Thread (42 messages) 42 messages, 10 authors, 2025-05-02

Re: [PATCH 0/4] tsm: Unified Measurement Register ABI for TVMs

From: Dionna Amalie Glaze <hidden>
Date: 2025-02-19 03:21:36
Also in: lkml

On Tue, Feb 18, 2025 at 4:41 PM Dave Hansen [off-list ref] wrote:
On 2/18/25 15:57, Dionna Amalie Glaze wrote:
quoted
quoted
If there are actual end users who care about this, it would be great to
see their acks on it as well.
We would like to have this for Google Confidential Space and Kubernetes Engine.

Acked-by: Dionna Glaze <redacted>
Great! Thanks for chiming in. Can you talk for a second, though, about
why this is useful and how you plan to use it? Is it for debugging?
Confidential space on SEV depends on the hypervisor-provided vTPM to
provide remotely attestable quotes of its PCRs, and the corresponding
event logs.
https://github.com/google/go-tpm-tools/blob/main/launcher/agent/agent.go#L97

On TDX and ARM CCA (maybe RISC-V CoVE someday), we don't want to have
to depend on the vTPM.
There are runtime measurement registers and the CCEL.
When we have a sysfs interface to extend these registers, it makes the
user space evidence manager's life easier.
When Dan Williams forced the issue about configfs-tsm, we were told
that it is bad for the kernel to have many platform-specific
interfaces for attestation operations.
This patch series is a way to unify behind the tsm.

As for the ability to read the registers through sysfs instead of just
extend-on-write, that's not something Confidential Space depends on
specifically.
Our attestation policies are evaluated in a verification service
rather than on-node.

For on-node policy evaluation, for instance in kubectl, there is a
benefit to being able to generically read measurement registers that
have been extended generically to execute policy that a certain action
if a measurement register isn't an exact expected value.
This is not far-fetched, since it is used for confidential containers,
and is being discussed for kubernetes engine as a way to poison an
instance when an ssh session is terminated for a human operator.

To have that same capability without a generic read interface, we need
to stuff kubectl with quote parsers of every attestation technology.

Hope that helps.
-- 
-Dionna Glaze, PhD, CISSP, CCSP (she/her)
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help