Commit Graph

14 Commits

Author SHA1 Message Date
Peter Krempa
85a4f035f6 Use 'libvirt.org' instead of 'www.libvirt.org'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-04-03 09:19:05 +02:00
Daniel P. Berrangé
27d8bcc337 manpages: fix secret injection example for SEV
The --disk-password argument was present in early impls of the patch but
replaced by the more generic --inject-secret argument.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-03-17 15:45:33 +00:00
Daniel P. Berrangé
4d3b2d77d0 docs: refer to --firmware instead of --loader
The --loader syntax was left over from an earlier version of the code
before it was renamed to --firmware.

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-22 13:48:48 +00:00
Jim Fehlig
8eb54255ec docs: Fix examples in virt-qemu-sev-validate man page
Some of the examples refer to virt-dom-sev-validate. Replace them with
the proper name.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2023-02-03 11:28:27 -07:00
Andrea Bolognani
a417571628 docs: Fix typo in virt-qemu-sev-validate(1)
Spotted by Lintian (typo-in-manual-page tag).

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2022-12-08 17:24:17 +01:00
Daniel P. Berrangé
cd94d891fb docs/manpages: add checklist of problems for SEV attestation
Despite efforts to make the virt-qemu-sev-validate tool friendly, it is
a certainty that almost everyone who tries it will hit false negative
results, getting a failure despite the VM being trustworthy.

Diagnosing these problems is no easy matter, especially for those not
familiar with SEV/SEV-ES in general. This extra docs text attempts to
set out a checklist of items to look at to identify what went wrong.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
b348f37445 tools: support generating SEV secret injection tables
It is possible to build OVMF for SEV with an embedded Grub that can
fetch LUKS disk secrets. This adds support for injecting secrets in
the required format.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
273c408899 tools: load CPU count and CPU SKU from libvirt
When validating a SEV-ES guest, we need to know the CPU count and VMSA
state. We can get the CPU count directly from libvirt's guest info. The
VMSA state can be constructed automatically if we query the CPU SKU from
host capabilities XML. Neither of these is secure, however, so this
behaviour is restricted.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
676df5b358 tools: support automatically constructing SEV-ES vCPU state
The VMSA files contain the expected CPU register state for the VM. Their
content varies based on a few pieces of the stack

  - AMD CPU architectural initial state
  - KVM hypervisor VM CPU initialization
  - QEMU userspace VM CPU initialization
  - AMD CPU SKU (family/model/stepping)

The first three pieces of information we can obtain through code
inspection. The last piece of information we can take on the command
line. This allows a user to validate a SEV-ES guest merely by providing
the CPU SKU information, using --cpu-family, --cpu-model,
--cpu-stepping. This avoids the need to obtain or construct VMSA files
directly.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
3e7b7da9e0 tools: support validating SEV-ES initial vCPU state measurements
With the SEV-ES policy the VMSA state of each vCPU must be included in
the measured data. The VMSA state can be generated using the 'sevctl'
tool, by telling it a QEMU VMSA is required, and passing the hypevisor's
CPU SKU (family, model, stepping).

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
7d55c815c6 tools: load direct kernel config from libvirt
When connected to libvirt we can validate that the guest configuration
has the kernel hashes property enabled, otherwise including the kernel
GUID table in our expected measurements is not likely to match the
actual measurement.

When running locally we can also automatically detect the kernel/initrd
paths, along with the cmdline string from the XML.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0b9e70b141 tools: support validating SEV direct kernel boot measurements
When doing direct kernel boot we need to include the kernel, initrd and
cmdline in the measurement.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
0e911045ae tools: load guest config from libvirt
Accept information about a connection to libvirt and a guest on the
command line. Talk to libvirt to obtain the running guest state and
automatically detect as much configuration as possible.

It will refuse to use a libvirt connection that is thought to be local
to the current machine, as running this tool on the hypervisor itself is
not considered secure. This can be overridden using the --insecure flag.

When querying the guest, it will also analyse the XML configuration in
an attempt to detect any options that are liable to be mistakes. For
example the NVRAM being measured should not have a persistent varstore.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00
Daniel P. Berrangé
ececdbdfc0 tools: support validating SEV firmware boot measurements
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.

This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.

The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.

Reviewed-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-11-15 11:09:30 +00:00