virtee / sevctl Goto Github PK

View Code? Open in Web Editor NEW

39.0 39.0 19.0 275 KB

Administrative utility for AMD SEV

License: Apache License 2.0

Rust 100.00%

sevctl's People

Contributors

Stargazers

Watchers

Forkers

crobinso tylerfanelli dagrh fruitbox12 c3d ryansavino zhencliu solohin dfinity lucidsamuel dgonzalezvillal surajssd sza-1 imlk0 sarutak larrydewey anandakumarnatarajan

sevctl's Issues

'sevctl ok' and kernel reporting different status for BIOS SEV setup

I was using the sevctl ok command to check if SEV is enabled in the BIOS and the output below suggests that it is; however, a dmesg message says otherwise ccp 0000:24:00.1: SEV: memory encryption not enabled by BIOS. I am wondering if the kernel ccp and sevctl are using different methods to check if the SEV is enabled in the BIOS.

I think the SEV-SNP check may also have issues because it is returning PASS, but this AMD milan system has hardware support only for SEV and SEV-ES, and AFAIK they were not enabled in the BIOS.

The system is running RHEL 8.7 (kernel 4.18.0) and sevctl-0.3.0.

[cclaudio@milan ~]$ sudo sevctl ok
[ PASS ] - AMD CPU
[ PASS ]   - Microcode support
[ PASS ]   - Secure Memory Encryption (SME)
[ PASS ]   - Secure Encrypted Virtualization (SEV)
[ PASS ]     - Encrypted State (SEV-ES)
[ PASS ]     - Secure Nested Paging (SEV-SNP)
[ PASS ]       - VM Permission Levels
[ PASS ]         - Number of VMPLs: 4
[ PASS ]     - Physical address bit reduction: 5
[ PASS ]     - C-bit location: 51
[ PASS ]     - Number of encrypted guests supported simultaneously: 509
[ PASS ]     - Minimum ASID value for SEV-enabled, SEV-ES disabled guest: 1
[ FAIL ]     - SEV enabled in KVM: Error - contents read from /sys/module/kvm_amd/parameters/sev: N
[ FAIL ]     - Reading /dev/sev: /dev/sev not readable: No such file or directory (os error 2)
[ FAIL ]     - Writing /dev/sev: /dev/sev not writable: No such file or directory (os error 2)
[ PASS ]   - Page flush MSR: ENABLED
[ PASS ] - KVM supported: API version: 12
[ PASS ] - Memlock resource limit: Soft: 65536 | Hard: 65536
error: One or more tests in sevctl-ok reported a failure
[cclaudio@milan ~]$

Test: VM Page Flush MSR Change

Currently in the tests there is a pass/fail check for the VM Page Flush MSR at 0x8000001F_EAX[2]. This should be treated more as an enabled/disabled flag than a pass/fail flag.

About Launch_blob format

Hi, there.

I was trying to write a kbs in Golang. However, when trying it with sev and Qemu I got a "bad measurement" error from sev. It seems that the SEV cannot validate the "WRAP_MAC" with my godh and launch_blob file. I tried to learn from your repo but I don't know much about Rust. So could you plz tell me your launch_blob format? Is it the same as the LAUNCH_START Session Data Buffer specified in SEV API specification(Table 45)? Is it little endian or big endian formatted?

Best regards

How to export/extract different certs?

I have successfully installed the secvtl and provisioned the OCA by the following instructions:

$ sevctl generate oca.cert oca.key
$ sevctl provision oca.cert oca.key
$ sevctl export --full /opt/sev/cert_chain.cert

The sevctl verify command executes well:

~/opt/sev ❯ sevctl verify --sev cert_chain.cert 
PDH EP384 D256 3a1cd0a787bf1b951730b1689f5417b39833eccd408b0978d657cb118518a486
 ⬑ PEK EP384 E256 71953375e148a693e0785bdaeb13404ca40eaae4e6b477292e19417a8d1bf21d
   •⬑ OCA EP384 E256 2b13c5a6ba06e0d6f3375e9d5d1c3709b69461ae0f011d2689e1193af869c48e
    ⬑ CEK EP384 E256 d80941025278e9efcc43143571710152e3978630429e2a105f2ea718e3f686db
       ⬑ ASK R4096 R384 95cba79ba3c77daea79f741bade8156a50b1c59f6d6fda104d16dd264729f5ee8989522f3711fc7c84719921ceb31bc0
         •⬑ ARK R4096 R384 569da618dfe64015c343db6d975e77b72fdeacd16edd02d9d09b889b8f0f1d91ffa5dfbd86f7ac574a1a7883b7a1e737

 • = self signed, ⬑ = signs, •̷ = invalid self sign, ⬑̸ = invalid signs

My question is can I export/extract the specific cert, like ark_ask_cert, pek_cert, cek_cert, or pdh_cert? Does the current sevctl support it? It seems like the deprecated repos. sevtool has related support although I haven't tried that.

