[Rats] [CoRIM] Initial virtual firmware reference value format to debut on Google Compute Engine
Dionna Amalie Glaze <dionnaglaze@google.com> Tue, 16 April 2024 17:36 UTC
Return-Path: <dionnaglaze@google.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDE33C14F74A for <rats@ietfa.amsl.com>; Tue, 16 Apr 2024 10:36:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxn9667zWJ2W for <rats@ietfa.amsl.com>; Tue, 16 Apr 2024 10:36:49 -0700 (PDT)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D97E1C14F71F for <rats@ietf.org>; Tue, 16 Apr 2024 10:36:49 -0700 (PDT)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-56e2e851794so1280a12.0 for <rats@ietf.org>; Tue, 16 Apr 2024 10:36:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713289008; x=1713893808; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=DqO4ymqmqQdAbO1+zqv9WO8I+VEf0BQTiR3AFWwy5Dg=; b=U4DhXWHavYculhgazZVNeH3alxEUTFY4ZwYbhdySiBKnlQsnFRf3RzARDm6FRsig2o /7IhNGT3N+DIcjkoaFU3hcQFYD9Af2K7l67ItyR+Nt5zYIzXVt7N6Bs09K8O/em3CWkb Q4bXSW67TzBdVOVM8pmtlQVMrm/UVYHolLNw42T2xVZFESXy9ckqnNzN8jc+qqjDd7E0 BNYlsjZpgOhZOfP4u8ogeOutfZq2emL+q0X7RYXKPqm/WKDXV+tdQfyvyI+NsffmSEMS Sf/9avx8K6aoWoHl9H+x+hsE02QjF6vRt6v0Gs0LXUHprdBIFhkEcx8bhda/Mo+JAjlj lt6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713289008; x=1713893808; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=DqO4ymqmqQdAbO1+zqv9WO8I+VEf0BQTiR3AFWwy5Dg=; b=myu+Pp/4RB9FDN/g2CfGnstQ+puPSYqpHhMC0HjGa/SQ4KTYWJ8EBkxcuKjQcyhj4M FUPh6dlALm8lDYvqkRFowOw19VI+DsfQuOtk42PVQxGKWlGyyOu4jpxPzPf/s/c4uzH9 NZHm2sNaMmv7wJFsDx8UWaY+E0QQWmKFX+kSzPixUx49A5d8v3QzwbKYkU30lyOZoZRL PaFj+i50r2PdYLJTaabEcOWtOOs6Nb14sad8uum3DuBvIIHQHqCddVSGP1e4f85uY4dl zAHITvdFLR7ha4E0YTuX/lT02+ICxHt34ODthnFVhdnoCqxaGtVI9y45m9mKt8jGxlcX BTWQ==
X-Gm-Message-State: AOJu0YxfS4669zNdrGNnTUk5acUzIe6gZtKE718GD2SnteY0LkOEgB94 Xg0ZN2us1422YYWCyGHA+Bxp0SxALYxXlspESM4hbCJ+pwUP+WZm4WriKsIRkrtPXY2CqeaqB6y XjdMInm0QIvuKsuPGbOCg5/Buw+p1R1usr+LrSAoptnJR+D6jGNNb
X-Google-Smtp-Source: AGHT+IEp2dEjiij5EsH3XqE9oRA5S4QHpPYF7l5xLxewOiyaX3AqnloL1XdXGk7UbcGGQximL1yYHw/kiolp8SEV3ks=
X-Received: by 2002:a05:6402:2898:b0:570:4ae7:dee6 with SMTP id eg24-20020a056402289800b005704ae7dee6mr4736edb.6.1713289007368; Tue, 16 Apr 2024 10:36:47 -0700 (PDT)
MIME-Version: 1.0
From: Dionna Amalie Glaze <dionnaglaze@google.com>
Date: Tue, 16 Apr 2024 10:36:34 -0700
Message-ID: <CAAH4kHY5OyzK0VW44zuGmLDQiFi6va1CU2V6L=sVnxhcuEzvYQ@mail.gmail.com>
To: rats <rats@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bUkZaNZy6FYs7MejYWvVHevv91E>
Subject: [Rats] [CoRIM] Initial virtual firmware reference value format to debut on Google Compute Engine
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2024 17:36:50 -0000
Hi y'all, I've talked a fair amount in our weekly meetings about my work providing signed reference values for SEV-SNP, and I've luckily had the opportunity to push a big chunk of the technology of our releasing tools to a public repository. https://github.com/google/gce-tcb-verifier/blob/main/proto/endorsement.proto The CA and signing commands are in https://github.com/google/gce-tcb-verifier/blob/main/testing/nonprod/gcetcb and please note the nonprod status. I haven't prioritized making a Cloud KMS backend that connects outside the Google production environment since this is reference code and not intended for others to use for their own reference value signing pipeline. We would much prefer supply chain providers (including ourselves) to target a standard format. The endorsement inspection and verification commands are in https://github.com/google/gce-tcb-verifier/tree/main/gcetcbendorsement This format was decided back in 2022 after an internal decision to not chase CoRIM as a moving target. It's not yet available to confidential VMs, and the GCS bucket referenced in https://github.com/google/gce-tcb-verifier/blob/main/extract/extract.go is not yet publicly viewable. This is an "experimental" release, as we don't really want folks to develop a strong attachment to this format. I've learned a lot more about signing envelopes and PKI since the start. The whole signing key certificate is a part of the signed content rather than the key identity. So, grain of salt, but here's v0. There's ongoing work for endorsement extraction to come from UEFI variables pointed to by tcgSP800155Event3 events in the CCEL/CEL too. Happy to take bug reports and discuss in the issues tab. -- -Dionna Glaze, PhD, CISSP (she/her)
- [Rats] [CoRIM] Initial virtual firmware reference… Dionna Amalie Glaze