Re: [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 2/2/24 12:24 AM, James Bottomley wrote:

On Sun, 2024-01-28 at 22:25 +0100, Samuel Ortiz wrote:

All architectures supporting RTMRs expose a similar interface to
their TVMs: An extension command/call that takes a measurement value
and an RTMR index to extend it with, and a readback command for
reading an RTMR value back (taking an RTMR index as an argument as
well). This patch series builds an architecture agnostic, configfs-
based ABI for userspace to extend and read RTMR values back. It
extends the current TSM ops structure and each confidential computing
architecture can implement this extension to provide RTMR support.

What's the actual use case for this?  At the moment the TPM PCRs only
provide a read interface to userspace (via /sys/class/tpm/tpmX/pcr-
shaY/Z) and don't have any extension ability becuase nothing in
userspace currently extends them.

The only current runtime use for TPM PCRs is IMA, which is in-kernel
(and which this patch doesn't enable).

Without the ability to log, this interface is unusable anyway, but even
with that it's not clear that you need the ability separately to extend
PCRs because the extension and log entry should be done atomically to
prevent the log going out of sync with the PCRs, so it would seem a log
first interface would be the correct way of doing this rather than a
PCR first one.

James




While we clearly need to cover PCR-like usages, I think Confidential
Computing affords usages that go beyond TPM.

For example, Attested Containers [1] (and similar explorations in CNCF
Confidential Containers [2]) extends the measurement chain into the guest.
There, a trusted agent measures container images, and extends an RTMR
with those measurements. Particularly in the case of containers, the existing 
runtime infrastructure is user mode oriented. However the generalization
here is in providing a mechanism to strongly identify an application or
behavior provided by the TVM.

Less concretely, I think this is an area for developer creativity.
Attestation is one of the main APIs that CC gives application developers and
these runtime extendable fields provide a further degree of creativity.

[1] ACON https://github.com/intel/acon
[2] CoCo https://github.com/confidential-containers/guest-components/commit/3c75201a8ba0327fb41b68b7e1521ff517e3ca9f 

Regards,
Dan
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux