From 4eb88d6a74d22eccd328473fa150c852d248f3e2 Mon Sep 17 00:00:00 2001 From: Jim Cadden Date: Tue, 15 Nov 2022 17:22:30 -0500 Subject: [PATCH 1/2] runtime: Add online-kbs to kernel params In online-kbs attestation the guest is given the location of the keybroker server to connect after launch. This patch appends the IP:Port of the online-kbs to the kernel params of the guest. Patch also simplifies the kbs config into "mode" = offline/online, and updates SEV config variable names and default values Fixes: #5661 #5715 Signed-off-by: Jim Cadden --- src/runtime/Makefile | 10 +- .../config/configuration-qemu-sev.toml.in | 21 +- src/runtime/config/configuration-qemu.toml.in | 23 +- .../pkg/katautils/config-settings.go.in | 5 +- src/runtime/pkg/katautils/config.go | 267 +++++++++--------- src/runtime/pkg/sev/kbs/kbs.go | 33 +++ src/runtime/pkg/sev/sev.go | 14 - src/runtime/virtcontainers/hypervisor.go | 5 +- src/runtime/virtcontainers/qemu.go | 44 ++- src/runtime/virtcontainers/qemu_amd64.go | 11 +- src/runtime/virtcontainers/qemu_arch_base.go | 14 +- 11 files changed, 235 insertions(+), 212 deletions(-) create mode 100644 src/runtime/pkg/sev/kbs/kbs.go diff --git a/src/runtime/Makefile b/src/runtime/Makefile index e1dc7519e8..6c8c723ce3 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -258,14 +258,13 @@ DEFBINDMOUNTS := [] # Image Service Offload DEFSERVICEOFFLOAD ?= false -# SEV Guest Pre-Attestation +# SEV & SEV-ES Guest Pre-Attestation DEFGUESTPREATTESTATION ?= false DEFGUESTPREATTESTATIONPROXY ?= localhost:44444 +DEFGUESTPREATTESTATIONMODE ?= online DEFGUESTPREATTESTATIONKEYSET ?= KEYSET-1 -DEFGUESTPREATTESTATIONSECRETGUID ?= 1ee27366-0c87-43a6-af48-28543eaf7cb0 -DEFGUESTPREATTESTATIONSECRETTYPE ?= connection DEFSEVCERTCHAIN ?= /opt/sev/cert_chain.cert -DEFSEVGUESTPOLICY ?= 0 +DEFSEVGUESTPOLICY ?= 3 SED = sed @@ -614,9 +613,8 @@ USER_VARS += BUILDFLAGS USER_VARS += DEFSERVICEOFFLOAD USER_VARS += DEFGUESTPREATTESTATION USER_VARS += DEFGUESTPREATTESTATIONPROXY +USER_VARS += DEFGUESTPREATTESTATIONMODE USER_VARS += DEFGUESTPREATTESTATIONKEYSET -USER_VARS += DEFGUESTPREATTESTATIONSECRETGUID -USER_VARS += DEFGUESTPREATTESTATIONSECRETTYPE USER_VARS += DEFSEVCERTCHAIN USER_VARS += DEFSEVGUESTPOLICY diff --git a/src/runtime/config/configuration-qemu-sev.toml.in b/src/runtime/config/configuration-qemu-sev.toml.in index 728238af2e..c7e735165e 100644 --- a/src/runtime/config/configuration-qemu-sev.toml.in +++ b/src/runtime/config/configuration-qemu-sev.toml.in @@ -32,24 +32,21 @@ machine_type = "@MACHINETYPE@" # Default false confidential_guest = true -# Enable pre-attestation AMD SEV and SEV-ES confidential guests. +# Enable pre-attestation for AMD SEV and SEV-ES guests. # Applies only if confidential_guest is true. # (default: false) guest_pre_attestation = true -# Guest owner proxy that handles remote attestation -guest_pre_attestation_proxy = "@DEFGUESTPREATTESTATIONPROXY@" - -# Keyset ID for injected secrets -guest_pre_attestation_keyset = "@DEFGUESTPREATTESTATIONKEYSET@" - -# GUID of injected secret -# Key Broker Server for SEV(-ES) expects secrets with this guid +# A remote key broker server (KBS) is required to validate the attestation +# measurement and inject a secret key. # See https://github.com/confidential-containers/simple-kbs -guest_pre_attestation_secret_guid = "@DEFGUESTPREATTESTATIONSECRETGUID@" +guest_pre_attestation_kbs_uri = "@DEFGUESTPREATTESTATIONPROXY@" -# Type of injected secret -guest_pre_attestation_secret_type = "@DEFGUESTPREATTESTATIONSECRETTYPE@" +# The simple-kbs can be run in "online" and "offline" modes +guest_pre_attestation_kbs_mode="@DEFGUESTPREATTESTATIONMODE@" + +# Keyset ID for injected secrets (offline kbs) +guest_pre_attestation_keyset = "@DEFGUESTPREATTESTATIONKEYSET@" # SEV guest policy sev_guest_policy = @DEFSEVGUESTPOLICY@ diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in index f94cf89b51..030b200fd1 100644 --- a/src/runtime/config/configuration-qemu.toml.in +++ b/src/runtime/config/configuration-qemu.toml.in @@ -40,27 +40,24 @@ rootfs_type=@DEFROOTFSTYPE@ # Default false # confidential_guest = true -# Enable pre-attestation AMD SEV and SEV-ES confidential guests. +# Enable pre-attestation for AMD SEV and SEV-ES guests. # Applies only if confidential_guest is true. # (default: false) #guest_pre_attestation = true # -# Guest owner proxy that handles remote attestation -#guest_pre_attestation_proxy="localhost:50051" -# -# Keyset ID for injected secrets -#guest_pre_attestation_keyset="KEYSET-1" -# -# GUID of injected secret -# Key Broker Server for SEV(-ES) expects secrets with this guid +# A remote key broker server (KBS) is required to validate the attestation +# measurement and inject a secret key. # See https://github.com/confidential-containers/simple-kbs -#guest_pre_attestation_secret_guid = "@DEFGUESTPREATTESTATIONSECRETGUID@" +#guest_pre_attestation_kbs_uri = "@DEFGUESTPREATTESTATIONPROXY@" # -# Type of injected secret -#guest_pre_attestation_secret_type = "@DEFGUESTPREATTESTATIONSECRETTYPE@" +# The simple-kbs can be run in "online" and "offline" modes +#guest_pre_attestation_kbs_mode="@DEFGUESTPREATTESTATIONMODE@" +# +# Keyset ID of the injected secret (offline kbs) +#guest_pre_attestation_keyset = "@DEFGUESTPREATTESTATIONKEYSET@" # # SEV guest policy -#sev_guest_policy=0 +#sev_guest_policy = @DEFSEVGUESTPOLICY@ # SEV certificate chain path #sev_cert_chain="@DEFSEVCERTCHAIN@" diff --git a/src/runtime/pkg/katautils/config-settings.go.in b/src/runtime/pkg/katautils/config-settings.go.in index 9dd1387787..4ec977ae5a 100644 --- a/src/runtime/pkg/katautils/config-settings.go.in +++ b/src/runtime/pkg/katautils/config-settings.go.in @@ -96,10 +96,9 @@ const defaultDisableGuestSeLinux = true const defaultVfioMode = "guest-kernel" const defaultLegacySerial = false const defaultGuestPreAttestation = false -const defaultGuestPreAttestationProxy string = "" +const defaultGuestPreAttestationURI string = "" +const defaultGuestPreAttestationMode string = "" const defaultGuestPreAttestationKeyset string = "" -const defaultGuestPreAttestationSecretGuid string = "" -const defaultGuestPreAttestationSecretType string = "" const defaultSEVCertChainPath string = "" const defaultSEVGuestPolicy uint32 = 0 const defaultSNPGuestPolicy uint64 = 0x30000 diff --git a/src/runtime/pkg/katautils/config.go b/src/runtime/pkg/katautils/config.go index 51bf23a294..247093e78b 100644 --- a/src/runtime/pkg/katautils/config.go +++ b/src/runtime/pkg/katautils/config.go @@ -101,10 +101,9 @@ type hypervisor struct { GuestHookPath string `toml:"guest_hook_path"` GuestMemoryDumpPath string `toml:"guest_memory_dump_path"` SeccompSandbox string `toml:"seccompsandbox"` - GuestPreAttestationProxy string `toml:"guest_pre_attestation_proxy"` + GuestPreAttestationURI string `toml:"guest_pre_attestation_kbs_uri"` + GuestPreAttestationMode string `toml:"guest_pre_attestation_kbs_mode"` GuestPreAttestationKeyset string `toml:"guest_pre_attestation_keyset"` - GuestPreAttestationSecretGuid string `toml:"guest_pre_attestation_secret_guid"` - GuestPreAttestationSecretType string `toml:"guest_pre_attestation_secret_type"` SEVCertChainPath string `toml:"sev_cert_chain"` BlockDeviceAIO string `toml:"block_device_aio"` RemoteHypervisorSocket string `toml:"remote_hypervisor_socket"` @@ -815,81 +814,80 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) { txRateLimiterMaxRate := h.getTxRateLimiterCfg() return vc.HypervisorConfig{ - HypervisorPath: hypervisor, - HypervisorPathList: h.HypervisorPathList, - KernelPath: kernel, - InitrdPath: initrd, - ImagePath: image, - FirmwarePath: firmware, - FirmwareVolumePath: firmwareVolume, - PFlash: pflashes, - MachineAccelerators: machineAccelerators, - CPUFeatures: cpuFeatures, - KernelParams: vc.DeserializeParams(strings.Fields(kernelParams)), - HypervisorMachineType: machineType, - NumVCPUs: h.defaultVCPUs(), - DefaultMaxVCPUs: h.defaultMaxVCPUs(), - MemorySize: h.defaultMemSz(), - MemSlots: h.defaultMemSlots(), - MemOffset: h.defaultMemOffset(), - DefaultMaxMemorySize: h.defaultMaxMemSz(), - VirtioMem: h.VirtioMem, - EntropySource: h.GetEntropySource(), - EntropySourceList: h.EntropySourceList, - DefaultBridges: h.defaultBridges(), - DisableBlockDeviceUse: h.DisableBlockDeviceUse, - SharedFS: sharedFS, - VirtioFSDaemon: h.VirtioFSDaemon, - VirtioFSDaemonList: h.VirtioFSDaemonList, - VirtioFSCacheSize: h.VirtioFSCacheSize, - VirtioFSCache: h.defaultVirtioFSCache(), - VirtioFSQueueSize: h.VirtioFSQueueSize, - VirtioFSExtraArgs: h.VirtioFSExtraArgs, - MemPrealloc: h.MemPrealloc, - HugePages: h.HugePages, - IOMMU: h.IOMMU, - IOMMUPlatform: h.getIOMMUPlatform(), - FileBackedMemRootDir: h.FileBackedMemRootDir, - FileBackedMemRootList: