From: Qinkun Bao <qinkun@google.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>
Cc: Dionna Amalie Glaze <dionnaglaze@google.com>,
Mikko Ylinen <mikko.ylinen@linux.intel.com>,
Ard Biesheuvel <ardb@kernel.org>,
Gerd Hoffmann <kraxel@redhat.com>,
James Bottomley <jejb@linux.ibm.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"Aktas, Erdem" <erdemaktas@google.com>,
Peter Gonda <pgonda@google.com>,
"Johnson, Simon P" <simon.p.johnson@intel.com>,
"Xiang, Qinglan" <qinglan.xiang@intel.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
ruoyu.ying@intel.com, "Lu, Ken" <ken.lu@intel.com>
Subject: Re: [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR.
Date: Wed, 10 Apr 2024 20:23:56 -1000 [thread overview]
Message-ID: <CAOjUGWdAAtErY30b7H4y3wEGWBMEm1XLSeVeDGnb1NE=V3Ay_Q@mail.gmail.com> (raw)
In-Reply-To: <MW4PR11MB5872BBA0D379C40E071300B98C052@MW4PR11MB5872.namprd11.prod.outlook.com>
Hi Jiewen,
Thank you!
On Wed, Apr 10, 2024 at 3:20 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:
>
> Hi Dionna/Qinkun
> I am not sure if systemd is the last software in guest we need to patch to support coexistence to extend the measurement.
The direct boot patch needs to be patched as well. Here is the link.
efi/libstub: Add Confidential Computing (CC) measurement support -
Kuppuswamy Sathyanarayanan (kernel.org)
https://lore.kernel.org/lkml/20240215030002.281456-2-sathyanarayanan.kuppuswamy@linux.intel.com/
Ard is the maintainer for EFI Stub.
> Are you aware of any other Linux guest software needs to be updated? Such as Linux IMA (Integrity Measurement Architecture)?
You are right that Linux IMA needs to support coexistence. However,
the TDX RTMR IMA support has not been merged into the kernel source
code yet. I have never seen the TDX IMA patch in the LKML as well.
I find that Intel's TDX MVP kernel has the TDX RTMR IMA support patch.
Here is the link
https://github.com/intel/tdx-tools/tree/tdx-1.5/build/common
For what I see, the TDX RTMR IMA patches ([PATCH 672/731] ima: support
for boot aggregate and runtime
measurements in TDX RTMR) from TDX MVP kernel support the coexistence.
The patch author is Ruoyu Ying <ruoyu.ying@intel.com>.
>
> To move this forward.
>
> In Intel, we had discussed and we did see the potential security risk. As I mentioned in the first email, "In case that any the guest component only knows one of vTPM or RTMR, and only extends one of vTPM or RTMR, but the other one only verifies the other, then the chain of trust is broken."
>
> At same time, we also respect that it might be a valid use case for Google.
> I would like to ask the opinion in the EDKII community, especially the OVMF and CC maintainer and reviewer.
>
>
> Hi Ard Biesheuvel
> Do you think Kernel is OK with this coexistence proposal?
> Are you willing to give "reviewed-by"?
>
> Hi Gerd Hoffman
> Do you think RedHat is OK with this coexistence proposal?
> Are you willing to give "reviewed-by"?
>
> Hi James Bottomley
> Do you think IBM is OK with this coexistence proposal?
> Are you willing to give "reviewed-by"?
>
> Hi Tom Lendacky/Michael Roth
> Do you think AMD is OK with this coexistence proposal?
> Are you willing to give "reviewed-by"?
>
>
> Thank you
> Yao, Jiewen
>
>
> > -----Original Message-----
> > From: Dionna Amalie Glaze <dionnaglaze@google.com>
> > Sent: Monday, March 25, 2024 11:29 PM
> > To: Mikko Ylinen <mikko.ylinen@linux.intel.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > qinkun Bao <qinkun@google.com>; devel@edk2.groups.io; linux-
> > coco@lists.linux.dev; Aktas, Erdem <erdemaktas@google.com>; Ard Biesheuvel
> > <ardb@kernel.org>; Peter Gonda <pgonda@google.com>; James Bottomley
> > <jejb@linux.ibm.com>; Tom Lendacky <thomas.lendacky@amd.com>; Michael
> > Roth <michael.roth@amd.com>
> > Subject: Re: [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance
> > of vTPM and RTMR.
