From nobody Mon Feb 9 19:31:36 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1667832136; cv=none; d=zohomail.com; s=zohoarc; b=RQzZuXPfim5mn2f26nk9Lgx0stLHVnlhvvJxSuWS3Z7j48Oa9jllscBPxV2QdsBynrhBYOcdQD4qRgMZV5m5I13pEZSw6AlZBGPKsVJpCM1WKQBOK+kqFrwAJBEOuJYkjXp3aMMOjbwoh84ngm/+7msvAnkczxY+OGrw7V7Jm0c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1667832136; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=yaXWC87cUbxAUfeJM1gdBir8NPrqsSKorK3DuFVbYVM=; b=KREovTab9Cm6QZE767s4uY/T9/G5zv7ITLpENBFdsGjNw/9Py4dsiVNv+UDmJen0LsnErCyEGO0AAz2XdY6Wt5WKr8kPp31bJ1hg2jLDi4JZTNzb3IIraxdQVhv5NGHjUe39B/Hzy8Svi4zxvYza0KybiAfQ1FzzLO/C8v+L5L0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1667832136092333.61346451590873; Mon, 7 Nov 2022 06:42:16 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-142-RFOIIslfMUGbpdGzRHxAmw-1; Mon, 07 Nov 2022 09:42:06 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4D1C8101245E; Mon, 7 Nov 2022 14:41:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 39D2BC1908A; Mon, 7 Nov 2022 14:41:52 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 2E9531946A74; Mon, 7 Nov 2022 14:41:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 357AD1946587 for ; Mon, 7 Nov 2022 14:41:33 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 28F0740C2089; Mon, 7 Nov 2022 14:41:33 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.58]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9315340C2064; Mon, 7 Nov 2022 14:41:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1667832135; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=yaXWC87cUbxAUfeJM1gdBir8NPrqsSKorK3DuFVbYVM=; b=XLLQmYo8OxpgEm2lJZmu9oYDXCbU+0CBZbVvfqQyMtX4F4s2xCljoUCOZkjUCy+dsyjdJn mJ9+ezNuv1MPPYmMV0qIC8rwL7moWmhn2t1LMAld4DOhiDlEkUXH7l1hOr39W9TceyNP0z XuPWN6ys3FHMmX4zSSy/0vsUfQAyO3U= X-MC-Unique: RFOIIslfMUGbpdGzRHxAmw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v4 04/12] tools: support validating SEV direct kernel boot measurements Date: Mon, 7 Nov 2022 14:41:19 +0000 Message-Id: <20221107144127.973324-5-berrange@redhat.com> In-Reply-To: <20221107144127.973324-1-berrange@redhat.com> References: <20221107144127.973324-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1667832136689100001 When doing direct kernel boot we need to include the kernel, initrd and cmdline in the measurement. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/manpages/virt-qemu-sev-validate.rst | 43 +++++++++ tools/virt-qemu-sev-validate | 113 ++++++++++++++++++++++- 2 files changed, 155 insertions(+), 1 deletion(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-= qemu-sev-validate.rst index e2c4672a05..e8a868f5a8 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst @@ -102,6 +102,20 @@ initialize AMD SEV. For the validation to be trustwort= hy it important that the firmware build used has no support for loading non-volatile variables from NVRAM, even if NVRAM is expose to the guest. =20 +``-k PATH``, ``--kernel=3DPATH`` + +Path to the kernel binary if doing direct kernel boot. + +``-r PATH``, ``--initrd=3DPATH`` + +Path to the initrd binary if doing direct kernel boot. Defaults to zero le= ngth +content if omitted. + +``-e STRING``, ``--cmdline=3DSTRING`` + +String containing any kernel command line parameters used during boot of t= he +domain. Defaults to the empty string if omitted. + ``--tik PATH`` =20 TIK file for domain. This file must be exactly 16 bytes in size and contai= ns the @@ -182,6 +196,22 @@ Validate the measurement of a SEV guest booting from d= isk: --build-id 13 \ --policy 3 =20 +Validate the measurement of a SEV guest with direct kernel boot: + +:: + + # virt-dom-sev-validate \ + --firmware OVMF.sev.fd \ + --kernel vmlinuz-5.11.12 \ + --initrd initramfs-5.11.12 \ + --cmdline "root=3D/dev/vda1" \ + --tk this-guest-tk.bin \ + --measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8sw= FrybR1fZ2ID \ + --api-major 0 \ + --api-minor 24 \ + --build-id 13 \ + --policy 3 + Fetch from remote libvirt ------------------------- =20 @@ -202,6 +232,19 @@ Validate the measurement of a SEV guest booting from d= isk: --tk this-guest-tk.bin \ --domain fedora34x86_64 =20 +Validate the measurement of a SEV guest with direct kernel boot: + +:: + + # virt-dom-sev-validate \ + --connect qemu+ssh://root@some.remote.host/system \ + --firmware OVMF.sev.fd \ + --kernel vmlinuz-5.11.12 \ + --initrd initramfs-5.11.12 \ + --cmdline "root=3D/dev/vda1" \ + --tk this-guest-tk.bin \ + --domain fedora34x86_64 + Fetch from local libvirt ------------------------ =20 diff --git a/tools/virt-qemu-sev-validate b/tools/virt-qemu-sev-validate index 31c739c10f..b978c3eb3d 100755 --- a/tools/virt-qemu-sev-validate +++ b/tools/virt-qemu-sev-validate @@ -34,6 +34,7 @@ # firmware versions with known flaws. # =20 +import abc import argparse from base64 import b64decode from hashlib import sha256 @@ -43,6 +44,7 @@ import re import socket import sys import traceback +from uuid import UUID =20 from lxml import etree import libvirt @@ -70,6 +72,91 @@ class InvalidStateException(Exception): pass =20 =20 +class GUIDTable(abc.ABC): + GUID_LEN =3D 16 + + def __init__(self, guid, lenlen=3D2): + self.guid =3D guid + self.lenlen =3D lenlen + + @abc.abstractmethod + def entries(self): + pass + + def build_entry(self, guid, payload, lenlen): + dummylen =3D int(0).to_bytes(lenlen, 'little') + entry =3D bytearray(guid + dummylen + payload) + + lenle =3D len(entry).to_bytes(lenlen, 'little') + entry[self.GUID_LEN:(self.GUID_LEN + lenlen)] =3D lenle + + return bytes(entry) + + def build(self): + payload =3D self.entries() + + if len(payload) =3D=3D 0: + return bytes([]) + + dummylen =3D int(0).to_bytes(self.lenlen, 'little') + table =3D bytearray(self.guid + dummylen + payload) + + guidlen =3D len(table).to_bytes(self.lenlen, 'little') + table[self.GUID_LEN:(self.GUID_LEN + self.lenlen)] =3D guidlen + + pad =3D 16 - (len(table) % 16) + table +=3D bytes([0]) * pad + + log.debug("Table(hex): %s", bytes(table).hex()) + return bytes(table) + + +class KernelTable(GUIDTable): + + TABLE_GUID =3D UUID('{9438d606-4f22-4cc9-b479-a793-d411fd21}').bytes_le + KERNEL_GUID =3D UUID('{4de79437-abd2-427f-b835-d5b1-72d2045b}').bytes_= le + INITRD_GUID =3D UUID('{44baf731-3a2f-4bd7-9af1-41e2-9169781d}').bytes_= le + CMDLINE_GUID =3D UUID('{97d02dd8-bd20-4c94-aa78-e771-4d36ab2a}').bytes= _le + + def __init__(self): + super().__init__(guid=3Dself.TABLE_GUID, + lenlen=3D2) + + self.kernel =3D None + self.initrd =3D None + self.cmdline =3D None + + def load_kernel(self, path): + with open(path, "rb") as fh: + self.kernel =3D sha256(fh.read()).digest() + + def load_initrd(self, path): + with open(path, "rb") as fh: + self.initrd =3D sha256(fh.read()).digest() + + def load_cmdline(self, val): + self.cmdline =3D sha256(val.encode("utf8") + bytes([0])).digest() + + def entries(self): + entries =3D bytes([]) + if self.kernel is None: + return entries + + if self.initrd is None: + self.initrd =3D sha256(bytes([])).digest() + if self.cmdline is None: + self.cmdline =3D sha256(bytes([0])).digest() + + log.debug("Kernel(sha256): %s", self.kernel.hex()) + log.debug("Initrd(sha256): %s", self.initrd.hex()) + log.debug("Cmdline(sha256): %s", self.cmdline.hex()) + entries +=3D self.build_entry(self.CMDLINE_GUID, self.cmdline, 2) + entries +=3D self.build_entry(self.INITRD_GUID, self.initrd, 2) + entries +=3D self.build_entry(self.KERNEL_GUID, self.kernel, 2) + + return entries + + class ConfidentialVM(object): =20 def __init__(self, @@ -88,6 +175,8 @@ class ConfidentialVM(object): self.tik =3D None self.tek =3D None =20 + self.kernel_table =3D KernelTable() + def load_tik_tek(self, tik_path, tek_path): with open(tik_path, 'rb') as fh: self.tik =3D fh.read() @@ -129,8 +218,10 @@ class ConfidentialVM(object): # of the following: # # - The firmware blob + # - The kernel GUID table def get_measured_data(self): - measured_data =3D self.firmware + measured_data =3D (self.firmware + + self.kernel_table.build()) log.debug("Measured-data(sha256): %s", sha256(measured_data).hexdigest()) return measured_data @@ -303,6 +394,12 @@ def parse_command_line(): vmconfig =3D parser.add_argument_group("Virtual machine config") vmconfig.add_argument('--firmware', '-f', help=3D'Path to the firmware binary') + vmconfig.add_argument('--kernel', '-k', + help=3D'Path to the kernel binary') + vmconfig.add_argument('--initrd', '-r', + help=3D'Path to the initrd binary') + vmconfig.add_argument('--cmdline', '-e', + help=3D'Cmdline string booted with') vmconfig.add_argument('--tik', help=3D'TIK file for domain') vmconfig.add_argument('--tek', @@ -361,6 +458,11 @@ def check_usage(args): raise UnsupportedUsageException( "Either --firmware or --domain is required") =20 + if args.kernel is None: + if args.initrd is not None or args.cmdline is not None: + raise UnsupportedUsageException( + "--initrd/--cmdline require --kernel") + =20 def attest(args): if args.domain is None: @@ -384,6 +486,15 @@ def attest(args): else: cvm.load_tik_tek(args.tik, args.tek) =20 + if args.kernel is not None: + cvm.kernel_table.load_kernel(args.kernel) + + if args.initrd is not None: + cvm.kernel_table.load_initrd(args.initrd) + + if args.cmdline is not None: + cvm.kernel_table.load_cmdline(args.cmdline) + if args.domain is not None: cvm.load_domain(args.connect, args.domain, --=20 2.37.3