The igvmmeasure tool was previously introduced to calculate and display the expected launch measurement for an IGVM file on a particular platform. The next progression is to embed that launch measurement into an SNP ID block so that an IGVM loader implementation on a hypervisor can provide this at guest startup to prevent launch if the IGVM file has been tampered with. This information also forms part of the attestation report and can be used to remotely verify the integrity of the initial guest state.
Generation of an ID block requires the launch measurement to be signed using a private key. Initial work on this PR involved reworking igvmmeasure into a separate library and executable so the ID block generation could be performed in igvmbuilder. However, this would require private keys to be available at build time. Therefore, igvmmeasure was left as a standalone executable and the signing functionality added to there.
An example workflow for securely signing an IGVM file consists of:
Building the IGVM file as normal using make.
Taking the IGVM output of the build and providing it to a secure signing server that has access to the required private keys.
Running igvmmeasure on the secure server to sign the IGVM file.
Returning the signed file to the build environment.
For testing or evaluating, the signing process can be performed using the two new scripts added by this PR. Basically by running this script to generate test keys and sign the QEMU IGVM binary:
scripts/test_sign_qemu_igvm.sh
A QEMU that supports ID blocks in the IGVM file is required to consume the signed IGVM file. This is currently in development and a link to the branch will be added to this PR when ready.
The
igvmmeasuretool was previously introduced to calculate and display the expected launch measurement for an IGVM file on a particular platform. The next progression is to embed that launch measurement into an SNP ID block so that an IGVM loader implementation on a hypervisor can provide this at guest startup to prevent launch if the IGVM file has been tampered with. This information also forms part of the attestation report and can be used to remotely verify the integrity of the initial guest state.Generation of an ID block requires the launch measurement to be signed using a private key. Initial work on this PR involved reworking
igvmmeasureinto a separate library and executable so the ID block generation could be performed inigvmbuilder. However, this would require private keys to be available at build time. Therefore,igvmmeasurewas left as a standalone executable and the signing functionality added to there.An example workflow for securely signing an IGVM file consists of:
make.igvmmeasureon the secure server to sign the IGVM file.For testing or evaluating, the signing process can be performed using the two new scripts added by this PR. Basically by running this script to generate test keys and sign the QEMU IGVM binary:
A QEMU that supports ID blocks in the IGVM file is required to consume the signed IGVM file. This is currently in development and a link to the branch will be added to this PR when ready.