public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: "Gupta, Pankaj" <pankaj.gupta@amd.com>,
	devel@edk2.groups.io, James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Ard Biesheuvel <ardb@kernel.org>,
	"Min M. Xu" <min.m.xu@intel.com>, Andrew Fish <afish@apple.com>,
	"Michael D. Kinney" <michael.d.kinney@intel.com>,
	Oliver Steffen <osteffen@redhat.com>
Subject: Re: [edk2-devel] [PATCH v10 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe
Date: Wed, 15 Feb 2023 10:38:36 +0100	[thread overview]
Message-ID: <20230215093836.blyh5gzyitp2rdxu@sirius.home.kraxel.org> (raw)
In-Reply-To: <CAAH4kHYDo-hQhsK91xoMZqGP9ovTiTtXymXwLG0wnybVaw8mNg@mail.gmail.com>

On Tue, Feb 14, 2023 at 09:28:49AM -0800, Dionna Amalie Glaze wrote:
> >
> > Do you have any pointers on the IVARS service?  Documentation, guest
> > code, host code?
> >
> 
> Agh, I thought for sure there was a public API for VM owners to view
> or change their UEFI variables, but I guess not. It's an
> instance-specific small data store for nonvolatile memory like vTPM
> and UEFI variables. It appears you can only set the variables through
> cloud API at instance creation time. But this is how instances can be
> shut down and brought back up on different machines and/or live
> migrate to other machines and still have access to UEFI variables'
> current values. Host code is all in Google's proprietary VMM,
> Vanadium, but the device backend is really rather simple. The data
> store service though, that's a matter of Cloud Scale Engineering.

The device backend would be a good start (host code being part of the
google vmm is expected ...).

> > Background:  When moving to a SVSM-based setup where the svsm (with
> > vtpm emulation) runs in vmpl0 and the edk2 firmware in vmpl1 we might
> > likewise add a efi variable service to the svsm.
> 
> I thought EFI variables in Qemu were loaded and measured at launch
> (OVMF_VARS.fd).

Yes, that is the current state of affairs.  Variables are fixed and are
measured (launch measurement for SEV, runtime measurement for TDX).  The
variable store lives in RAM and all changes are gone when the guest is
stopped.  So we don't really have persistent EFI variables.

For persistent EFI variables we need to have the variables stored in
some secure place, so the OS can't change -- for example -- secure boot
configuration as it pleases.  In traditional VMs that happens to be SMM
mode.  For SEV-SNP the SVSM could handle this, and we need some protocol
used by SVSM efi variable service and ovmf to talk to each other.  Here
the protocol used by google vmm could eventually be reused.

And possibly the very same protocol could be used to simply run the efi
variable service on the host (for traditional VMs) and ditch SMM mode
then.

> Or is it specifically going to be an SVSM service that attests itself
> with current stored variables, or at least variables that are
> considered important enough to measure?

The variables considered important for secure boot (db etc.) are
measured (by edk2) anyway.

> In any case, persistence in The Cloud (TM) remains a challenge in the
> CC space.

Indeed.  One idea is to hand out some (virtual) flash to the SVSM for
persistent data.  Which would need to be encrypted, and we need to
manage the keys for that.  Not fully sure where we stand here, it's not
my main focus.

take care,
  Gerd


  parent reply	other threads:[~2023-02-15  9:38 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-26  0:56 [PATCH v10 0/4] Add safe unaccepted memory behavior Dionna Glaze
2023-01-26  0:56 ` [PATCH v10 1/4] OvmfPkg: Add memory acceptance event in AmdSevDxe Dionna Glaze
2023-01-26 10:30   ` Ard Biesheuvel
2023-01-26 16:04     ` Dionna Glaze
2023-02-09 13:35   ` [edk2-devel] " Gupta, Pankaj
2023-02-09 16:52     ` Dionna Glaze
2023-02-09 21:27       ` Dionna Glaze
2023-02-10  8:00         ` Gupta, Pankaj
2023-02-10 11:12           ` Ard Biesheuvel
2023-02-10 11:34             ` Gupta, Pankaj
2023-02-10 13:56         ` Gupta, Pankaj
2023-02-10 17:05           ` Dionna Glaze
2023-02-13 14:38             ` Gupta, Pankaj
2023-02-13 16:53               ` Dionna Glaze
2023-02-13 17:56                 ` Gupta, Pankaj
2023-02-13 18:31                   ` Dionna Glaze
2023-02-13 19:33                     ` Lendacky, Thomas
2023-02-13 19:33                     ` Gupta, Pankaj
2023-02-13 21:44                       ` Dionna Glaze
2023-02-14 12:51                         ` Gupta, Pankaj
2023-02-14 12:55                           ` Gupta, Pankaj
2023-02-14 20:44                             ` Dionna Glaze
2023-02-14 20:46                               ` Gupta, Pankaj
     [not found]                           ` <1743B21FF9509E5F.2641@groups.io>
2023-02-14 14:00                             ` Gupta, Pankaj
2023-02-14  9:12                 ` Gerd Hoffmann
2023-02-14 17:28                   ` Dionna Glaze
2023-02-14 22:44                     ` Lendacky, Thomas
2023-02-15  9:38                     ` Gerd Hoffmann [this message]
2023-01-26  0:56 ` [PATCH v10 2/4] MdePkg: Introduce the SevMemoryAcceptance protocol Dionna Glaze
2023-01-26  1:24   ` Yao, Jiewen
2023-01-26 17:04     ` Dionna Glaze
2023-01-26 17:19       ` Ard Biesheuvel
2023-01-26  0:56 ` [PATCH v10 3/4] OvmfPkg: Implement AcceptAllUnacceptedMemory in AmdSevDxe Dionna Glaze
2023-01-26  0:56 ` [PATCH v10 4/4] OvmfPkg/PlatformPei: SEV-SNP make >=4GB unaccepted Dionna Glaze

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230215093836.blyh5gzyitp2rdxu@sirius.home.kraxel.org \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox