurement includes the initial CPU register state (VMSA) and one of the fields includes the CPU identification. When building a VMSA blob we get the CPU family/model/stepping from the host capabilities, however, the VMSA must reflect the guest CPU not host CPU. Thus using host capabilities is only when whe the guest has the 'host-passthrough' CPU mode active. With 'host-model' it is cannot be assumed host and guest match, because QEMU may not (yet) have a named CPU model for a given host CPU.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index 209f19a4a8..c279741004 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -1054,6 +1054,11 @@ class LibvirtConfidentialVM(ConfidentialVM): raise InsecureUsageException( "Using CPU SKU from capabilities is not secure")
+ mode = doc.xpath("/domain/cpu/@mode") + if mode != "host-passthrough": + raise UnsupportedUsageException( + "Using CPU family/model/stepping from host not possible unless 'host-passthrough' is used") + sig = capsdoc.xpath("/capabilities/host/cpu/signature") if len(sig) != 1: raise UnsupportedUsageException( -- 2.41.0
Reviewed-by: Erik Skultety <eskultet@redhat.com>

If the CPU family/model/stepping are provided on the command line, but the firmware is being automatically extracted from the libvirt guest, we try to build the VMSA too early. This leads to an exception trying to parse the firmware that has not been loaded yet. We must delay building the VMSA in that scenario. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index c279741004..67edbd085f 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -940,7 +940,7 @@ class LibvirtConfidentialVM(ConfidentialVM): "kernel/initrd/cmdline not provided but kernel " "measurement is enabled") - def load_domain(self, uri, id_name_uuid, secure, ignore_config): + def load_domain(self, uri, id_name_uuid, build_vmsa, secure, ignore_config): self.conn = libvirt.open(uri) remote = socket.getfqdn() != self.conn.getHostname() @@ -1049,7 +1049,7 @@ class LibvirtConfidentialVM(ConfidentialVM): capsxml = self.conn.getCapabilities() capsdoc = etree.fromstring(capsxml) - if self.is_sev_es() and self.vmsa_cpu0 is None: + if self.is_sev_es() and build_vmsa: if secure: raise InsecureUsageException( "Using CPU SKU from capabilities is not secure") @@ -1263,17 +1263,19 @@ def attest(args): if args.vmsa_cpu1 is not None: cvm.load_vmsa_cpu1(args.vmsa_cpu1) - if args.cpu_family is not None: - cvm.build_vmsas(args.cpu_family, - args.cpu_model, - args.cpu_stepping) - if args.domain is not None: + build_vmsa = args.vmsa_cpu0 is None and args.cpu_family is None cvm.load_domain(args.connect, args.domain, + build_vmsa, not args.insecure, args.ignore_config) + if args.cpu_family is not None: + cvm.build_vmsas(args.cpu_family, + args.cpu_model, + args.cpu_stepping) + cvm.attest() if not args.quiet: print("OK: Looks good to me") -- 2.41.0

On Fri, Aug 25, 2023 at 13:52:58 +0100, Daniel P. Berrangé wrote:
If the CPU family/model/stepping are provided on the command line, but the firmware is being automatically extracted from the libvirt guest, we try to build the VMSA too early. This leads to an exception trying to parse the firmware that has not been loaded yet. We must delay building the VMSA in that scenario.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/virt-qemu-sev-validate | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-)
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

On Fri, Aug 25, 2023 at 01:52:58PM +0100, Daniel P. Berrangé wrote:
If the CPU family/model/stepping are provided on the command line, but the firmware is being automatically extracted from the libvirt guest, we try to build the VMSA too early. This leads to an exception trying to parse the firmware that has not been loaded yet. We must delay building the VMSA in that scenario.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>

ping, I'd like these bug fixes in the forthcoming release this week. On Fri, Aug 25, 2023 at 01:52:56PM +0100, Daniel P. Berrangé wrote:
Daniel P. Berrangé (2): tools: fix handling of CPU family/model/stepping in SEV validation tools: fix VMSA construction with explicit CPU family/model/stepping
tools/virt-qemu-sev-validate | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-)
-- 2.41.0
With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (3)
-
Daniel P. Berrangé
-
Erik Skultety
-
Peter Krempa