xref: /openbmc/linux/Documentation/security/secrets/coco.rst (revision c900529f3d9161bfde5cca0754f83b4d3c3e0220) 
17419995aSDov Murik.. SPDX-License-Identifier: GPL-2.0
27419995aSDov Murik
37419995aSDov Murik==============================
47419995aSDov MurikConfidential Computing secrets
57419995aSDov Murik==============================
67419995aSDov Murik
77419995aSDov MurikThis document describes how Confidential Computing secret injection is handled
87419995aSDov Murikfrom the firmware to the operating system, in the EFI driver and the efi_secret
97419995aSDov Murikkernel module.
107419995aSDov Murik
117419995aSDov Murik
127419995aSDov MurikIntroduction
137419995aSDov Murik============
147419995aSDov Murik
157419995aSDov MurikConfidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
167419995aSDov MurikVirtualization) allows guest owners to inject secrets into the VMs
177419995aSDov Murikmemory without the host/hypervisor being able to read them.  In SEV,
187419995aSDov Muriksecret injection is performed early in the VM launch process, before the
197419995aSDov Murikguest starts running.
207419995aSDov Murik
217419995aSDov MurikThe efi_secret kernel module allows userspace applications to access these
227419995aSDov Muriksecrets via securityfs.
237419995aSDov Murik
247419995aSDov Murik
257419995aSDov MurikSecret data flow
267419995aSDov Murik================
277419995aSDov Murik
287419995aSDov MurikThe guest firmware may reserve a designated memory area for secret injection,
297419995aSDov Murikand publish its location (base GPA and length) in the EFI configuration table
307419995aSDov Murikunder a ``LINUX_EFI_COCO_SECRET_AREA_GUID`` entry
317419995aSDov Murik(``adf956ad-e98c-484c-ae11-b51c7d336447``).  This memory area should be marked
327419995aSDov Murikby the firmware as ``EFI_RESERVED_TYPE``, and therefore the kernel should not
337419995aSDov Murikbe use it for its own purposes.
347419995aSDov Murik
357419995aSDov MurikDuring the VM's launch, the virtual machine manager may inject a secret to that
367419995aSDov Murikarea.  In AMD SEV and SEV-ES this is performed using the
37*d56b699dSBjorn Helgaas``KVM_SEV_LAUNCH_SECRET`` command (see [sev]_).  The structure of the injected
387419995aSDov MurikGuest Owner secret data should be a GUIDed table of secret values; the binary
397419995aSDov Murikformat is described in ``drivers/virt/coco/efi_secret/efi_secret.c`` under
407419995aSDov Murik"Structure of the EFI secret area".
417419995aSDov Murik
427419995aSDov MurikOn kernel start, the kernel's EFI driver saves the location of the secret area
437419995aSDov Murik(taken from the EFI configuration table) in the ``efi.coco_secret`` field.
447419995aSDov MurikLater it checks if the secret area is populated: it maps the area and checks
457419995aSDov Murikwhether its content begins with ``EFI_SECRET_TABLE_HEADER_GUID``
467419995aSDov Murik(``1e74f542-71dd-4d66-963e-ef4287ff173b``).  If the secret area is populated,
477419995aSDov Murikthe EFI driver will autoload the efi_secret kernel module, which exposes the
487419995aSDov Muriksecrets to userspace applications via securityfs.  The details of the
497419995aSDov Murikefi_secret filesystem interface are in [secrets-coco-abi]_.
507419995aSDov Murik
517419995aSDov Murik
527419995aSDov MurikApplication usage example
537419995aSDov Murik=========================
547419995aSDov Murik
557419995aSDov MurikConsider a guest performing computations on encrypted files.  The Guest Owner
567419995aSDov Murikprovides the decryption key (= secret) using the secret injection mechanism.
577419995aSDov MurikThe guest application reads the secret from the efi_secret filesystem and
587419995aSDov Murikproceeds to decrypt the files into memory and then performs the needed
597419995aSDov Murikcomputations on the content.
607419995aSDov Murik
617419995aSDov MurikIn this example, the host can't read the files from the disk image
627419995aSDov Murikbecause they are encrypted.  Host can't read the decryption key because
637419995aSDov Murikit is passed using the secret injection mechanism (= secure channel).
647419995aSDov MurikHost can't read the decrypted content from memory because it's a
657419995aSDov Murikconfidential (memory-encrypted) guest.
667419995aSDov Murik
677419995aSDov MurikHere is a simple example for usage of the efi_secret module in a guest
687419995aSDov Murikto which an EFI secret area with 4 secrets was injected during launch::
697419995aSDov Murik
707419995aSDov Murik	# ls -la /sys/kernel/security/secrets/coco
717419995aSDov Murik	total 0
727419995aSDov Murik	drwxr-xr-x 2 root root 0 Jun 28 11:54 .
737419995aSDov Murik	drwxr-xr-x 3 root root 0 Jun 28 11:54 ..
747419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
757419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
767419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
777419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910
787419995aSDov Murik
797419995aSDov Murik	# hd /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
807419995aSDov Murik	00000000  74 68 65 73 65 2d 61 72  65 2d 74 68 65 2d 6b 61  |these-are-the-ka|
817419995aSDov Murik	00000010  74 61 2d 73 65 63 72 65  74 73 00 01 02 03 04 05  |ta-secrets......|
827419995aSDov Murik	00000020  06 07                                             |..|
837419995aSDov Murik	00000022
847419995aSDov Murik
857419995aSDov Murik	# rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
867419995aSDov Murik
877419995aSDov Murik	# ls -la /sys/kernel/security/secrets/coco
887419995aSDov Murik	total 0
897419995aSDov Murik	drwxr-xr-x 2 root root 0 Jun 28 11:55 .
907419995aSDov Murik	drwxr-xr-x 3 root root 0 Jun 28 11:54 ..
917419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
927419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
937419995aSDov Murik	-r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
947419995aSDov Murik
957419995aSDov Murik
967419995aSDov MurikReferences
977419995aSDov Murik==========
987419995aSDov Murik
997419995aSDov MurikSee [sev-api-spec]_ for more info regarding SEV ``LAUNCH_SECRET`` operation.
1007419995aSDov Murik
1017ac3945dSMauro Carvalho Chehab.. [sev] Documentation/virt/kvm/x86/amd-memory-encryption.rst
1027419995aSDov Murik.. [secrets-coco-abi] Documentation/ABI/testing/securityfs-secrets-coco
1037419995aSDov Murik.. [sev-api-spec] https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf
104