On 18/12/2024 15:22, Michael Roth wrote:
For SEV-SNP, the host can optionally provide a certificate table to the guest when it issues an attestation request to firmware (see GHCB 2.0 specification regarding "SNP Extended Guest Requests"). This certificate table can then be used to verify the endorsement key used by firmware to sign the attestation report. While it is possible for guests to obtain the certificates through other means, handling it via the host provides more flexibility in being able to keep the certificate data in sync with the endorsement key throughout host-side operations that might resulting in the endorsement key changing. In the case of KVM, userspace will be responsible for fetching the certificate table and keeping it in sync with any modifications to the endorsement key by other userspace management tools. Define a new KVM_EXIT_SNP_REQ_CERTS event where userspace is provided with the GPA of the buffer the guest has provided as part of the attestation request so that userspace can write the certificate data into it while relying on filesystem-based locking to keep the certificates up-to-date relative to the endorsement keys installed/utilized by firmware at the time the certificates are fetched. Also introduce a KVM_CAP_EXIT_SNP_REQ_CERTS capability to enable/disable the exit for cases where userspace does not support certificate-fetching, in which case KVM will fall back to returning an empty certificate table if the guest provides a buffer for it. Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
Reviewed-by: Liam Merwick <liam.merwick@xxxxxxxxxx> Tested-by: Liam Merwick <liam.merwick@xxxxxxxxxx>
--- Documentation/virt/kvm/api.rst | 93 +++++++++++++++++++++++++++++++++ arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm/sev.c | 43 ++++++++++++--- arch/x86/kvm/x86.c | 11 ++++ include/uapi/linux/kvm.h | 10 ++++ include/uapi/linux/sev-guest.h | 8 +++ 6 files changed, 160 insertions(+), 6 deletions(-)