h.FileBackedMemRootList, - Debug: h.Debug, - DisableNestingChecks: h.DisableNestingChecks, - BlockDeviceDriver: blockDriver, - BlockDeviceAIO: blockAIO, - BlockDeviceCacheSet: h.BlockDeviceCacheSet, - BlockDeviceCacheDirect: h.BlockDeviceCacheDirect, - BlockDeviceCacheNoflush: h.BlockDeviceCacheNoflush, - EnableIOThreads: h.EnableIOThreads, - Msize9p: h.msize9p(), - DisableImageNvdimm: h.DisableImageNvdimm, - HotplugVFIOOnRootBus: h.HotplugVFIOOnRootBus, - PCIeRootPort: h.PCIeRootPort, - DisableVhostNet: h.DisableVhostNet, - EnableVhostUserStore: h.EnableVhostUserStore, - VhostUserStorePath: h.vhostUserStorePath(), - VhostUserStorePathList: h.VhostUserStorePathList, - SeccompSandbox: h.SeccompSandbox, - GuestHookPath: h.guestHookPath(), - RxRateLimiterMaxRate: rxRateLimiterMaxRate, - TxRateLimiterMaxRate: txRateLimiterMaxRate, - EnableAnnotations: h.EnableAnnotations, - GuestMemoryDumpPath: h.GuestMemoryDumpPath, - GuestMemoryDumpPaging: h.GuestMemoryDumpPaging, - ConfidentialGuest: h.ConfidentialGuest, - SevSnpGuest: h.SevSnpGuest, - GuestSwap: h.GuestSwap, - Rootless: h.Rootless, - LegacySerial: h.LegacySerial, - DisableSeLinux: h.DisableSeLinux, - GuestPreAttestation: h.GuestPreAttestation, - GuestPreAttestationProxy: h.GuestPreAttestationProxy, - GuestPreAttestationKeyset: h.GuestPreAttestationKeyset, - GuestPreAttestationSecretGuid: h.GuestPreAttestationSecretGuid, - GuestPreAttestationSecretType: h.GuestPreAttestationSecretType, - SEVGuestPolicy: h.SEVGuestPolicy, - SNPGuestPolicy: h.getSnpGuestPolicy(), - SEVCertChainPath: h.SEVCertChainPath, - DisableGuestSeLinux: h.DisableGuestSeLinux, - RootfsType: rootfsType, + HypervisorPath: hypervisor, + HypervisorPathList: h.HypervisorPathList, + KernelPath: kernel, + InitrdPath: initrd, + ImagePath: image, + FirmwarePath: firmware, + FirmwareVolumePath: firmwareVolume, + PFlash: pflashes, + MachineAccelerators: machineAccelerators, + CPUFeatures: cpuFeatures, + KernelParams: vc.DeserializeParams(strings.Fields(kernelParams)), + HypervisorMachineType: machineType, + NumVCPUs: h.defaultVCPUs(), + DefaultMaxVCPUs: h.defaultMaxVCPUs(), + MemorySize: h.defaultMemSz(), + MemSlots: h.defaultMemSlots(), + MemOffset: h.defaultMemOffset(), + DefaultMaxMemorySize: h.defaultMaxMemSz(), + VirtioMem: h.VirtioMem, + EntropySource: h.GetEntropySource(), + EntropySourceList: h.EntropySourceList, + DefaultBridges: h.defaultBridges(), + DisableBlockDeviceUse: h.DisableBlockDeviceUse, + SharedFS: sharedFS, + VirtioFSDaemon: h.VirtioFSDaemon, + VirtioFSDaemonList: h.VirtioFSDaemonList, + VirtioFSCacheSize: h.VirtioFSCacheSize, + VirtioFSCache: h.defaultVirtioFSCache(), + VirtioFSQueueSize: h.VirtioFSQueueSize, + VirtioFSExtraArgs: h.VirtioFSExtraArgs, + MemPrealloc: h.MemPrealloc, + HugePages: h.HugePages, + IOMMU: h.IOMMU, + IOMMUPlatform: h.getIOMMUPlatform(), + FileBackedMemRootDir: h.FileBackedMemRootDir, + FileBackedMemRootList: h.FileBackedMemRootList, + Debug: h.Debug, + DisableNestingChecks: h.DisableNestingChecks, + BlockDeviceDriver: blockDriver, + BlockDeviceAIO: blockAIO, + BlockDeviceCacheSet: h.BlockDeviceCacheSet, + BlockDeviceCacheDirect: h.BlockDeviceCacheDirect, + BlockDeviceCacheNoflush: h.BlockDeviceCacheNoflush, + EnableIOThreads: h.EnableIOThreads, + Msize9p: h.msize9p(), + DisableImageNvdimm: h.DisableImageNvdimm, + HotplugVFIOOnRootBus: h.HotplugVFIOOnRootBus, + PCIeRootPort: h.PCIeRootPort, + DisableVhostNet: h.DisableVhostNet, + EnableVhostUserStore: h.EnableVhostUserStore, + VhostUserStorePath: h.vhostUserStorePath(), + VhostUserStorePathList: h.VhostUserStorePathList, + SeccompSandbox: h.SeccompSandbox, + GuestHookPath: h.guestHookPath(), + RxRateLimiterMaxRate: rxRateLimiterMaxRate, + TxRateLimiterMaxRate: txRateLimiterMaxRate, + EnableAnnotations: h.EnableAnnotations, + GuestMemoryDumpPath: h.GuestMemoryDumpPath, + GuestMemoryDumpPaging: h.GuestMemoryDumpPaging, + ConfidentialGuest: h.ConfidentialGuest, + SevSnpGuest: h.SevSnpGuest, + GuestSwap: h.GuestSwap, + Rootless: h.Rootless, + LegacySerial: h.LegacySerial, + DisableSeLinux: h.DisableSeLinux, + GuestPreAttestation: h.GuestPreAttestation, + GuestPreAttestationURI: h.GuestPreAttestationURI, + GuestPreAttestationMode: h.GuestPreAttestationMode, + GuestPreAttestationKeyset: h.GuestPreAttestationKeyset, + SEVGuestPolicy: h.SEVGuestPolicy, + SNPGuestPolicy: h.getSnpGuestPolicy(), + SEVCertChainPath: h.SEVCertChainPath, + DisableGuestSeLinux: h.DisableGuestSeLinux, + RootfsType: rootfsType, }, nil } @@ -1276,63 +1274,62 @@ func updateRuntimeConfig(configPath string, tomlConf tomlConfig, config *oci.Run func GetDefaultHypervisorConfig() vc.HypervisorConfig { return vc.HypervisorConfig{ - HypervisorPath: defaultHypervisorPath, - JailerPath: defaultJailerPath, - KernelPath: defaultKernelPath, - ImagePath: defaultImagePath, - InitrdPath: defaultInitrdPath, - FirmwarePath: defaultFirmwarePath, - FirmwareVolumePath: defaultFirmwareVolumePath, - MachineAccelerators: defaultMachineAccelerators, - CPUFeatures: defaultCPUFeatures, - HypervisorMachineType: defaultMachineType, - NumVCPUs: defaultVCPUCount, - DefaultMaxVCPUs: defaultMaxVCPUCount, - MemorySize: defaultMemSize, - MemOffset: defaultMemOffset, - VirtioMem: defaultVirtioMem, - DisableBlockDeviceUse: defaultDisableBlockDeviceUse, - DefaultBridges: defaultBridgesCount, - MemPrealloc: defaultEnableMemPrealloc, - HugePages: defaultEnableHugePages, - IOMMU: defaultEnableIOMMU, - IOMMUPlatform: defaultEnableIOMMUPlatform, - FileBackedMemRootDir: defaultFileBackedMemRootDir, - Debug: defaultEnableDebug, - DisableNestingChecks: defaultDisableNestingChecks, - BlockDeviceDriver: defaultBlockDeviceDriver, - BlockDeviceAIO: defaultBlockDeviceAIO, - BlockDeviceCacheSet: defaultBlockDeviceCacheSet, - BlockDeviceCacheDirect: defaultBlockDeviceCacheDirect, - BlockDeviceCacheNoflush: defaultBlockDeviceCacheNoflush, - EnableIOThreads: defaultEnableIOThreads, - Msize9p: defaultMsize9p, - HotplugVFIOOnRootBus: defaultHotplugVFIOOnRootBus, - PCIeRootPort: defaultPCIeRootPort, - GuestHookPath: defaultGuestHookPath, - VhostUserStorePath: defaultVhostUserStorePath, - VirtioFSCache: defaultVirtioFSCacheMode, - DisableImageNvdimm: defaultDisableImageNvdimm, - RxRateLimiterMaxRate: defaultRxRateLimiterMaxRate, - TxRateLimiterMaxRate: defaultTxRateLimiterMaxRate, - SGXEPCSize: defaultSGXEPCSize, - ConfidentialGuest: defaultConfidentialGuest, - SevSnpGuest: defaultSevSnpGuest, - GuestSwap: defaultGuestSwap, - Rootless: defaultRootlessHypervisor, - DisableSeccomp: defaultDisableSeccomp, - DisableGuestSeLinux: defaultDisableGuestSeLinux, - LegacySerial: defaultLegacySerial, - GuestPreAttestation: defaultGuestPreAttestation, - GuestPreAttestationProxy: defaultGuestPreAttestationProxy, - GuestPreAttestationKeyset: defaultGuestPreAttestationKeyset, - GuestPreAttestationSecretGuid: defaultGuestPreAttestationSecretGuid, - GuestPreAttestationSecretType: defaultGuestPreAttestationSecretType, - SEVGuestPolicy: defaultSEVGuestPolicy, - SNPGuestPolicy: defaultSNPGuestPolicy, - SEVCertChainPath: defaultSEVCertChainPath, - VhostUserDeviceReconnect: defaultVhostUserDeviceReconnect, - RootfsType: defaultRootfsType, + HypervisorPath: defaultHypervisorPath, + JailerPath: defaultJailerPath, + KernelPath: defaultKernelPath, + ImagePath: defaultImagePath, + InitrdPath: defaultInitrdPath, + FirmwarePath: defaultFirmwarePath, + FirmwareVolumePath: defaultFirmwareVolumePath, + MachineAccelerators: defaultMachineAccelerators, + CPUFeatures: defaultCPUFeatures, + HypervisorMachineType: defaultMachineType, + NumVCPUs: defaultVCPUCount, + DefaultMaxVCPUs: defaultMaxVCPUCount, + MemorySize: defaultMemSize, + MemOffset: defaultMemOffset, + VirtioMem: defaultVirtioMem, + DisableBlockDeviceUse: defaultDisableBlockDeviceUse, + DefaultBridges: defaultBridgesCount, + MemPrealloc: defaultEnableMemPrealloc, + HugePages: defaultEnableHugePages, + IOMMU: defaultEnableIOMMU, + IOMMUPlatform: defaultEnableIOMMUPlatform, + FileBackedMemRootDir: defaultFileBackedMemRootDir, + Debug: defaultEnableDebug, + DisableNestingChecks: defaultDisableNestingChecks, + BlockDeviceDriver: defaultBlockDeviceDriver, + BlockDeviceAIO: defaultBlockDeviceAIO, + BlockDeviceCacheSet: defaultBlockDeviceCacheSet, + BlockDeviceCacheDirect: defaultBlockDeviceCacheDirect, + BlockDeviceCacheNoflush: defaultBlockDeviceCacheNoflush, + EnableIOThreads: defaultEnableIOThreads, + Msize9p: defaultMsize9p, + HotplugVFIOOnRootBus: defaultHotplugVFIOOnRootBus, + PCIeRootPort: defaultPCIeRootPort, + GuestHookPath: defaultGuestHookPath, + VhostUserStorePath: defaultVhostUserStorePath, + VirtioFSCache: defaultVirtioFSCacheMode, + DisableImageNvdimm: defaultDisableImageNvdimm, + RxRateLimiterMaxRate: defaultRxRateLimiterMaxRate, + TxRateLimiterMaxRate: defaultTxRateLimiterMaxRate, + SGXEPCSize: defaultSGXEPCSize, + ConfidentialGuest: defaultConfidentialGuest, + SevSnpGuest: defaultSevSnpGuest, + GuestSwap: defaultGuestSwap, + Rootless: defaultRootlessHypervisor, + DisableSeccomp: defaultDisableSeccomp, + DisableGuestSeLinux: defaultDisableGuestSeLinux, + LegacySerial: defaultLegacySerial, + GuestPreAttestation: defaultGuestPreAttestation, + GuestPreAttestationURI: defaultGuestPreAttestationURI, + GuestPreAttestationMode: defaultGuestPreAttestationMode, + GuestPreAttestationKeyset: defaultGuestPreAttestationKeyset, + SEVGuestPolicy: defaultSEVGuestPolicy, + SNPGuestPolicy: defaultSNPGuestPolicy, + SEVCertChainPath: defaultSEVCertChainPath, + VhostUserDeviceReconnect: defaultVhostUserDeviceReconnect, + RootfsType: defaultRootfsType, } } diff --git a/src/runtime/pkg/sev/kbs/kbs.go b/src/runtime/pkg/sev/kbs/kbs.go new file mode 100644 index 0000000000..3c7e20134a --- /dev/null +++ b/src/runtime/pkg/sev/kbs/kbs.go @@ -0,0 +1,33 @@ +// Copyright contributors to AMD SEV/-ES in Go +// +// SPDX-License-Identifier: Apache-2.0 +// + +// Package kbs can be used interact with simple-kbs, the key broker +// server for SEV and SEV-ES pre-attestation + +package kbs + +const ( + Offline = "offline" + OfflineSecretType = "bundle" + OfflineSecretGuid = "e6f5a162-d67f-4750-a67c-5d065f2a9910" + Online = "online" + OnlineBootParam = "online_sev_kbc" + OnlineSecretType = "connection" + OnlineSecretGuid = "1ee27366-0c87-43a6-af48-28543eaf7cb0" +) + +type GuestPreAttestationConfig struct { + Proxy string + Keyset string + LaunchId string + KernelPath string + InitrdPath string + FwPath string + KernelParameters string + CertChainPath string + SecretType string + SecretGuid string + Policy uint32 +} diff --git a/src/runtime/pkg/sev/sev.go b/src/runtime/pkg/sev/sev.go index 22a1e9e1f9..bdf73cf603 100644 --- a/src/runtime/pkg/sev/sev.go +++ b/src/runtime/pkg/sev/sev.go @@ -15,20 +15,6 @@ import ( "os" ) -type GuestPreAttestationConfig struct { - Proxy string - Keyset string - LaunchId string - KernelPath string - InitrdPath string - FwPath string - KernelParameters string - CertChainPath string - KeyBrokerSecretType string - KeyBrokerSecretGuid string - Policy uint32 -} - type guidLE [16]byte // The following definitions must be identical to those in QEMU target/i386/sev.c diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go index d0ecb12599..e6055e352c 100644 --- a/src/runtime/virtcontainers/hypervisor.go +++ b/src/runtime/virtcontainers/hypervisor.go @@ -326,7 +326,8 @@ type HypervisorConfig struct { GuestPreAttestationKeyset string BlockDeviceDriver string HypervisorMachineType string - GuestPreAttestationProxy string + GuestPreAttestationURI string + GuestPreAttestationMode string DevicesStatePath string EntropySource string SharedFS string @@ -343,8 +344,6 @@ type HypervisorConfig struct { SELinuxProcessLabel string JailerPath string MemoryPath string - GuestPreAttestationSecretGuid string - GuestPreAttestationSecretType string SEVCertChainPath string BlockDeviceAIO string User string diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go index 9b4260e860..bc4e2085c5 100644 --- a/src/runtime/virtcontainers/qemu.go +++ b/src/runtime/virtcontainers/qemu.go @@ -41,7 +41,7 @@ import ( "github.com/kata-containers/kata-containers/src/runtime/pkg/device/drivers" hv "github.com/kata-containers/kata-containers/src/runtime/pkg/hypervisors" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace" - "github.com/kata-containers/kata-containers/src/runtime/pkg/sev" + "github.com/kata-containers/kata-containers/src/runtime/pkg/sev/kbs" pkgUtils "github.com/kata-containers/kata-containers/src/runtime/pkg/utils" "github.com/kata-containers/kata-containers/src/runtime/pkg/uuid" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" @@ -184,6 +184,13 @@ func (q *qemu) kernelParameters() string { params = append(params, Param{"selinux", "1"}) } + // set the location of the online-kbs for SEV(-ES) guest attestation + if q.arch.guestProtection() == sevProtection && + q.config.GuestPreAttestation && + q.config.GuestPreAttestationMode == kbs.Online { + params = append(params, Param{"agent.aa_kbc_params", kbs.OnlineBootParam + "::" + q.config.GuestPreAttestationURI}) + } + // add the params specified by the provided config. As the kernel // honours the last parameter value