AMDESE / AMDSEV

AMD Secure Encrypted Virtualization
304 stars 88 forks source link

SEV-SNP: Unclear security benefits of default OVMF package #230

Open Doctor-love opened 3 months ago

Doctor-love commented 3 months ago

This is more of question/discussion than an issue - feel free to close it if there is a better forum for discussions.

When utilizing the build.sh script to compile OVMF, the "OvmfPk/OvmfPkgX64.dsc" package is used. This firmware can be used to boot a VM in which tools like "snpguest" can be run to produce attestation reports.

My understanding is that only the virtual firmware (OVMF, in this case) is measured/attested and not kernel/initrd/kernel command line/etc. With something like the "OvmfPkg/AmdSev/AmdSevX64.dsc" package or an OMVF that enforces secure boot with a hard coded trust store, this measurement/validation could delegated to the firmware.

This leads me to my question: in what way does the OVMF.fd produced by the build script contribute to the confidentiality of a guest? In other words, what is the value of measuring firmware if we can't validate the integrity of the operating system?

Perhaps I've misunderstood something - feel free to enlighten me!

Doctor-love commented 3 months ago

...and if it does not provide any guarantees of OS integrity, perhaps another firmware flavor should be the default for this demo/PoC repository?

Doctor-love commented 3 months ago

Ping @dubek