From nobody Sun Feb 8 10:50:34 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1667390362; cv=none; d=zohomail.com; s=zohoarc; b=U7LLFA9Pa3vGMICR+4nGHXwT2dWHjjhuW8iVaUkPdyUJ/lfL2mCZrZ5DG86kTjaxU5Ki+wQmR6hj+uXVlEAVZkdj9msDXqXnsBWRa8NhtoilPKgWNewWgdibSLtu6v6GFaGT+uwVTnkfcXre5iGsTm9pMoc60a6/CdFKnu91s2w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667390362; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aPkUfEsZ6JgXxK0w2SuNfqL94Uhgv3HV4P9fVFDdSmA=; b=eqL7uNLPTbsBQcGFm6XpiECxL+oSYWe7Q7jguOCAkKiXxrn9RvrJ3XybffSlVLcYVa4TT/Tm3iTPQ7EDGvgmtCPd3/iFnE9KM4YDtKwzUCuaoC2xEVY/WLTT/FEM6NL079MIRlAL2+Egoh4vQ5GPTlh4koqMiXhrf1+fxR6Q1zg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1667390362574336.22934397784013; Wed, 2 Nov 2022 04:59:22 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-510-EW4wZJC4OyK_EEud-mJEng-1; Wed, 02 Nov 2022 07:59:17 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E0EF3811E81; Wed, 2 Nov 2022 11:59:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id CBEB27AE5; Wed, 2 Nov 2022 11:59:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id BECD119465A4; Wed, 2 Nov 2022 11:59:11 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 024C219465A4 for ; Wed, 2 Nov 2022 11:59:11 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id D974D111CB8E; Wed, 2 Nov 2022 11:59:10 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.154]) by smtp.corp.redhat.com (Postfix) with ESMTP id 31E311121339; Wed, 2 Nov 2022 11:59:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667390361; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=aPkUfEsZ6JgXxK0w2SuNfqL94Uhgv3HV4P9fVFDdSmA=; b=J+pzVI49ahJ73phLc/DZ5dVAAfCYO8CmnznSPXFW/QeXDkU0GQwUqxc7hJebj4JxNcA8bl 3G7iObkEOPHRhTsgZM9WtY733yDJoG57A+wnwDn5xJCXhZZqwyeUVI+d48hPoo2aakhVad qR2FtIVh/jq7iGhMRH/TuPyTUUKosL4= X-MC-Unique: EW4wZJC4OyK_EEud-mJEng-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v3 09/12] tools: support generating SEV secret injection tables Date: Wed, 2 Nov 2022 11:58:58 +0000 Message-Id: <20221102115901.823636-10-berrange@redhat.com> In-Reply-To: <20221102115901.823636-1-berrange@redhat.com> References: <20221102115901.823636-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1667390362950100001 It is possible to build OVMF for SEV with an embedded Grub that can fetch LUKS disk secrets. This adds support for injecting secrets in the required format. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: J=C3=A1n Tomko --- docs/manpages/virt-qemu-sev-validate.rst | 83 ++++++++++ tools/virt-qemu-sev-validate | 183 +++++++++++++++++++++-- 2 files changed, 257 insertions(+), 9 deletions(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-= qemu-sev-validate.rst index e1e290f125..db1b43a775 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst @@ -189,6 +189,46 @@ understand any configuration mistakes that have been m= ade. If the will be skipped. The result is that the validation will likely be reported= as failed. =20 +Secret injection options +------------------------ + +These options provide a way to inject a secret if validation of the +launch measurement passes. + +``--inject-secret ALIAS-OR-GUID:PATH`` + +Path to a file containing a secret to inject into the guest OS. Typical +usage would be to supply a password for unlocking the root filesystem +full disk encryption. ``ALIAS`` can be one of the well known secrets: + +* ``luks-key`` - bytes to use as a key for unlocking a LUKS key slot. + GUID of ``736869e5-84f0-4973-92ec-06879ce3da0b``. + +Alternatively ``GUID`` refers to an arbitrary UUID of the callers +choosing. The contents of ``PATH`` are defined by the requirements +of the associated GUID, and will used as-is without modification. +In particular be aware: + + * Avoid unwanted trailing newline characters in ``PATH`` unless + mandated by the ``GUID``. + * Any trailing ``NUL`` byte must be explicitly included in ``PATH`` + if mandated by the ``GUID``. + +This argument can be repeated multiple times, provided a different +``GUID`` is given for each instance. + +``--secret-header PATH`` + +Path to a file in which the injected secret header will be written in base= 64 +format and later injected into the domain. This is required if there is no +connection to libvirt, otherwise the secret will be directly injected. + +``--secret-payload PATH`` + +Path to a file in which the injected secret payload will be written in bas= e64 +format and later injected into the domain. This is required if there is no +connection to libvirt, otherwise the secret will be directly injected. + EXAMPLES =3D=3D=3D=3D=3D=3D=3D=3D =20 @@ -263,6 +303,26 @@ automatically constructed VMSA: --build-id 13 \ --policy 7 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --loader OVMF.sev.fd \ + --tk this-guest-tk.bin \ + --measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8sw= FrybR1fZ2ID \ + --api-major 0 \ + --api-minor 24 \ + --build-id 13 \ + --policy 3 \ + --disk-password passwd.txt \ + --secret-header secret-header.b64 \ + --secret-payload secret-payload.b64 + +The ``secret-header.b64`` and ``secret-payload.b64`` files can now be sent= to +the virtualization host for injection. + Fetch from remote libvirt ------------------------- =20 @@ -323,6 +383,18 @@ automatically constructed VMSA: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --connect qemu+ssh://root@some.remote.host/system \ + --loader OVMF.sev.fd \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 \ + --disk-password passwd.txt + Fetch from local libvirt ------------------------ =20 @@ -373,6 +445,17 @@ automatically constructed VMSA: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest booting from disk and +inject a disk password on success: + +:: + + # virt-dom-sev-validate \ + --insecure \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 \ + --disk-password passwd.txt + EXIT STATUS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index 9eb9d54258..ac1e4c8d66 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -36,16 +36,19 @@ =20 import abc import argparse -from base64 import b64decode +from base64 import b64decode, b64encode from hashlib import sha256 import hmac import logging +import os import re import socket from struct import pack import sys import traceback from uuid import UUID +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, mod= es + =20 from lxml import etree import libvirt @@ -574,7 +577,46 @@ class KernelTable(GUIDTable): return entries =20 =20 -class ConfidentialVM(object): +class SecretsTable(GUIDTable): + + TABLE_GUID =3D UUID('{1e74f542-71dd-4d66-963e-ef4287ff173b}').bytes_le + + GUID_ALIASES =3D { + "luks-key": UUID('{736869e5-84f0-4973-92ec-06879ce3da0b}') + } + + def __init__(self): + super().__init__(guid=3Dself.TABLE_GUID, + lenlen=3D4) + self.secrets =3D {} + + def load_secret(self, alias_or_guid, path): + guid =3D None + if re.match(r"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-= fA-F]{4}-[0-9a-fA-F]{12}$", + alias_or_guid): + guid =3D UUID(alias_or_guid) + else: + if alias_or_guid not in self.GUID_ALIASES: + raise UnsupportedUsageException( + "Secret alias '%s' is not known" % alias_or_guid) + + guid =3D self.GUID_ALIASES[alias_or_guid] + + if guid in self.secrets: + raise UnsupportedUsageException( + "Secret for GUID %s already loaded" % guid) + + with open(path, 'rb') as fh: + self.secrets[guid] =3D fh.read() + + def entries(self): + entries =3D bytes([]) + for guid, value in self.secrets.items(): + entries +=3D self.build_entry(guid.bytes_le, value, 4) + return entries + + +class ConfidentialVM(abc.ABC): POLICY_BIT_SEV_ES =3D 2 POLICY_VAL_SEV_ES =3D (1 << POLICY_BIT_SEV_ES) =20 @@ -600,6 +642,7 @@ class ConfidentialVM(object): self.vmsa_cpu1 =3D None =20 self.kernel_table =3D KernelTable() + self.secrets_table =3D SecretsTable() =20 def is_sev_es(self): return self.policy & self.POLICY_VAL_SEV_ES @@ -752,6 +795,82 @@ class ConfidentialVM(object): raise AttestationFailedException( "Measurement does not match, VM is not trustworthy") =20 + def build_secrets(self): + measurement, _ =3D self.get_measurements() + + iv =3D os.urandom(16) + + secret_table =3D self.secrets_table.build() + + cipher =3D Cipher(algorithms.AES(self.tek), modes.CTR(iv)) + enc =3D cipher.encryptor() + secret_table_ciphertext =3D (enc.update(secret_table) + + enc.finalize()) + + flags =3D 0 + + ## + # Table 55. LAUNCH_SECRET Packet Header Buffer + ## + header =3D ( + flags.to_bytes(4, byteorder=3D'little') + + iv + ) + + # AMD Secure Encrypted Virtualization API , section 6.6 + # + # hdrmac =3D HMAC(0x01 || FLAGS || IV || GUEST_LENGTH || + # TRANS_LENGTH || DATA || + # MEASURE; GCTX.TIK) + # + msg =3D ( + bytes([0x01]) + + flags.to_bytes(4, byteorder=3D'little') + + iv + + len(secret_table).to_bytes(4, byteorder=3D'little') + + len(secret_table).to_bytes(4, byteorder=3D'little') + + secret_table_ciphertext + + measurement + ) + + h =3D hmac.new(self.tik, msg, 'sha256') + header =3D ( + flags.to_bytes(4, byteorder=3D'little') + + iv + + h.digest() + ) + + header64 =3D b64encode(header).decode('utf8') + secret64 =3D b64encode(secret_table_ciphertext).decode('utf8') + log.debug("Header: %s (%d bytes)", header64, len(header)) + log.debug("Secret: %s (%d bytes)", + secret64, len(secret_table_ciphertext)) + + return header64, secret64 + + @abc.abstractmethod + def inject_secrets(self): + pass + + +class OfflineConfidentialVM(ConfidentialVM): + def __init__(self, + secret_header=3DNone, + secret_payload=3DNone, + **kwargs): + super().__init__(**kwargs) + + self.secret_header =3D secret_header + self.secret_payload =3D secret_payload + + def inject_secrets(self): + header64, secret64 =3D self.build_secrets() + + with open(self.secret_header, "wb") as fh: + fh.write(header64.encode('utf8')) + with open(self.secret_payload, "wb") as fh: + fh.write(secret64.encode('utf8')) + =20 class LibvirtConfidentialVM(ConfidentialVM): def __init__(self, **kwargs): @@ -939,6 +1058,14 @@ class LibvirtConfidentialVM(ConfidentialVM): cpu_stepping =3D int(sig[0].get("stepping")) self.build_vmsas(cpu_family, cpu_model, cpu_stepping) =20 + def inject_secrets(self): + header64, secret64 =3D self.build_secrets() + + params =3D {"sev-secret": secret64, + "sev-secret-header": header64} + self.dom.setLaunchSecurityState(params, 0) + self.dom.resume() + =20 def parse_command_line(): parser =3D argparse.ArgumentParser( @@ -1001,6 +1128,15 @@ def parse_command_line(): vmconn.add_argument('--ignore-config', '-g', action=3D'store_true', help=3D'Do not attempt to sanity check the guest c= onfig') =20 + # Arguments related to secret injection + inject =3D parser.add_argument_group("Secret injection parameters") + inject.add_argument('--inject-secret', '-s', action=3D'append', defaul= t=3D[], + help=3D'ALIAS-OR-GUID:PATH file containing secret = to inject') + inject.add_argument('--secret-payload', + help=3D'Path to file to write secret data payload = to') + inject.add_argument('--secret-header', + help=3D'Path to file to write secret data header t= o') + return parser.parse_args() =20 =20 @@ -1041,6 +1177,15 @@ def check_usage(args): raise UnsupportedUsageException( "Either --firmware or --domain is required") =20 + if len(args.inject_secret) > 0: + if args.secret_header is None: + raise UnsupportedUsageException( + "Either --secret-header or --domain is required") + + if args.secret_payload is None: + raise UnsupportedUsageException( + "Either --secret-payload or --domain is required") + if args.kernel is None: if args.initrd is not None or args.cmdline is not None: raise UnsupportedUsageException( @@ -1060,15 +1205,22 @@ def check_usage(args): raise UnsupportedUsageException( "CPU SKU needs family, model and stepping for SEV-ES domai= n") =20 + secret =3D [args.secret_payload, args.secret_header] + if secret.count(None) > 0 and secret.count(None) !=3D len(secret): + raise UnsupportedUsageException( + "Both --secret-payload and --secret-header are required") + =20 def attest(args): if args.domain is None: - cvm =3D ConfidentialVM(measurement=3Dargs.measurement, - api_major=3Dargs.api_major, - api_minor=3Dargs.api_minor, - build_id=3Dargs.build_id, - policy=3Dargs.policy, - num_cpus=3Dargs.num_cpus) + cvm =3D OfflineConfidentialVM(measurement=3Dargs.measurement, + api_major=3Dargs.api_major, + api_minor=3Dargs.api_minor, + build_id=3Dargs.build_id, + policy=3Dargs.policy, + num_cpus=3Dargs.num_cpus, + secret_header=3Dargs.secret_header, + secret_payload=3Dargs.secret_payload) else: cvm =3D LibvirtConfidentialVM(measurement=3Dargs.measurement, api_major=3Dargs.api_major, @@ -1112,10 +1264,23 @@ def attest(args): args.ignore_config) =20 cvm.attest() - if not args.quiet: print("OK: Looks good to me") =20 + for secret in args.inject_secret: + bits =3D secret.split(":") + if len(bits) !=3D 2: + raise UnsupportedUsageException( + "Expecting ALIAS-OR-GUID:PATH for injected secret") + + cvm.secrets_table.load_secret(bits[0], bits[1]) + + if len(args.inject_secret) > 0: + cvm.inject_secrets() + if not args.quiet: + print("OK: Injected %d secrets" % len(args.inject_secret)) + + def main(): args =3D parse_command_line() if args.debug: --=20 2.37.3