On Thu, Nov 18, 2021 at 11:33:58AM +0000, Dov Murik wrote: > The new efi_secret module exposes the confidential computing (coco) > EFI secret area via securityfs interface. > > When the module is loaded (and securityfs is mounted, typically under > /sys/kernel/security), a "coco/efi_secret" directory is created in > securityfs. In it, a file is created for each secret entry. The name > of each such file is the GUID of the secret entry, and its content is > the secret data. > > This allows applications running in a confidential computing setting to > read secrets provided by the guest owner via a secure secret injection > mechanism (such as AMD SEV's LAUNCH_SECRET command). > > Removing (unlinking) files in the "coco/efi_secret" directory will zero > out the secret in memory, and remove the filesystem entry. If the > module is removed and loaded again, that secret will not appear in the > filesystem. > > Signed-off-by: Dov Murik <dovmurik@xxxxxxxxxxxxx> > --- > .../ABI/testing/securityfs-coco-efi_secret | 50 +++ > drivers/virt/Kconfig | 3 + > drivers/virt/Makefile | 1 + > drivers/virt/coco/efi_secret/Kconfig | 11 + > drivers/virt/coco/efi_secret/Makefile | 2 + > drivers/virt/coco/efi_secret/efi_secret.c | 341 ++++++++++++++++++ > 6 files changed, 408 insertions(+) > create mode 100644 Documentation/ABI/testing/securityfs-coco-efi_secret > create mode 100644 drivers/virt/coco/efi_secret/Kconfig > create mode 100644 drivers/virt/coco/efi_secret/Makefile > create mode 100644 drivers/virt/coco/efi_secret/efi_secret.c > > diff --git a/Documentation/ABI/testing/securityfs-coco-efi_secret b/Documentation/ABI/testing/securityfs-coco-efi_secret > new file mode 100644 > index 000000000000..ae56976db1bc > --- /dev/null > +++ b/Documentation/ABI/testing/securityfs-coco-efi_secret > @@ -0,0 +1,50 @@ > +What: security/coco/efi_secret > +Date: October 2021 > +Contact: Dov Murik <dovmurik@xxxxxxxxxxxxx> > +Description: > + Exposes confidential computing (coco) EFI secrets to > + userspace via securityfs. > + > + EFI can declare memory area used by confidential computing > + platforms (such as AMD SEV and SEV-ES) for secret injection by > + the Guest Owner during VM's launch. The secrets are encrypted > + by the Guest Owner and decrypted inside the trusted enclave, > + and therefore are not readable by the untrusted host. > + > + The efi_secret module exposes the secrets to userspace. Each > + secret appears as a file under <securityfs>/coco/efi_secret, > + where the filename is the GUID of the entry in the secrets > + table. > + > + Two operations are supported for the files: read and unlink. > + Reading the file returns the content of secret entry. > + Unlinking the file overwrites the secret data with zeroes and > + removes the entry from the filesystem. A secret cannot be read > + after it has been unlinked. > + > + For example, listing the available secrets:: > + > + # modprobe efi_secret > + # ls -l /sys/kernel/security/coco/efi_secret > + -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b > + -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 > + -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2 > + -r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910 > + > + Reading the secret data by reading a file:: > + > + # cat /sys/kernel/security/coco/efi_secret/e6f5a162-d67f-4750-a67c-5d065f2a9910 > + the-content-of-the-secret-data > + > + Wiping a secret by unlinking a file:: > + > + # rm /sys/kernel/security/coco/efi_secret/e6f5a162-d67f-4750-a67c-5d065f2a9910 > + # ls -l /sys/kernel/security/coco/efi_secret > + -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b > + -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6 > + -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2 > + > + Note: The binary format of the secrets table injected by the > + Guest Owner is described in > + drivers/virt/coco/efi_secret/efi_secret.c under "Structure of > + the EFI secret area". > diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig > index 8061e8ef449f..fe7a6579b974 100644 > --- a/drivers/virt/Kconfig > +++ b/drivers/virt/Kconfig > @@ -36,4 +36,7 @@ source "drivers/virt/vboxguest/Kconfig" > source "drivers/virt/nitro_enclaves/Kconfig" > > source "drivers/virt/acrn/Kconfig" > + > +source "drivers/virt/coco/efi_secret/Kconfig" > + > endif > diff --git a/drivers/virt/Makefile b/drivers/virt/Makefile > index 3e272ea60cd9..efdb015783f9 100644 > --- a/drivers/virt/Makefile > +++ b/drivers/virt/Makefile > @@ -8,3 +8,4 @@ obj-y += vboxguest/ > > obj-$(CONFIG_NITRO_ENCLAVES) += nitro_enclaves/ > obj-$(CONFIG_ACRN_HSM) += acrn/ > +obj-$(CONFIG_EFI_SECRET) += coco/efi_secret/ > diff --git a/drivers/virt/coco/efi_secret/Kconfig b/drivers/virt/coco/efi_secret/Kconfig > new file mode 100644 > index 000000000000..a39a5a90a1e5 > --- /dev/null > +++ b/drivers/virt/coco/efi_secret/Kconfig > @@ -0,0 +1,11 @@ > +# SPDX-License-Identifier: GPL-2.0-only > +config EFI_SECRET > + tristate "EFI secret area securityfs support" > + depends on EFI > + select EFI_COCO_SECRET > + select SECURITYFS > + help > + This is a driver for accessing the EFI secret area via securityfs. > + > + To compile this driver as a module, choose M here. > + The module will be called efi_secret. Shouldn't this module auto-load only if the efi secret area is present? What is going to cause the module to be loaded by a distro if it does not have some sort of way to tell userspace what resources it belongs to? Can you trigger off of a DMI or EFI attribute somehow for this? Otherwise you are going to force distros to modify their init scripts for this functionality, how is that going to happen? thanks, greg k-h