From nobody Mon Feb 9 17:56:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1665143110; cv=none; d=zohomail.com; s=zohoarc; b=hV1NF/gUkmd/FjwFc+EJXncLU1PmKOTpVv7po/t+/O6FgfJT7tTcDGL/oFWIARReRw7vY033QcsAOokNbsWLZdSlyfBYOjzV6+hRHvcMR+6agMUQOa2sJujQgBiPs4N2e+28H6CiU8p42hAQkIkefDodmtf1LmFjUlcyEFz5iBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665143110; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=GqkrHJ3Xhl3XGGsbpMEy09j+25C07v4kdOLA8zFSzrI=; b=LWVC0aobNVR+pvpK6T/2juCH8JLJrcC9Yqze7GCoZNy4rHSZFDuY2wMha/ThFLSlC5+wCVInHUW12kz21HusMScASkQvJjQDLR769HU7HQGZXn9OpzdAbN2RO0smM9ZToicrJPQz2oWA8bQhuGkjr39wRRjM9sS/0kmFHvtykxY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 166514311065345.70711349866531; Fri, 7 Oct 2022 04:45:10 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-175-y4lKhScqN5qirlIuVaG56w-1; Fri, 07 Oct 2022 07:44:20 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37CEC185A78F; Fri, 7 Oct 2022 11:44:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 24D781402C01; Fri, 7 Oct 2022 11:44:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C35561947071; Fri, 7 Oct 2022 11:43:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 176291947059 for ; Fri, 7 Oct 2022 11:43:15 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 0A0F9C2C7D9; Fri, 7 Oct 2022 11:43:15 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.42]) by smtp.corp.redhat.com (Postfix) with ESMTP id 956E0C0297B; Fri, 7 Oct 2022 11:43:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1665143109; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=GqkrHJ3Xhl3XGGsbpMEy09j+25C07v4kdOLA8zFSzrI=; b=Kr/mvG/ekTmXULLZNukI0lk/9qbbXkE46Arr1OURwA0etCr5Qg9mi6vJ5BvfVzMkGFxdr9 8Grwp8jsViDjLDUz6HDfyaP3efYEcofRbUEQvWSWj/AaJWB4aaEYxDACWsc5cscysA/UjA +VNBmvsn81lDVaWeNLtOrqFhFbYFrXE= X-MC-Unique: y4lKhScqN5qirlIuVaG56w-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 09/12] tools: support generating SEV secret injection tables Date: Fri, 7 Oct 2022 12:43:04 +0100 Message-Id: <20221007114307.1461861-10-berrange@redhat.com> In-Reply-To: <20221007114307.1461861-1-berrange@redhat.com> References: <20221007114307.1461861-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1665143112410100003 It is possible to build OVMF for SEV with an embedded Grub that can fetch LUKS disk secrets. This adds support for injecting secrets in the required format. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virt-qemu-sev-validate.rst | 66 ++++++++++ tools/virt-qemu-sev-validate.py | 155 +++++++++++++++++++++-- 2 files changed, 212 insertions(+), 9 deletions(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-= qemu-sev-validate.rst index fcc13d68c8..7542bea9aa 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst @@ -187,6 +187,29 @@ understand any configuration mistakes that have been m= ade. If the will be skipped. The result is that the validation will likely be reported= as failed. =20 +Secret injection options +------------------------ + +These options provide a way to inject a secret if validation of the +launch measurement passes. + +``--disk-password PATH`` + +Path to a file containing the password to use to unlock the LUKS container +for the guest disk. + +``--secret-header PATH`` + +Path to a file in which the injected secret header will be written in base= 64 +format and later injected into the domain. This is required if there is no +connection to libvirt, otherwise the secret will be directly injected. + +``--secret-payload PATH`` + +Path to a file in which the injected secret payload will be written in bas= e64 +format and later injected into the domain. This is required if there is no +connection to libvirt, otherwise the secret will be directly injected. + EXAMPLES =3D=3D=3D=3D=3D=3D=3D=3D =20 @@ -261,6 +284,26 @@ automatically constructed VMSA: --build-id 13 \ --policy 7 