* Alexander Graf (graf@xxxxxxxxxx) wrote: > Hi Jörg, > > On 22.03.23 10:19, Jörg Rödel wrote: > > > On Tue, Mar 21, 2023 at 07:53:58PM +0000, Dr. David Alan Gilbert wrote: > > > OK; the other thing that needs to get nailed down for the vTPM's is the > > > relationship between the vTPM attestation and the SEV attestation. > > > i.e. how to prove that the vTPM you're dealing with is from an SNP host. > > > (Azure have a hack of putting an SNP attestation report into the vTPM > > > NVRAM; see > > > https://github.com/Azure/confidential-computing-cvm-guest-attestation/blob/main/cvm-guest-attestation.md > > > ) > > When using the SVSM TPM protocol it should be proven already that the > > vTPM is part of the SNP trusted base, no? The TPM communication is > > implicitly encrypted by the VMs memory key and the SEV attestation > > report proves that the correct vTPM is executing. > > > What you want to achieve eventually is to take a report from the vTPM and > submit only that to an external authorization entity that looks at it and > says "Yup, you ran in SEV-SNP, I trust your TCB, I trust your TPM > implementation, I also trust your PCR values" and based on that provides > access to whatever resource you want to access. > > To do that, you need to link SEV-SNP and TPM measurements/reports together. > And the easiest way to do that is by providing the SEV-SNP report as part of > the TPM: You can then use the hash of the SEV-SNP report as signing key for > example. Yeh; I think the SVSM TPM protocol has some proof of that as well; the SVSM spec lists 'SVSM_ATTEST_SINGLE_SERVICE Manifest Data' that contains 'TPMT_PUBLIC structure of the endorsement key'. So I *think* that's saying that the SEV attestation report contains something from the EK of the vTPM. > I think the key here is that you need to propagate that link to an external > party, not (only) to the VM. Yeh. Dave > > > Alex > > > > > > Amazon Development Center Germany GmbH > Krausenstr. 38 > 10117 Berlin > Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss > Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B > Sitz: Berlin > Ust-ID: DE 289 237 879 > > -- Dr. David Alan Gilbert / dgilbert@xxxxxxxxxx / Manchester, UK
