Documentation
¶
Overview ¶
Package sev implements launch measurement reconstruction given a few inputs such as firmware.
Index ¶
- Constants
- Variables
- func LaunchDigest(options *LaunchOptions, serializedUefi []byte) ([]byte, error)
- func ProductHighAddress(product sgpb.SevProduct_SevProductName) uint64
- func PutVmsa(v *spb.VmcbSaveArea, data []byte) error
- func UnsignedSnp(uefi []byte, snpRequest *SnpEndorsementRequest) (*epb.VMSevSnp, error)
- type LaunchOptions
- type PageInfo
- type PageType
- type SnpEndorsementRequest
- type SnpMeasurement
- func (m *SnpMeasurement) Update(gpa uint64, data []byte, pageType PageType) error
- func (m *SnpMeasurement) Update4K(gpa uint64, data []byte, pageType PageType) error
- func (m *SnpMeasurement) ZeroContentUpdate(gpa uint64, size uint32, pageType PageType) error
- func (m *SnpMeasurement) ZeroContentUpdate4K(gpa uint64, pageType PageType) error
Constants ¶
const ( VmplPermissionExecuteSupervisor = uint8(1 << 3) VmplPermissionExecuteUser = uint8(1 << 2) VmplPermissionWrite = uint8(1 << 1) VmplPermissionRead = uint8(1 << 0) // Flag for whether a page is included in the Initial Measured Image (IMI). IsInitialMeasuredImage = 1 SizeofPageInfo = 0x70 // SizeofVmcbSeg is the ABI size of an AMD-V VMCB segment struct. SizeofVmcbSeg = 16 // SizeofVmsa is the ABI size of the SEV-ES VMCB secure save area. SizeofVmsa = 0x670 )
Permissions assignable in the RMP for a page's assess permissions by a vCPU with VPML number specified in vmpl[n]_perms. VMPL0 has all access permissions.
const ( // GCEUefiFamilyID is the UUID GCE uses for all its SEV-SNP firmwares. GCEUefiFamilyID = "f73a6949-e8f3-473b-9553-e40e056fa3a2" // GCEFwCertGUID is the UUID that GCE uses to provide the serialized launch endorsement to a // SEV-SNP guest in the certificate table. GCEFwCertGUID = "9f4116cd-c503-4f5a-8f6f-fb68882f4ce2" )
const ( KiB = 1024 MiB = 1024 * KiB GiB = 1024 * MiB RomTop = 4 * GiB VmsaV1 = `` /* 604-byte string literal not displayed */ )
Expected values for VMCB Save Area. This is needed in SEV-ES to reconstruct the expected measurement coming from the AMD Secure Processor. The values here are for the 1st CPU (BSP); For APS the value of cs.base and rip must be overwritten with the values read from the SEV-ES Reset Block. The default g_pat is 0x0007040600070406 but gets overwritten to 0x00070106 by the GCE hypervisor.
Variables ¶
var AllSupportedVmsaCounts = []uint32{1, 2, 4, 8, 16, 24, 32, 48, 64, 80, 96, 112, 128, 224, 240}
AllSupportedVmsaCounts is the number of VMSAs we expect to see measured in GCE for any particular SEV-SNP VM. 1 is included for AP boot case when VMSAs aren't all created at launch. All other numbers come from ``` gcloud compute machines-types list | grep n2d- | awk '{print $3}' | sort -g | uniq ```
Functions ¶
func LaunchDigest ¶
func LaunchDigest(options *LaunchOptions, serializedUefi []byte) ([]byte, error)
LaunchDigest computes the SEV-SNP expected MEASUREMENT from a given UEFI and the number of vCPUs at boot
func ProductHighAddress ¶
func ProductHighAddress(product sgpb.SevProduct_SevProductName) uint64
ProductHighAddress returns the highest GPA allowed for a PAGE_INFO on a given product. According to the SEV-SNP API documentation SNP_LAUNCH_UPDATE Actions section,
"the guest physical address space is limited according to CPUID Fn80000008_EAX and thus the GPAs used by the firmware in measurement calculation are equally limited. Hypervisors should not attempt to map pages outside of this limit."