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --loader OVMF.sev.fd \ + --tk this-guest-tk.bin \ + --measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8sw= FrybR1fZ2ID \ + --api-major 0 \ + --api-minor 24 \ + --build-id 13 \ + --policy 3 \ + --disk-password passwd.txt \ + --secret-header secret-header.b64 \ + --secret-payload secret-payload.b64 + +The ``secret-header.b64`` and ``secret-payload.b64`` files can now be sent= to +the virtualization host for injection. + Fetch from remote libvirt ------------------------- =20 @@ -321,6 +364,18 @@ automatically constructed VMSA: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --connect qemu+ssh://root@some.remote.host/system \ + --loader OVMF.sev.fd \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 \ + --disk-password passwd.txt + Fetch from local libvirt ------------------------ =20 @@ -371,6 +426,17 @@ automatically constructed VMSA: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --insecure \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 \ + --disk-password passwd.txt + EXIT STATUS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 diff --git a/tools/virt-qemu-sev-validate.py b/tools/virt-qemu-sev-validate= .py index 5da1353e60..2c5ad9083d 100755 --- a/tools/virt-qemu-sev-validate.py +++ b/tools/virt-qemu-sev-validate.py @@ -36,18 +36,21 @@ =20 import abc import argparse -from base64 import b64decode +from base64 import b64decode, b64encode from hashlib import sha256 import hmac import libvirt import logging from lxml import etree +import os import re import socket from struct import pack import sys import traceback from uuid import UUID +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, mod= es + =20 log =3D logging.getLogger() =20 @@ -580,7 +583,26 @@ class KernelTable(GUIDTable): return entries =20 =20 -class ConfidentialVM(object): +class SecretsTable(GUIDTable): + + TABLE_GUID =3D UUID('{1e74f542-71dd-4d66-963e-ef4287ff173b}').bytes_le + DISK_PW_GUID =3D UUID('{736869e5-84f0-4973-92ec-06879ce3da0b}').bytes_= le + + def __init__(self): + super().__init__(guid=3Dself.TABLE_GUID, + lenlen=3D4) + self.disk_password =3D None + + def load_disk_password(self, path): + with open(path, 'rb') as fh: + self.disk_password =3D fh.read() + + def entries(self): + return self.build_entry(self.DISK_PW_GUID, + self.disk_password + bytes([0]), 4) + + +class ConfidentialVM(abc.ABC): POLICY_BIT_SEV_ES =3D 2 POLICY_VAL_SEV_ES =3D (1 << POLICY_BIT_SEV_ES) =20 @@ -606,6 +628,7 @@ class ConfidentialVM(object): self.vmsa_cpu1 =3D None =20 self.kernel_table =3D KernelTable() + self.secrets_table =3D SecretsTable() =20 def is_sev_es(self): return self.policy & self.POLICY_VAL_SEV_ES @@ -758,6 +781,82 @@ class ConfidentialVM(object): raise AttestationFailedException( "Measurement does not match, VM is not trustworthy") =20 + def build_secrets(self): + measurement, _ =3D self.get_measurements() + + iv =3D os.urandom(16) + + secret_table =3D self.secrets_table.build() + + cipher =3D Cipher(algorithms.AES(self.tek), modes.CTR(iv)) + enc =3D cipher.encryptor() + secret_table_ciphertext =3D (enc.update(secret_table) + + enc.finalize()) + + flags =3D 0 + + ## + # Table 55. LAUNCH_SECRET Packet Header Buffer + ## + header =3D ( + flags.to_bytes(4, byteorder=3D'little') + + iv + ) + + # AMD Secure Encrypted Virtualization API , section 6.6 + # + # hdrmac =3D HMAC(0x01 || FLAGS || IV || GUEST_LENGTH || + # TRANS_LENGTH || DATA || + # MEASURE; GCTX.TIK) + # + msg =3D ( + bytes([0x01]) + + flags.to_bytes(4, byteorder=3D'little') + + iv + + len(secret_table).to_bytes(4, byteorder=3D'little') + + len(secret_table).to_bytes(4, byteorder=3D'little') + + secret_table_ciphertext + + measurement + ) + + h =3D hmac.new(self.tik, msg, 'sha256') + header =3D ( + flags.to_bytes(4, byteorder=3D'little') + + iv + + h.digest() + ) + + header64 =3D b64encode(header).decode('utf8') + secret64 =3D b64encode(secret_table_ciphertext).decode('utf8') + log.debug("Header: %s (%d bytes)" % (header64, len(header))) + log.debug("Secret: %s (%d bytes)" % ( + secret64, len(secret_table_ciphertext))) + + return header64, secret64 + + @abc.abstractmethod + def inject_secrets(self): + pass + + +class OfflineConfidentialVM(ConfidentialVM): + def __init__(self, + secret_header=3DNone, + secret_payload=3DNone, + **kwargs): + super().