Open CookieComputing opened 4 months ago
The hypervisor wouldn't be able to wipe them from the GCTX, since that is owned/controlled by firmware.
Only the guest itself would be able to scrub VMPCKs by removing them from the SECRET_PAGE that is created and provided to the guest at LAUNCH.
Hi folks,
I was taking a look at the 2023 LPC CC microconference talks, and I ran into an interesting but brief discussion about preventing guests from generating further attestation reports. It was mentioned that one way we could prevent a guest from generating an attestation report again is to scrub the VMPCK keys from the guest, such that there is no way to communicate with the PSP. I looked into the ABI to see if there was an explicit ioctl command exists to trigger this, but it seems like the VMPCKs reside in
GCTX
. Is this as simple as wiping those keys from theGCTX
? How would I go about doing that?Is it related to
SNP_DECOMMISSION
? Using this command would certainly delete the guest context (and the VMPCKs), but would decommission the guest, which isn't exactly what I think the intent of this conversation was.This aside, I'm curious about what were the implicit consequences of scrubbing the VMPCKs? Obviously I can imagine we can no longer interact with the PSP (as stated in the video), but I'm not familiar with additional complications that may extend beyond that. Are there any other suggested/recommendation approaches for this idea?