coco.rst - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
coco.rst (4526B)
      1.. SPDX-License-Identifier: GPL-2.0
      2
      3==============================
      4Confidential Computing secrets
      5==============================
      6
      7This document describes how Confidential Computing secret injection is handled
      8from the firmware to the operating system, in the EFI driver and the efi_secret
      9kernel module.
     10
     11
     12Introduction
     13============
     14
     15Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
     16Virtualization) allows guest owners to inject secrets into the VMs
     17memory without the host/hypervisor being able to read them.  In SEV,
     18secret injection is performed early in the VM launch process, before the
     19guest starts running.
     20
     21The efi_secret kernel module allows userspace applications to access these
     22secrets via securityfs.
     23
     24
     25Secret data flow
     26================
     27
     28The guest firmware may reserve a designated memory area for secret injection,
     29and publish its location (base GPA and length) in the EFI configuration table
     30under a ``LINUX_EFI_COCO_SECRET_AREA_GUID`` entry
     31(``adf956ad-e98c-484c-ae11-b51c7d336447``).  This memory area should be marked
     32by the firmware as ``EFI_RESERVED_TYPE``, and therefore the kernel should not
     33be use it for its own purposes.
     34
     35During the VM's launch, the virtual machine manager may inject a secret to that
     36area.  In AMD SEV and SEV-ES this is performed using the
     37``KVM_SEV_LAUNCH_SECRET`` command (see [sev]_).  The strucutre of the injected
     38Guest Owner secret data should be a GUIDed table of secret values; the binary
     39format is described in ``drivers/virt/coco/efi_secret/efi_secret.c`` under
     40"Structure of the EFI secret area".
     41
     42On kernel start, the kernel's EFI driver saves the location of the secret area
     43(taken from the EFI configuration table) in the ``efi.coco_secret`` field.
     44Later it checks if the secret area is populated: it maps the area and checks
     45whether its content begins with ``EFI_SECRET_TABLE_HEADER_GUID``
     46(``1e74f542-71dd-4d66-963e-ef4287ff173b``).  If the secret area is populated,
     47the EFI driver will autoload the efi_secret kernel module, which exposes the
     48secrets to userspace applications via securityfs.  The details of the
     49efi_secret filesystem interface are in [secrets-coco-abi]_.
     50
     51
     52Application usage example
     53=========================
     54
     55Consider a guest performing computations on encrypted files.  The Guest Owner
     56provides the decryption key (= secret) using the secret injection mechanism.
     57The guest application reads the secret from the efi_secret filesystem and
     58proceeds to decrypt the files into memory and then performs the needed
     59computations on the content.
     60
     61In this example, the host can't read the files from the disk image
     62because they are encrypted.  Host can't read the decryption key because
     63it is passed using the secret injection mechanism (= secure channel).
     64Host can't read the decrypted content from memory because it's a
     65confidential (memory-encrypted) guest.
     66
     67Here is a simple example for usage of the efi_secret module in a guest
     68to which an EFI secret area with 4 secrets was injected during launch::
     69
     70	# ls -la /sys/kernel/security/secrets/coco
     71	total 0
     72	drwxr-xr-x 2 root root 0 Jun 28 11:54 .
     73	drwxr-xr-x 3 root root 0 Jun 28 11:54 ..
     74	-r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
     75	-r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
     76	-r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
     77	-r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910
     78
     79	# hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
     80	00000000  74 68 65 73 65 2d 61 72  65 2d 74 68 65 2d 6b 61  |these-are-the-ka|
     81	00000010  74 61 2d 73 65 63 72 65  74 73 00 01 02 03 04 05  |ta-secrets......|
     82	00000020  06 07                                             |..|
     83	00000022
     84
     85	# rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
     86
     87	# ls -la /sys/kernel/security/secrets/coco
     88	total 0
     89	drwxr-xr-x 2 root root 0 Jun 28 11:55 .
     90	drwxr-xr-x 3 root root 0 Jun 28 11:54 ..
     91	-r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
     92	-r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
     93	-r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
     94
     95
     96References
     97==========
     98
     99See [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.
    100
    101.. [sev] Documentation/virt/kvm/amd-memory-encryption.rst
    102.. [secrets-coco-abi] Documentation/ABI/testing/securityfs-secrets-coco
    103.. [sev-api-spec] https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf