Re: SEV guest attestation

, Nov 24, 2021 at 06:29:07PM +, Dr. David Alan Gilbert wrote: * Daniel P. Berrangé (berra...@redhat.com) wrote: On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: Hi, We recently discussed a way for remote SEV guest attestation through QEMU. My initial approach was to get data

Re: SEV guest attestation

Alan Gilbert wrote: * Daniel P. Berrangé (berra...@redhat.com) wrote: On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: Hi, We recently discussed a way for remote SEV guest attestation through QEMU. My initial approach was to get data needed for attestation through different QMP

Re: SEV guest attestation

On 25/11/2021 18:08, Dr. David Alan Gilbert wrote: > * Daniel P. Berrangé (berra...@redhat.com) wrote: >> On Thu, Nov 25, 2021 at 03:40:36PM +, Dr. David Alan Gilbert wrote: >>> * Sergio Lopez (s...@redhat.com) wrote: On Thu, Nov 25, 2021 at 02:44:51PM +0200, Dov Murik wrote: >

Re: SEV guest attestation

* Daniel P. Berrangé (berra...@redhat.com) wrote: > On Thu, Nov 25, 2021 at 03:40:36PM +, Dr. David Alan Gilbert wrote: > > * Sergio Lopez (s...@redhat.com) wrote: > > > On Thu, Nov 25, 2021 at 02:44:51PM +0200, Dov Murik wrote: > > > > > > > > SEV-ES has pre-launch measurement and secret inje

Re: SEV guest attestation

On Thu, Nov 25, 2021 at 03:40:36PM +, Dr. David Alan Gilbert wrote: > * Sergio Lopez (s...@redhat.com) wrote: > > On Thu, Nov 25, 2021 at 02:44:51PM +0200, Dov Murik wrote: > > > > > > SEV-ES has pre-launch measurement and secret injection, just like SEV > > > (except that the measurement incl

Re: SEV guest attestation

t wrote: > > >> * Daniel P. Berrangé (berra...@redhat.com) wrote: > > >>> On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > > >>>> Hi, > > >>>> > > >>>> We recently discussed a way for remote SEV

Re: SEV guest attestation

wrote: > >>> On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > >>>> Hi, > >>>> > >>>> We recently discussed a way for remote SEV guest attestation through > >>>> QEMU. > >>>> My initial approach was to

Re: SEV guest attestation

; > > > > > > We recently discussed a way for remote SEV guest attestation through > > > > QEMU. > > > > My initial approach was to get data needed for attestation through > > > > different > > > > QMP commands (all of which a

Re: SEV guest attestation

* Daniel P. Berrangé (berra...@redhat.com) wrote: > On Thu, Nov 25, 2021 at 08:14:28AM +0100, Sergio Lopez wrote: > > For SEV-SNP, this is pretty much the end of the story, because the > > attestation exchange is driven by an agent inside the guest. Well, > > there's also the need to have in the VM

Re: SEV guest attestation

24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > >>>> Hi, > >>>> > >>>> We recently discussed a way for remote SEV guest attestation through > >>>> QEMU. > >>>> My initial approach was to get data needed for attest

Re: SEV guest attestation

+, Dr. David Alan Gilbert wrote: >>>> * Daniel P. Berrangé (berra...@redhat.com) wrote: >>>>> On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: >>>>>> Hi, >>>>>> >>>>>> We recently discussed a way for remote

Re: SEV guest attestation

On 25/11/2021 15:52, Daniel P. Berrangé wrote: > On Thu, Nov 25, 2021 at 08:14:28AM +0100, Sergio Lopez wrote: >> For SEV-SNP, this is pretty much the end of the story, because the >> attestation exchange is driven by an agent inside the guest. Well, >> there's also the need to have in the VM a

Re: SEV guest attestation

On Thu, Nov 25, 2021 at 08:14:28AM +0100, Sergio Lopez wrote: > For SEV-SNP, this is pretty much the end of the story, because the > attestation exchange is driven by an agent inside the guest. Well, > there's also the need to have in the VM a well-known vNIC bridged to a > network that's routed to

Re: SEV guest attestation

;> >>>> We recently discussed a way for remote SEV guest attestation through QEMU. >>>> My initial approach was to get data needed for attestation through >>>> different >>>> QMP commands (all of which are already available, so no changes required >

Re: SEV guest attestation

wrote: > >>> On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > >>>> Hi, > >>>> > >>>> We recently discussed a way for remote SEV guest attestation through > >>>> QEMU. > >>>> My initial approach was to

Re: SEV guest attestation

; > Hi, > > > > > > > > We recently discussed a way for remote SEV guest attestation through > > > > QEMU. > > > > My initial approach was to get data needed for attestation through > > > > different > > > > QMP commands (all

Re: SEV guest attestation

On Wed, Nov 24, 2021 at 06:29:07PM +, Dr. David Alan Gilbert wrote: > * Daniel P. Berrangé (berra...@redhat.com) wrote: > > On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > > > Hi, > > > > > > We recently discussed a way for remote SEV gues

Re: SEV guest attestation

; > > > > We recently discussed a way for remote SEV guest attestation through > > > > QEMU. > > > > My initial approach was to get data needed for attestation through > > > > different > > > > QMP commands (all of which are already avai

Re: SEV guest attestation

;>>> Hi, >>>> >>>> We recently discussed a way for remote SEV guest attestation through QEMU. >>>> My initial approach was to get data needed for attestation through >>>> different >>>> QMP commands (all of which are already available, so

Re: SEV guest attestation

On Wed, Nov 24, 2021 at 06:29:07PM +, Dr. David Alan Gilbert wrote: > * Daniel P. Berrangé (berra...@redhat.com) wrote: > > On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > > > Hi, > > > > > > We recently discussed a way for remote SEV gues

Re: SEV guest attestation

On 11/24/21 12:49 PM, Dr. David Alan Gilbert wrote: * Tyler Fanelli (tfane...@redhat.com) wrote: Hi, We recently discussed a way for remote SEV guest attestation through QEMU. My initial approach was to get data needed for attestation through different QMP commands (all of which are already

Re: SEV guest attestation

* Daniel P. Berrangé (berra...@redhat.com) wrote: > On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > > Hi, > > > > We recently discussed a way for remote SEV guest attestation through QEMU. > > My initial approach was to get data needed for attestatio

Re: SEV guest attestation

On Wed, Nov 24, 2021 at 11:34:16AM -0500, Tyler Fanelli wrote: > Hi, > > We recently discussed a way for remote SEV guest attestation through QEMU. > My initial approach was to get data needed for attestation through different > QMP commands (all of which are already available

Re: SEV guest attestation

* Tyler Fanelli (tfane...@redhat.com) wrote: > Hi, > > We recently discussed a way for remote SEV guest attestation through QEMU. > My initial approach was to get data needed for attestation through different > QMP commands (all of which are already available, so no changes r

Re: SEV guest attestation

On 11/24/21 11:34 AM, Tyler Fanelli wrote: We recently discussed a way for remote SEV guest attestation through QEMU. For those interested, here is where some of the discussion took place before. [1] https://listman.redhat.com/archives/libvir-list/2021-May/msg00196.html [2] https

SEV guest attestation

Hi, We recently discussed a way for remote SEV guest attestation through QEMU. My initial approach was to get data needed for attestation through different QMP commands (all of which are already available, so no changes required there), deriving hashes and certificate data; and collecting