From nobody Mon Feb 9 17:56:26 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1665143004; cv=none; d=zohomail.com; s=zohoarc; b=dcoLiYpsUkl8zSnGx63NhhXgmG4f7VKnnIfqeJIDcg1NWWh9ar0IWedsWV88qJoTwtWvt/QzKYlMk9QiKn3ED7Dq0Fwe02nYKwgPyb0zHRtlKoS41aA9EHM+9jOEINOFx+FQUyQ+t9APGeSA5jwEC2HH+OV85C0P32GhT8aTzGA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1665143004; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HgUFmxPmCk9EeoXhayVZa4Ou0CjOp792X4++yA9e+sE=; b=Ks9DgB451oYp2Zk9yujdX71l5qbsc4qtufX20CuKyPTxPJFFUNvdWuCy3RYGVxDKGFb7RAqw4+tA0GMGK0iSHfElJf62ousXjGJ5mvvvfirpti5x2qCk/XHNiVUJbpgAr/AYINpQ5KF/tuRhZQWs6DCCxPYjSN8k6PGMYW5xyZ8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1665143004033215.46258127705914; Fri, 7 Oct 2022 04:43:24 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-451-ujmCBD6bMvyiejm2ClIZLg-1; Fri, 07 Oct 2022 07:43:21 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 27D5E101CC6D; Fri, 7 Oct 2022 11:43:19 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A564E2166B35; Fri, 7 Oct 2022 11:43:18 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 5A9911946A4E; Fri, 7 Oct 2022 11:43:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D266A1946A49 for ; Fri, 7 Oct 2022 11:43:11 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id CDA45C0297B; Fri, 7 Oct 2022 11:43:11 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.42]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65346C15BA4; Fri, 7 Oct 2022 11:43:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1665143003; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=HgUFmxPmCk9EeoXhayVZa4Ou0CjOp792X4++yA9e+sE=; b=GG2ciXawHMCZXYdRJ7q3noLbBBVZ0xUZUWBhqnYVqwztRYRta7NRU0+CCZ+RLtRkPB+NYk JRc/qnbRFGEcn3xcOssj+a8ocOGisyGr5GcoTPD5K+N/mxcgCKSbNd+QNJ+lHUC5jN7cI7 m2iQ197YXKqlMfHK1JiUTTq9k8wxXjM= X-MC-Unique: ujmCBD6bMvyiejm2ClIZLg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 04/12] tools: support validating SEV direct kernel boot measurements Date: Fri, 7 Oct 2022 12:42:59 +0100 Message-Id: <20221007114307.1461861-5-berrange@redhat.com> In-Reply-To: <20221007114307.1461861-1-berrange@redhat.com> References: <20221007114307.1461861-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1665143005762100001 When doing direct kernel boot we need to include the kernel, initrd and cmdline in the measurement. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virt-qemu-sev-validate.rst | 43 ++++++++++ tools/virt-qemu-sev-validate.py | 102 ++++++++++++++++++++++- 2 files changed, 144 insertions(+), 1 deletion(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-= qemu-sev-validate.rst index 2c02a27103..da804ae6a0 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst @@ -102,6 +102,20 @@ initialize AMD SEV. For the validation to be trustwort= hy it important that the firmware build used has no support for loading non-volatile variables from NVRAM, even if NVRAM is expose to the guest. =20 +``-k PATH``, ``--kernel=3DPATH`` + +Path to the kernel binary if doing direct kernel boot. + +``-r PATH``, ``--initrd=3DPATH`` + +Path to the initrd binary if doing direct kernel boot. Defaults to zero le= ngth +content if omitted. + +``-e STRING``, ``--cmdline=3DSTRING`` + +String containing any kernel command line parameters used during boot of t= he +domain. Defaults to the empty string if omitted. + ``--tik PATH`` =20 TIK file for domain. This file must be exactly 16 bytes in size and contai= ns the @@ -180,6 +194,22 @@ Validate the measurement of a SEV guest booting from d= isk: --build-id 13 \ --policy 3 =20 +Validate the measurement of a SEV guest with direct kernel boot: + +:: + + # virt-dom-sev-validate \ + --firmware OVMF.sev.fd \ + --kernel vmlinuz-5.11.12 \ + --initrd initramfs-5.11.12 \ + --cmdline "root=3D/dev/vda1" \ + --tk this-guest-tk.bin \ + --measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8sw= FrybR1fZ2ID \ + --api-major 0 \ + --api-minor 24 \ + --build-id 13 \ + --policy 3 + Fetch from remote libvirt ------------------------- =20 @@ -200,6 +230,19 @@ Validate the measurement of a SEV guest booting from d= isk: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest with direct kernel boot: + +:: + + # virt-dom-sev-validate \ + --connect qemu+ssh://root@some.remote.host/system \ + --firmware OVMF.sev.fd \ + --kernel vmlinuz-5.11.12 \ + --initrd initramfs-5.11.12 \ + --cmdline "root=3D/dev/vda1" \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 + Fetch from local libvirt ------------------------ =20 diff --git a/tools/virt-qemu-sev-validate.py b/tools/virt-qemu-sev-validate= .py index c47e565224..4bc3b925f7 100755 --- a/tools/virt-qemu-sev-validate.py +++ b/tools/virt-qemu-sev-validate.py @@ -34,6 +34,7 @@ # firmware versions with known flaws. # =20 +import abc import argparse from base64 import b64decode from hashlib import sha256 @@ -45,6 +46,7 @@ import re import socket import sys import traceback +from uuid import UUID =20 log =3D logging.getLogger() =20 @@ -69,6 +71,85 @@ class InvalidStateException(Exception): pass =20 =20 +class GUIDTable(abc.ABC): + GUID_LEN =3D 16 + + def __init__(self, guid, lenlen=3D2): + self.guid =3D guid + self.lenlen =3D lenlen + + @abc.abstractmethod + def entries(self): + pass + + def build_entry(self, guid, payload, lenlen): + dummylen =3D int(0).to_bytes(lenlen, 'little') + entry =3D bytearray(guid + dummylen + payload) + + lenle =3D len(entry).to_bytes(lenlen, 'little') + entry[self.GUID_LEN:(self.GUID_LEN + lenlen)] =3D lenle + + return bytes(entry) + + def build(self): + payload =3D self.entries() + + if len(payload) =3D=3D 0: + return bytes([]) + + dummylen =3D int(0).to_bytes(self.lenlen, 'little') + table =3D bytearray(self.guid + dummylen + payload) + + guidlen =3D len(table).to_bytes(self.lenlen, 'little') + table[self.GUID_LEN:(self.GUID_LEN + self.lenlen)] =3D guidlen + + pad =3D 16 - (len(table) % 16) + table +=3D bytes([0]) * pad + + log.debug("Table: %s" % bytes(table).hex()) + return bytes(table) + + +class KernelTable(GUIDTable): + + TABLE_GUID =3D UUID('{9438d606-4f22-4cc9-b479-a793-d411fd21}').bytes_le + KERNEL_GUID =3D UUID('{4de79437-abd2-427f-b835-d5b1-72d2045b}').bytes_= le + INITRD_GUID =3D UUID('{44baf731-3a2f-4bd7-9af1-41e2-9169781d}').bytes_= le + CMDLINE_GUID =3D UUID('{97d02dd8-bd20-4c94-aa78-e771-4d36ab2a}').bytes= _le + + def __init__(self): + super().__init__(guid=3Dself.TABLE_GUID, + lenlen=3D2) + + self.kernel =3D None + self.initrd =3D None + self.cmdline =3D None + + def load_kernel(self, path): + with open(path, "rb") as fh: + self.kernel =3D sha256(fh.read()).digest() + log.debug("Kernel: %s" % self.kernel.hex()) + + def load_initrd(self, path): + with open(path, "rb") as fh: + self.initrd =3D sha256(fh.read()).digest() + log.debug("Initrd: %s" % self.initrd.hex()) + + def load_cmdline(self, str): + self.cmdline =3D sha256(str.encode("utf8") + bytes([0])).digest() + log.debug("Cmdline: %s" % self.cmdline.hex()) + + def entries(self): + entries =3D bytes([]) + if self.cmdline is not None: + entries +=3D self.build_entry(self.CMDLINE_GUID, self.cmdline,= 2) + if self.initrd is not None: + entries +=3D self.build_entry(self.INITRD_GUID, self.initrd, 2) + if self.kernel is not None: + entries +=3D self.build_entry(self.KERNEL_GUID, self.kernel, 2) + return entries + + class ConfidentialVM(object): =20 def __init__(self, @@ -87,6 +168,8 @@ class ConfidentialVM(object): self.tik =3D None self.tek =3D None =20 + self.kernel_table =3D KernelTable() + def load_tik_tek(self, tik_path, tek_path): with open(tik_path, 'rb') as fh: self.tik =3D fh.read() @@ -128,8 +211,10 @@ class ConfidentialVM(object): # of the following: # # - The firmware blob + # - The kernel GUID table def get_measured_data(self): - measured_data =3D self.firmware + measured_data =3D (self.firmware + + self.kernel_table.build()) log.debug("Measured-data(sha256): %s" % sha256(measured_data).hexdigest()) return measured_data @@ -297,6 +382,12 @@ def parse_command_line(): vmconfig =3D parser.add_argument_group("Virtual machine config") vmconfig.add_argument('--firmware', '-f', help=3D'Path to the firmware binary') + vmconfig.add_argument('--kernel', '-k', + help=3D'Path to the kernel binary') + vmconfig.add_argument('--initrd', '-r', + help=3D'Path to the initrd binary') + vmconfig.add_argument('--cmdline', '-e', + help=3D'Cmdline string booted with') vmconfig.add_argument('--tik', help=3D'TIK file for domain') vmconfig.add_argument('--tek', @@ -378,6 +469,15 @@ def attest(args): else: cvm.load_tik_tek(args.tik, args.tek) =20 + if args.kernel is not None: + cvm.kernel_table.load_kernel(args.kernel) + + if args.initrd is not None: + cvm.kernel_table.load_initrd(args.initrd) + + if args.cmdline is not None: + cvm.kernel_table.load_cmdline(args.cmdline) + if args.domain is not None: cvm.load_domain(args.connect, args.domain, --=20 2.37.3