mirror of
https://github.com/projectacrn/acrn-hypervisor.git
synced 2025-06-22 05:30:24 +00:00
Project ACRN hypervisor
c11c07e0fe
KeyLocker is a new security feature available in new Intel CPUs that
protects data-encryption keys for the Advanced Encryption Standard (AES)
algorithm. These keys are more valuable than what they guard. If stolen
once, the key can be repeatedly used even on another system and even
after vulnerability closed.
It also introduces a CPU-internal wrapping key (IWKey), which is a key-
encryption key to wrap AES keys into handles. While the IWKey is
inaccessible to software, randomizing the value during the boot-time
helps its value unpredictable.
Keylocker usage:
- New “ENCODEKEY” instructions take original key input and returns HANDLE
crypted by an internal wrap key (IWKey, init by “LOADIWKEY” instruction)
- Software can then delete the original key from memory
- Early in boot/software, less likely to have vulnerability that allows
stealing original key
- Later encrypt/decrypt can use the HANDLE through new AES KeyLocker
instructions
- Note:
* Software can use original key without knowing it (use HANDLE)
* HANDLE cannot be used on other systems or after warm/cold reset
* IWKey cannot be read from CPU after it's loaded (this is the
nature of this feature) and only 1 copy of IWKey inside CPU.
The virtualization implementation of Key Locker on ACRN is:
- Each vCPU has a 'struct iwkey' to store its IWKey in struct
acrn_vcpu_arch.
- At initilization, every vCPU is created with a random IWKey.
- Hypervisor traps the execution of LOADIWKEY (by 'LOADIWKEY exiting'
VM-exectuion control) of vCPU to capture and save the IWKey if guest
set a new IWKey. Don't support randomization (emulate CPUID to
disable) of the LOADIWKEY as hypervisor cannot capture and save the
random IWKey. From keylocker spec:
"Note that a VMM may wish to enumerate no support for HW random IWKeys
to the guest (i.e. enumerate CPUID.19H:ECX[1] as 0) as such IWKeys
cannot be easily context switched. A guest ENCODEKEY will return the
type of IWKey used (IWKey.KeySource) and thus will notice if a VMM
virtualized a HW random IWKey with a SW specified IWKey."
- In context_switch_in() of each vCPU, hypervisor loads that vCPU's
IWKey into pCPU by LOADIWKEY instruction.
- There is an assumption that ACRN hypervisor will never use the
KeyLocker feature itself.
This patch implements the vCPU's IWKey management and the next patch
implements host context save/restore IWKey logic.
Tracked-On: #5695
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
|
||
|---|---|---|
| .github/ISSUE_TEMPLATE | ||
| devicemodel | ||
| doc | ||
| hypervisor | ||
| misc | ||
| .checkpatch.conf | ||
| .gitignore | ||
| CODEOWNERS | ||
| LICENSE | ||
| Makefile | ||
| paths.make | ||
| README.rst | ||
| VERSION | ||
Project ACRN Embedded Hypervisor ################################ .. raw:: html <img src="doc/images/ACRN_Logo_PrimaryLockup_COLOR-300x300-1.png" height="175px" align="right"> The open source project ACRN defines a device hypervisor reference stack and an architecture for running multiple software subsystems, managed securely, on a consolidated system by means of a virtual machine manager. It also defines a reference framework implementation for virtual device emulation, called the "ACRN Device Model". The ACRN Hypervisor is a Type 1 reference hypervisor stack, running directly on the bare-metal hardware, and is suitable for a variety of IoT and embedded device solutions. The ACRN hypervisor addresses the gap that currently exists between datacenter hypervisors, and hard partitioning hypervisors. The ACRN hypervisor architecture partitions the system into different functional domains, with carefully selected guest OS sharing optimizations for IoT and embedded devices. .. start_include_here Community Support ***************** The Project ACRN Developer Community includes developers from member organizations and the general community all joining in the development of software within the project. Members contribute and discuss ideas, submit bugs and bug fixes. They also help those in need through the community's forums such as mailing lists and IRC channels. Anyone can join the developer community and the community is always willing to help its members and the User Community to get the most out of Project ACRN. Welcome to the project ARCN community! We're now holding weekly Technical Community Meetings and encourage you to call in and learn more about the project. Meeting information is on the `TCM Meeting page`_ in our `ACRN wiki <https://wiki.projectacrn.org/>`_. .. _TCM Meeting page: https://github.com/projectacrn/acrn-hypervisor/wiki/ACRN-Committee-and-Working-Group-Meetings#technical-community-meetings Resources ********* Here's a quick summary of resources to find your way around the Project ACRN support systems: * **Project ACRN Website**: The https://projectacrn.org website is the central source of information about the project. On this site, you'll find background and current information about the project as well as relevant links to project material. For a quick start, refer to the `Introduction`_ and `Getting Started Guide`_. * **Source Code in GitHub**: Project ACRN source code is maintained on a public GitHub repository at https://github.com/projectacrn/acrn-hypervisor. You'll find information about getting access to the repository and how to contribute to the project in this `Contribution Guide`_ document. * **Documentation**: Project technical documentation is developed along with the project's code, and can be found at https://projectacrn.github.io. Additional documentation is maintained in the `Project ACRN GitHub wiki`_. * **Issue Reporting and Tracking**: Requirements and Issue tracking is done in the Github issues system: https://github.com/projectacrn/acrn-hypervisor/issues. You can browse through the reported issues and submit issues of your own. * **Reporting a Potential Security Vulnerability**: If you have discovered potential security vulnerability in ACRN, please send an e-mail to secure@intel.com. For issues related to Intel Products, please visit https://security-center.intel.com. It is important to include the following details: - The projects and versions affected - Detailed description of the vulnerability - Information on known exploits Vulnerability information is extremely sensitive. Please encrypt all security vulnerability reports using our `PGP key`_. A member of the Intel Product Security Team will review your e-mail and contact you to to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see: `vulnerability handling guidelines`_. * **Mailing List**: The `Project ACRN Development mailing list`_ is perhaps the most convenient way to track developer discussions and to ask your own support questions to the project ACRN community. There are also specific `ACRN mailing list subgroups`_ for builds, users, and Technical Steering Committee notes, for example. You can read through the message archives to follow past posts and discussions, a good thing to do to discover more about the project. .. _Introduction: https://projectacrn.github.io/latest/introduction/ .. _Getting Started Guide: https://projectacrn.github.io/latest/getting-started/ .. _Contribution Guide: https://projectacrn.github.io/latest/contribute.html .. _Project ACRN GitHub wiki: https://github.com/projectacrn/acrn-hypervisor/wiki .. _PGP Key: https://www.intel.com/content/www/us/en/security-center/pgp-public-key.html .. _vulnerability handling guidelines: https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html .. _Project ACRN Development mailing list: https://lists.projectacrn.org/g/acrn-dev .. _ACRN mailing list subgroups: https://lists.projectacrn.org/g/main/subgroups