__init__(**kwargs) + + self.secret_header =3D secret_header + self.secret_payload =3D secret_payload + + def inject_secrets(self): + header64, secret64 =3D self.build_secrets() + + with open(self.secret_header, "wb") as fh: + fh.write(header64.encode('utf8')) + with open(self.secret_payload, "wb") as fh: + fh.write(secret64.encode('utf8')) + =20 class LibvirtConfidentialVM(ConfidentialVM): def __init__(self, **kwargs): @@ -937,6 +1036,14 @@ class LibvirtConfidentialVM(ConfidentialVM): cpu_stepping =3D int(sig[0].get("stepping")) self.build_vmsas(cpu_family, cpu_model, cpu_stepping) =20 + def inject_secrets(self): + header64, secret64 =3D self.build_secrets() + + params =3D {"sev-secret": secret64, + "sev-secret-header": header64} + self.dom.setLaunchSecurityState(params, 0) + self.dom.resume() + =20 def parse_command_line(): parser =3D argparse.ArgumentParser( @@ -999,6 +1106,14 @@ def parse_command_line(): vmconn.add_argument('--ignore-config', '-g', action=3D'store_true', help=3D'Do not attempt to sanity check the guest c= onfig') =20 + # Arguments related to secret injection + parser.add_argument('--disk-password', '-s', + help=3D'Path to LUKS disk password to inject') + parser.add_argument('--secret-payload', + help=3D'Path to file to write secret data payload = to') + parser.add_argument('--secret-header', + help=3D'Path to file to write secret data header t= o') + return parser.parse_args() =20 =20 @@ -1039,6 +1154,15 @@ def check_usage(args): raise UnsupportedUsageException( "Either --firmware or --domain is required") =20 + if args.disk_password is not None: + if args.secret_header is None: + raise UnsupportedUsageException( + "Either --secret-header or --domain is required") + + if args.secret_payload is None: + raise UnsupportedUsageException( + "Either --secret-payload or --domain is required") + sku =3D [args.cpu_family, args.cpu_model, args.cpu_stepping] if sku.count(None) =3D=3D len(sku): if args.vmsa_cpu1 is not None and args.vmsa_cpu0 is None: @@ -1053,15 +1177,22 @@ def check_usage(args): raise UnsupportedUsageException( "CPU SKU needs family, model and stepping for SEV-ES domai= n") =20 + secret =3D [args.secret_payload, args.secret_header] + if secret.count(None) > 0 and secret.count(None) !=3D len(secret): + raise UnsupportedUsageException( + "Both --secret-payload and --secret-header are required") + =20 def attest(args): if args.domain is None: - cvm =3D ConfidentialVM(measurement=3Dargs.measurement, - api_major=3Dargs.api_major, - api_minor=3Dargs.api_minor, - build_id=3Dargs.build_id, - policy=3Dargs.policy, - num_cpus=3Dargs.num_cpus) + cvm =3D OfflineConfidentialVM(measurement=3Dargs.measurement, + api_major=3Dargs.api_major, + api_minor=3Dargs.api_minor, + build_id=3Dargs.build_id, + policy=3Dargs.policy, + num_cpus=3Dargs.num_cpus, + secret_header=3Dargs.secret_header, + secret_payload=3Dargs.secret_payload) else: cvm =3D LibvirtConfidentialVM(measurement=3Dargs.measurement, api_major=3Dargs.api_major, @@ -1105,10 +1236,16 @@ def attest(args): args.ignore_config) =20 cvm.attest() - if not args.quiet: print("OK: Looks good to me") =20 + if args.disk_password: + cvm.secrets_table.load_disk_password(args.disk_password) + + cvm.inject_secrets() + if not args.quiet: + print("OK: Injected password") + =20 if __name__ =3D=3D "__main__": args =3D parse_command_line() --=20 2.37.3