Upon further clarification with AMD architects, we also should expect the address to be truncated to be page-aligned.
func PutVmsa ¶
func PutVmsa(v *spb.VmcbSaveArea, data []byte) error
PutVmsa writes the VMCB Save area (VMSA) in its ABI format to data.
func UnsignedSnp ¶
func UnsignedSnp(uefi []byte, snpRequest *SnpEndorsementRequest) (*epb.VMSevSnp, error)
UnsignedSnp returns the SevSnp component of a GoldenMeasurement for a given UEFI.
Types ¶
type LaunchOptions ¶
type LaunchOptions struct {
// Vcpus is the number of VCPUs measured at launch. For images that use SEV-SNP's AP boot
// protocol, this should be 1.
Vcpus int
Product sgpb.SevProduct_SevProductName
}
LaunchOptions represents the expected measurement-impacting configurable features of a VM launch.
func LaunchOptionsDefault ¶
func LaunchOptionsDefault() *LaunchOptions
LaunchOptionsDefault returns a default object of LaunchOptions (Vcpus == 1).
type PageInfo ¶
type PageInfo struct {
// contains filtered or unexported fields
}
PageInfo represents an extension to the running launch_digest of an SNP launch. This struct is documented AMD ABI in SNP firmware API revision 1.51 as PAGE_INFO:
type PageType ¶
type PageType uint8
PageType is an enum to safe-guard validity of Secure Nested Paging (SNP) page types. SNP ABI documentation for SNP_LAUNCH_UPDATE, Encodings for the PAGE_TYPE Field.
const ( // PageTypeNormal is the SEV-SNP ABI encoding of a normally measured page. PageTypeNormal PageType = iota + 1 // PageTypeVmsa is the SEV-SNP ABI encoding of an encrypted VMCB save area. PageTypeVmsa // PageTypeZero is the SEV-SNP ABI encoding of a zero page. PageTypeZero // PageTypeUnmeasured is the SEV-SNP ABI encoding of an unmeasured page PageTypeUnmeasured // PageTypeSecret is the SEV-SNP ABI encoding of the special Secrets page that the firmware will // populate at launch. PageTypeSecret // PageTypeCpuid is the SEV-SNP ABI encoding of a CPUID table page that the firmware will check // at launch. PageTypeCpuid )
type SnpEndorsementRequest ¶
type SnpEndorsementRequest struct {
// Svn is the image's security version number.
Svn uint32
// FamilyID is in some GUID format, e.g., xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
// If unset, defaults to GCE guest UEFI family GUID.
FamilyID string
// ImageID is in some GUID format. Should uniquely identify the bits of the image.
ImageID string
// LaunchVmsas is the number of VMSAs to consider when creating endorsed measurements. If unset,
// will generate all supported VMSAs at launch in GCE.
LaunchVmsas uint32
// Product is the AMD product that will generate attestations for this measurement.
Product sgpb.SevProduct_SevProductName
}
SnpEndorsementRequest encapsulates all AMD-specific information needed to endorse a UEFI binary for SEV-SNP.
type SnpMeasurement ¶
type SnpMeasurement struct {
Digest [48]byte
Product sgpb.SevProduct_SevProductName
}
SnpMeasurement represents the expected MEASUREMENT field of an SEV-SNP ATTESTATION_REPORT.
func (*SnpMeasurement) Update ¶
func (m *SnpMeasurement) Update(gpa uint64, data []byte, pageType PageType) error
Update extends an SnpMeasurement with several pages of data with a page type that measures the page contents.
func (*SnpMeasurement) Update4K ¶
func (m *SnpMeasurement) Update4K(gpa uint64, data []byte, pageType PageType) error
Update4K extends an SnpMeasurement with a 4K page of data with a page type that measures the page contents.
func (*SnpMeasurement) ZeroContentUpdate ¶
func (m *SnpMeasurement) ZeroContentUpdate(gpa uint64, size uint32, pageType PageType) error
ZeroContentUpdate extends an SnpMeasurement with several pages of data with a page type that requires the Contents component of its PAGE_INFO is all zeroes.
func (*SnpMeasurement) ZeroContentUpdate4K ¶
func (m *SnpMeasurement) ZeroContentUpdate4K(gpa uint64, pageType PageType) error
ZeroContentUpdate4K extends an SnpMeasurement with a 4K page of data with a page type that requires that the Contents component of its PAGE_INFO is all zeroes.
Source Files