set and since the config-provided // params are added here, they will take priority over the defaults. @@ -667,8 +674,8 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi PidFile: filepath.Join(q.config.VMStorePath, q.id, "pid"), } if q.arch.guestProtection() == sevProtection { - sevConfig := sev.GuestPreAttestationConfig{ - Proxy: q.config.GuestPreAttestationProxy, + sevConfig := kbs.GuestPreAttestationConfig{ + Proxy: q.config.GuestPreAttestationURI, Policy: q.config.SEVGuestPolicy, CertChainPath: q.config.SEVCertChainPath, } @@ -883,18 +890,27 @@ func (q *qemu) AttestVM(ctx context.Context) error { // Guest must be paused so that secrets can be injected. // Guest will be continued by the Attestation function - sevConfig := sev.GuestPreAttestationConfig{ - Proxy: q.config.GuestPreAttestationProxy, - Policy: q.config.SEVGuestPolicy, - Keyset: q.config.GuestPreAttestationKeyset, - KeyBrokerSecretGuid: q.config.GuestPreAttestationSecretGuid, - KeyBrokerSecretType: q.config.GuestPreAttestationSecretType, - LaunchId: launchId, - KernelPath: kernelPath, - InitrdPath: initrdPath, - FwPath: firmwarePath, - KernelParameters: kernelParameters, + sevConfig := kbs.GuestPreAttestationConfig{ + Proxy: q.config.GuestPreAttestationURI, + Policy: q.config.SEVGuestPolicy, + Keyset: q.config.GuestPreAttestationKeyset, + LaunchId: launchId, + KernelPath: kernelPath, + InitrdPath: initrdPath, + FwPath: firmwarePath, + KernelParameters: kernelParameters, } + + if q.config.GuestPreAttestationMode == kbs.Online { + sevConfig.SecretGuid = kbs.OnlineSecretGuid + sevConfig.SecretType = kbs.OnlineSecretType + } else if q.config.GuestPreAttestationMode == kbs.Offline { + sevConfig.SecretGuid = kbs.OfflineSecretGuid + sevConfig.SecretType = kbs.OfflineSecretType + } else { + return fmt.Errorf("Unsupported pre-attestation mode: %s", q.config.GuestPreAttestationMode) + } + if err := q.arch.sevGuestPreAttestation( q.qmpMonitorCh.ctx, q.qmpMonitorCh.qmp, diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index 26cea1f88c..bb332d5e9c 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -18,6 +18,7 @@ import ( "time" "github.com/kata-containers/kata-containers/src/runtime/pkg/sev" + sevKbs "github.com/kata-containers/kata-containers/src/runtime/pkg/sev/kbs" pb "github.com/kata-containers/kata-containers/src/runtime/protocols/simple-kbs" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" "github.com/sirupsen/logrus" @@ -330,7 +331,7 @@ func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware, } // Add the SEV Object qemu parameters for sev guest protection -func (q *qemuAmd64) appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sev.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) { +func (q *qemuAmd64) appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sevKbs.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) { attestationDataPath := filepath.Join(os.TempDir(), sevAttestationTempDir, config.LaunchId) sevGodhPath := filepath.Join(attestationDataPath, sevAttestationGodhName) sevSessionFilePath := filepath.Join(attestationDataPath, sevAttestationSessionFileName) @@ -367,7 +368,7 @@ func (q *qemuAmd64) appendSEVObject(devices []govmmQemu.Device, firmware, firmwa } // setup prelaunch attestation for AMD SEV guests -func (q *qemuAmd64) setupSEVGuestPreAttestation(ctx context.Context, config sev.GuestPreAttestationConfig) (string, error) { +func (q *qemuAmd64) setupSEVGuestPreAttestation(ctx context.Context, config sevKbs.GuestPreAttestationConfig) (string, error) { logger := virtLog.WithField("subsystem", "SEV attestation") logger.Info("Set up prelaunch attestation") @@ -452,7 +453,7 @@ func calculateGuestLaunchDigest(config sev.GuestPreAttestationConfig, numVCPUs i // wait for prelaunch attestation to complete func (q *qemuAmd64) sevGuestPreAttestation(ctx context.Context, - qmp *govmmQemu.QMP, config sev.GuestPreAttestationConfig) error { + qmp *govmmQemu.QMP, config sevKbs.GuestPreAttestationConfig) error { logger := virtLog.WithField("subsystem", "SEV attestation") logger.Info("Processing prelaunch attestation") @@ -480,9 +481,9 @@ func (q *qemuAmd64) sevGuestPreAttestation(ctx context.Context, defer cancel() requestDetails := pb.RequestDetails{ - Guid: config.KeyBrokerSecretGuid, + Guid: config.SecretGuid, Format: "JSON", - SecretType: config.KeyBrokerSecretType, + SecretType: config.SecretType, Id: config.Keyset, } diff --git a/src/runtime/virtcontainers/qemu_arch_base.go b/src/runtime/virtcontainers/qemu_arch_base.go index 1cc152bd59..7b61bc0528 100644 --- a/src/runtime/virtcontainers/qemu_arch_base.go +++ b/src/runtime/virtcontainers/qemu_arch_base.go @@ -20,7 +20,7 @@ import ( "gitlab.com/nvidia/cloud-native/go-nvlib/pkg/nvpci" "github.com/kata-containers/kata-containers/src/runtime/pkg/device/config" - "github.com/kata-containers/kata-containers/src/runtime/pkg/sev" + sevKbs "github.com/kata-containers/kata-containers/src/runtime/pkg/sev/kbs" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" ) @@ -167,14 +167,14 @@ type qemuArch interface { getBARsMaxAddressableMemory() (uint64, uint64) // append SEV object type to the VM definition - appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sev.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) + appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sevKbs.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) // setup SEV guest prelaunch attestation - setupSEVGuestPreAttestation(ctx context.Context, config sev.GuestPreAttestationConfig) (string, error) + setupSEVGuestPreAttestation(ctx context.Context, config sevKbs.GuestPreAttestationConfig) (string, error) // wait for prelaunch attestation to complete sevGuestPreAttestation(ctx context.Context, - qmp *govmmQemu.QMP, config sev.GuestPreAttestationConfig) error + qmp *govmmQemu.QMP, config sevKbs.GuestPreAttestationConfig) error } type qemuArchBase struct { @@ -902,20 +902,20 @@ func (q *qemuArchBase) appendProtectionDevice(devices []govmmQemu.Device, firmwa } // AMD SEV methods -func (q *qemuArchBase) appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sev.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) { +func (q *qemuArchBase) appendSEVObject(devices []govmmQemu.Device, firmware, firmwareVolume string, config sevKbs.GuestPreAttestationConfig) ([]govmmQemu.Device, string, error) { hvLogger.WithField("arch", runtime.GOARCH).Warnf("Confidential Computing has not been implemented for this architecture") return devices, firmware, nil } // Setup SEV guest attestation -func (q *qemuArchBase) setupSEVGuestPreAttestation(ctx context.Context, config sev.GuestPreAttestationConfig) (string, error) { +func (q *qemuArchBase) setupSEVGuestPreAttestation(ctx context.Context, config sevKbs.GuestPreAttestationConfig) (string, error) { hvLogger.WithField("arch", runtime.GOARCH).Warnf("Confidential Computing has not been implemented for this architecture") return "", nil } // Wait for SEV prelaunch attestation to complete func (q *qemuArchBase) sevGuestPreAttestation(ctx context.Context, - qmp *govmmQemu.QMP, config sev.GuestPreAttestationConfig) error { + qmp *govmmQemu.QMP, config sevKbs.GuestPreAttestationConfig) error { hvLogger.WithField("arch", runtime.GOARCH).Warnf("Confidential Computing has not been implemented for this architecture") return nil } From 4510aeaa915daa2ecc91e0bb24ea66ecfdb349b7 Mon Sep 17 00:00:00 2001 From: Jim Cadden Date: Wed, 30 Nov 2022 12:03:35 -0500 Subject: [PATCH 2/2] runtime: Adds annotations for SEV/kbs controls at the pod level Note: only for online-kbs configuration Fixes #5782 Signed-off-by: Jim Cadden --- docs/how-to/how-to-set-sandbox-config-kata.md | 10 +++++++ src/runtime/pkg/oci/utils.go | 27 +++++++++++++++++++ .../pkg/annotations/annotations.go | 25 ++++++++++++++--- src/runtime/virtcontainers/qemu_amd64.go | 2 +- src/runtime/virtcontainers/sandbox.go | 1 + 5 files changed, 60 insertions(+), 5 deletions(-) diff --git a/docs/how-to/how-to-set-sandbox-config-kata.md b/docs/how-to/how-to-set-sandbox-config-kata.md index b8ac511cd4..1c55f97fc9 100644 --- a/docs/how-to/how-to-set-sandbox-config-kata.md +++ b/docs/how-to/how-to-set-sandbox-config-kata.md @@ -94,6 +94,16 @@ There are several kinds of Kata configurations and they are listed below. | `io.katacontainers.config.hypervisor.enable_guest_swap` | `boolean` | enable swap in the guest | | `io.katacontainers.config.hypervisor.use_legacy_serial` | `boolean` | uses legacy serial device for guest's console (QEMU) | +## Confidential Computing Options +| Key | Value Type | Comments | +|-------| ----- | ----- | +| `io.katacontainers.config.pre_attestation.enabled"` | `bool` | +determines if SEV/-ES attestation is enabled | +| `io.katacontainers.config.pre_attestation.uri"` | `string` | +specify