> >
> > On Mon, Mar 25, 2024 at 6:07 AM Mikko Ylinen
> > <mikko.ylinen@linux.intel.com> wrote:
> > >
> > > > >
> > > > > Looking at systemd-boot I see it will likewise not measure to both RTMR
> > > > > and vTPM, but with reversed priority (use vTPM not RTMR in case both are
> > > > > present).
> > > > >
> > > >
> > > > Interesting. Thanks for this report. We'll push for the changed
> > > > semantics here if the spec is indeed changed, and request partner
> > > > distros in the CCC to include the updated systemd-boot.
> > >
> > > FWIW, my RTMRs patch to systemd was merged quite recently so it's not
> > > included in any systemd release yet. (It was mainly implemented for the
> > > UKI case that allows TDVF to boot a UKI image directly and then have the
> > > image sections measured separately.)
> > >
> >
> > Thank you, I've proposed a change in
> > https://github.com/systemd/systemd/pull/31939
> >
> >
> > --
> > -Dionna Glaze, PhD (she/her)
next prev parent reply other threads:[~2024-04-11 6:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-21 16:59 [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR qinkun Bao
2024-03-21 17:46 ` Dionna Amalie Glaze
2024-03-22 2:39 ` Yao, Jiewen
2024-03-22 8:52 ` Gerd Hoffmann
2024-03-22 14:56 ` Dionna Amalie Glaze
2024-03-22 17:28 ` Qinkun Bao
2024-03-25 13:07 ` Mikko Ylinen
2024-03-25 15:28 ` Dionna Amalie Glaze
2024-04-11 1:20 ` Yao, Jiewen
2024-04-11 6:23 ` Qinkun Bao [this message]
2024-04-11 6:52 ` [edk2-devel] " Ard Biesheuvel
2024-04-11 8:07 ` Gerd Hoffmann
2024-04-11 9:56 ` Yao, Jiewen
2024-04-11 10:29 ` kraxel
2024-04-11 10:33 ` Ard Biesheuvel
2024-04-11 14:07 ` Tom Lendacky
2024-04-11 17:10 ` Xiang, Qinglan
2024-04-13 9:36 ` Qinkun Bao
2024-04-15 14:42 ` Ard Biesheuvel
[not found] ` <17C329C4A6D0CD18.8175@lists.confidentialcomputing.io>
[not found] ` <CAOjUGWcNedJ7iNjGCKL6qZeZo3aSt_8U5BN=9JUN2f2vjD+O4w@mail.gmail.com>
[not found] ` <CA+2DEOoc1Ckn2S-=57HiRsAd0W4YGRWVQQG-gOBR3Fc8nfX+Nw@mail.gmail.com>
2024-04-09 19:16 ` Fwd: [External] Re: [linux-collab] [CCC][tac] " Qinkun Bao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOjUGWdAAtErY30b7H4y3wEGWBMEm1XLSeVeDGnb1NE=V3Ay_Q@mail.gmail.com' \
--to=qinkun@google.com \
--cc=ardb@kernel.org \
--cc=devel@edk2.groups.io \
--cc=dionnaglaze@google.com \
--cc=erdemaktas@google.com \
--cc=jejb@linux.ibm.com \
--cc=jiewen.yao@intel.com \
--cc=ken.lu@intel.com \
--cc=kraxel@redhat.com \
--cc=linux-coco@lists.linux.dev \
--cc=michael.roth@amd.com \
--cc=mikko.ylinen@linux.intel.com \
--cc=pgonda@google.com \
--cc=qinglan.xiang@intel.com \
--cc=ruoyu.ying@intel.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=simon.p.johnson@intel.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.