• Paolo Bonzini's avatar
    Merge branch 'kvm-6.11-sev-attestation' into HEAD · bc9cd5a2
    Paolo Bonzini authored
    The GHCB 2.0 specification defines 2 GHCB request types to allow SNP guests
    to send encrypted messages/requests to firmware: SNP Guest Requests and SNP
    Extended Guest Requests. These encrypted messages are used for things like
    servicing attestation requests issued by the guest. Implementing support for
    these is required to be fully GHCB-compliant.
    
    For the most part, KVM only needs to handle forwarding these requests to
    firmware (to be issued via the SNP_GUEST_REQUEST firmware command defined
    in the SEV-SNP Firmware ABI), and then forwarding the encrypted response to
    the guest.
    
    However, in the case of SNP Extended Guest Requests, the host is also
    able to provide the certificate data corresponding to the endorsement key
    used by firmware to sign attestation report requests. This certificate data
    is provided by userspace because:
    
      1) It allows for different keys/key types to be used for each particular
         guest with requiring any sort of KVM API to configure the certificate
         table in advance on a per-guest basis.
    
      2) It provides additional flexibility with how attestation requests might
         be handled during live migration where the certificate data for
         source/dest might be different.
    
      3) It allows all synchronization between certificates and firmware/signing
         key updates to be handled purely by userspace rather than requiring
         some in-kernel mechanism to facilitate it. [1]
    
    To support fetching certificate data from userspace, a new KVM exit type will
    be needed to handle fetching the certificate from userspace. An attempt to
    define a new KVM_EXIT_COCO/KVM_EXIT_COCO_REQ_CERTS exit type to handle this
    was introduced in v1 of this patchset, but is still being discussed by
    community, so for now this patchset only implements a stub version of SNP
    Extended Guest Requests that does not provide certificate data, but is still
    enough to provide compliance with the GHCB 2.0 spec.
    bc9cd5a2
sev.c 132 KB