the location of the attestation server | +| `io.katacontainers.config.sev.policy"` | `uint32` | +specify the SEV guest policy | + ## Container Options | Key | Value Type | Comments | |-------| ----- | ----- | diff --git a/src/runtime/pkg/oci/utils.go b/src/runtime/pkg/oci/utils.go index 437995f39b..61197f37aa 100644 --- a/src/runtime/pkg/oci/utils.go +++ b/src/runtime/pkg/oci/utils.go @@ -456,6 +456,10 @@ func addHypervisorConfigOverrides(ocispec specs.Spec, config *vc.SandboxConfig, return err } + if err := addConfidentialComputingOverrides(ocispec, config); err != nil { + return err + } + if value, ok := ocispec.Annotations[vcAnnotations.MachineType]; ok { if value != "" { config.HypervisorConfig.HypervisorMachineType = value @@ -912,6 +916,29 @@ func addAgentConfigOverrides(ocispec specs.Spec, config *vc.SandboxConfig) error return nil } +func addConfidentialComputingOverrides(ocispec specs.Spec, sbConfig *vc.SandboxConfig) error { + + if err := newAnnotationConfiguration(ocispec, vcAnnotations.GuestPreAttestation).setBool(func(guestPreAttestation bool) { + sbConfig.HypervisorConfig.GuestPreAttestation = guestPreAttestation + }); err != nil { + return err + } + + if value, ok := ocispec.Annotations[vcAnnotations.GuestPreAttestationURI]; ok { + if value != "" { + sbConfig.HypervisorConfig.GuestPreAttestationURI = value + } + } + + if err := newAnnotationConfiguration(ocispec, vcAnnotations.SEVGuestPolicy).setUint(func(sevGuestPolicy uint64) { + sbConfig.HypervisorConfig.SEVGuestPolicy = uint32(sevGuestPolicy) + }); err != nil { + return err + } + + return nil +} + // SandboxConfig converts an OCI compatible runtime configuration file // to a virtcontainers sandbox configuration structure. func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid string, detach, systemdCgroup bool) (vc.SandboxConfig, error) { diff --git a/src/runtime/virtcontainers/pkg/annotations/annotations.go b/src/runtime/virtcontainers/pkg/annotations/annotations.go index 3584ccd70a..a8bd4c1b20 100644 --- a/src/runtime/virtcontainers/pkg/annotations/annotations.go +++ b/src/runtime/virtcontainers/pkg/annotations/annotations.go @@ -6,10 +6,12 @@ package annotations const ( - kataAnnotationsPrefix = "io.katacontainers." - kataConfAnnotationsPrefix = kataAnnotationsPrefix + "config." - kataAnnotHypervisorPrefix = kataConfAnnotationsPrefix + "hypervisor." - kataAnnotContainerPrefix = kataAnnotationsPrefix + "container." + kataAnnotationsPrefix = "io.katacontainers." + kataConfAnnotationsPrefix = kataAnnotationsPrefix + "config." + kataAnnotHypervisorPrefix = kataConfAnnotationsPrefix + "hypervisor." + kataAnnotPreAttestationPrefix = kataConfAnnotationsPrefix + "pre_attestation." + kataAnnotSevPrefix = kataConfAnnotationsPrefix + "sev." + kataAnnotContainerPrefix = kataAnnotationsPrefix + "container." // // OCI @@ -24,6 +26,21 @@ const ( SandboxConfigPathKey = kataAnnotationsPrefix + "config_path" ) +// Annotations related to Confidential Containers (CoCo) +const ( + // + // Assets + // + // GuestPreAttestation toggled pre_attestation functionality on/off + GuestPreAttestation = kataAnnotPreAttestationPrefix + "enabled" + + // GuestPreAttestationURI set the remote URL for online-kbs + GuestPreAttestationURI = kataAnnotPreAttestationPrefix + "uri" + + // SEVGuestPolicy set the AMD SEV guest policy + SEVGuestPolicy = kataAnnotSevPrefix + "policy" +) + // Annotations related to Hypervisor configuration const ( // diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index bb332d5e9c..d24953e61e 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -431,7 +431,7 @@ func getCPUSig(cpuModel string) sev.VCPUSig { return sev.NewVCPUSig(cpuid.DisplayFamily, cpuid.DisplayModel, cpuid.SteppingId) } -func calculateGuestLaunchDigest(config sev.GuestPreAttestationConfig, numVCPUs int, cpuModel string) ([sha256.Size]byte, error) { +func calculateGuestLaunchDigest(config sevKbs.GuestPreAttestationConfig, numVCPUs int, cpuModel string) ([sha256.Size]byte, error) { if config.Policy&sevPolicyBitSevEs != 0 { // SEV-ES guest return sev.CalculateSEVESLaunchDigest( diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go index 176714282c..5177aee9a8 100644 --- a/src/runtime/virtcontainers/sandbox.go +++ b/src/runtime/virtcontainers/sandbox.go @@ -17,6 +17,7 @@ import ( "os" "os/exec" "path/filepath" + //"strconv" "sync" "syscall"