New subcommand: sevctl-attest (with initial support for QEMU)

enarx-archive/sevctl#46

sevctl export: unable to create output file

sevclt export doesn't create the cerficate file if basedir doesn't exist:

$ sudo ./sevctl export --full /opt/sev/cert_chain.cert
error: unable to create output file

It works if I create /opt/sev beforehand.

Even if it works as designed, I think the error message could be clear.

Improve Microcode Support Identification

I am thinking there is a better way for us to identify the models supported. We should discuss this more in-depth so we can iron out a less brittle approach.

Add build documentation

For me to build sevctl on Ubuntu I had to install the following OS packages:

sudo apt install -y pkg-config libssl-dev asciidoctor

And then I could build using the following command:

cargo build

Add build documentation

For me to build sevctl on Ubuntu I had to install the following OS packages:

sudo apt install -y pkg-config libssl-dev asciidoctor

And then I could build using the following command:

cargo build

Write a man-page

enarx-archive/sevctl#55

SNP-related commands

As SEV-SNP becomes more widely used, we've noticed that most commands currently in sevctl would not be useful for SNP. I currently see 2 options for the future:

Introduce an snp module in sevctl, where all SNP related commands would reside. We could divide sevctl into two modules, sev and snp, and use commands accordingly:

sevctl **sev** measurement ...  // For SEV(-ES) commands
sevctl **snp** measurement ...  // For SNP commands.

Introduce another tool, snpctl, which will house all SNP related commands.

**sevctl** measurement ...  // For SEV(-ES) commands.
**snpctl** measurement ...  // For SNP commands.

@crobinso What do you think?

sevctl export fails with HTTP400 error

Running sevctl export fails with HTTP400:

# sevctl export --full /opt/sev/cert_chain.cert
error: final http request failed: Status(400, Response { status: 400, headers: {"date": "Tue, 27 Sep 2022 08:16:59 GMT", "content-type": "text/html;charset=ISO-8859-1", "content-length": "25", "set-cookie": "JSESSIONID=BF211667273C8442B60BFF9856368DD3; Path=/cek; Secure; HttpOnly", "connection": "close", "": ""}, body: [13, 10, 13, 10, 13, 10, 52, 48, 48, 13, 10, 45, 13, 10, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116] })
caused by: http request #1 failed: Response { status: 400, headers: {"content-length": "25", "": "", "content-type": "text/html;charset=ISO-8859-1", "set-cookie": "JSESSIONID=B96B8FA7F1DD7CF8A6BA36E2602D24AF; Path=/cek; Secure; HttpOnly", "date": "Tue, 27 Sep 2022 08:16:44 GMT", "connection": "close"}, body: [13, 10, 13, 10, 13, 10, 52, 48, 48, 13, 10, 45, 13, 10, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116] }; http request #2 failed: Response { status: 400, headers: {"date": "Tue, 27 Sep 2022 08:16:49 GMT", "content-type": "text/html;charset=ISO-8859-1", "connection": "close", "": "", "set-cookie": "JSESSIONID=36115A083C50C75DDA3E74DFD20DA589; Path=/cek; Secure; HttpOnly", "content-length": "25"}, body: [13, 10, 13, 10, 13, 10, 52, 48, 48, 13, 10, 45, 13, 10, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116] }; http request #3 failed: Response { status: 400, headers: {"content-length": "25", "connection": "close", "": "", "set-cookie": "JSESSIONID=860A83BB61210C249C6497BB964AC2DA; Path=/cek; Secure; HttpOnly", "content-type": "text/html;charset=ISO-8859-1", "date": "Tue, 27 Sep 2022 08:16:54 GMT"}, body: [13, 10, 13, 10, 13, 10, 52, 48, 48, 13, 10, 45, 13, 10, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116] }

The decoded chain boils down to:

400
-
Bad Request

Measurement parameters

I started a SEV-SNP VM (using https://github.com/AMDESE/AMDSEV), no I want to precalculate measurement value of attestation report, but I'm not sure in the command sevctl measurement build which parameters should be provided for --tik and --launch-measure-blob? What are these attributes?

Add full flag to cert export command documentation

The full flag is missing from the documentation.