ultravioletrs / cocos

Cocos AI - Confidential Computing System for AI
https://ultraviolet.rs/cocos.html
Apache License 2.0
25 stars 9 forks source link

Feature: Fetch OVMF and kernel command line arguments #194

Closed danko-miladinovic closed 1 month ago

danko-miladinovic commented 3 months ago

Is your feature request related to a problem? Please describe.

This feature will enable the client (the member of the consortium) to fetch the missing information to calculate the measurement. The OVMF version, the kernel command line arguments, and the number of vcpus and vcpu-type.

Describe the feature you are requesting, as well as the possible use case(s) for it.

The idea is to enable the users to calculate the expected measurement that is needed during the aTLS verification and validation process.

Indicate the importance of this feature to you.

Must-have

Anything else?

No response

dborovcanin commented 2 months ago

This potentially opens an attack vector because now we need to trust the manager-backend communication. We need to discuss this one @drasko @danko-miladinovic.

drasko commented 2 months ago

@dborovcanin this is OK, because these measurements are signed with AMD firmware and SEV-SNP keys in the HW.

I would like to have more detailed explication how this approach maps to IETF RATS spec.

dborovcanin commented 1 month ago

This is resolved in #245 by adding a measurement directly to the backend.