Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
From: Sean Christopherson
Date: Fri Nov 10 2023 - 17:49:39 EST
On Fri, Nov 10, 2023, Michael Roth wrote:
> On Wed, Oct 18, 2023 at 06:48:59AM -0700, Sean Christopherson wrote:
> > On Wed, Oct 18, 2023, Alexey Kardashevskiy wrote:
> > Anyways, back to punting to userspace. Here's a rough sketch. The only new uAPI
> > is the definition of KVM_HC_SNP_GET_CERTS and its arguments.
>
> This sketch seems like a good, flexible way to handle per-VM certs, but
> it does complicate things from a userspace perspective. As a basic
> requirement, all userspaces will need to provide a way to specify the
> initial blob (either a very verbose base64-encoded userspace cmdline param,
> or a filepatch that needs additional management to store and handle
> permissions/etc.), and also a means to update it (e.g. a HMP/QMP command
> for QEMU, some libvirt wrappers, etc.).
>
> That's all well and good if you want to make use of per-VM certs, but we
> don't necessarily expect that most deployments will necessarily want to deal
> with per-VM certs, and would be happy with a system-wide one where they could
> simply issue the /dev/sev ioctl to inject one automatically for all guests.
>
> So we're sort of complicating the more common case to support a more niche
> one (as far as userspace is concerned anyway; as far as kernel goes, your
> approach is certainly simplest :)).
>
> Instead, maybe a compromise is warranted so the requirements on userspace
> side are less complicated for a more basic deployment:
>
> 1) If /dev/sev is used to set a global certificate, then that will be
> used unconditionally by KVM, protected by simple dumb mutex during
> usage/update.
> 2) If /dev/sev is not used to set the global certificate is the value
> is NULL, we assume userspace wants full responsibility for managing
> certificates and exit to userspace to request the certs in the manner
> you suggested.
>
> Sean, Dionna, would this cover your concerns and address the certificate
> update use-case?
Honestly, no. I see zero reason for the kernel to be involved. IIUC, there's no
privileged operations that require kernel intervention, which means that shoving
a global cert into /dev/sev is using the CCP driver as middleman. Just use a
userspace daemon. I have a very hard time believing that passing around large-ish
blobs of data in userspace isn't already a solved problem.