Re: [PATCH v3 09/14] virt: sev-guest: Choose the VMPCK key based on executing VMPL

From: Tom Lendacky
Date: Tue Apr 16 2024 - 11:17:55 EST


On 4/15/24 23:54, Dan Williams wrote:
Hey, Tom, came looking to review the tsm_report changes and noticed
this...

Tom Lendacky wrote:
Currently, the sev-guest driver uses the vmpck-0 key by default. When an
SVSM is present the kernel is running at a VMPL other than 0 and the
vmpck-0 key is no longer available. So choose the vmpck key based on the
active VMPL level.

The module parameter is not mentioned in the changelog. Is it not
sufficient to always use snp_get_vmpl(), and if not should there be some
documentation about when to specify vmpck_id?

It is possible to encounter an issue that causes the vmpck key to be cleared. In that situation, the guest is allowed to use a vmpck key associated with a lower VMPL. For that reason, the module parameter was added to the driver when it was initially created.

I can update the changelog to mention this.

Note that as long as the vmpck key exists, a guest running at VMPL2 could request a VMPL0 report using the vmpck0 key, that is why it is important that the SVSM clear to zero any vmpck key that represents a higher privilege. For example, if the SVSM (running at VMPL0) launches the guest at VMPL2, it should zero out the vmpck0 and vmpck1 keys in the SNP Secrets Page supplied to the guest.


Do users know that "vmpl" and "vmpck_id" are interchangeable?

Yes, they should be aware of the relation of VMPL to VMPCK from the SNP specification.

Thanks,
Tom