mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/include/hw/i386/nitro_enclave.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

63 lines
1.8 KiB
C
Raw Normal View History

machine/nitro-enclave: New machine type for AWS Nitro Enclaves AWS nitro enclaves[1] is an Amazon EC2[2] feature that allows creating isolated execution environments, called enclaves, from Amazon EC2 instances which are used for processing highly sensitive data. Enclaves have no persistent storage and no external networking. The enclave VMs are based on the Firecracker microvm with a vhost-vsock device for communication with the parent EC2 instance that spawned it and a Nitro Secure Module (NSM) device for cryptographic attestation. The parent instance VM always has CID 3 while the enclave VM gets a dynamic CID. An EIF (Enclave Image Format)[3] file is used to boot an AWS nitro enclave virtual machine. This commit adds support for AWS nitro enclave emulation using a new machine type option '-M nitro-enclave'. This new machine type is based on the 'microvm' machine type, similar to how real nitro enclave VMs are based on Firecracker microvm. For nitro-enclave to boot from an EIF file, the kernel and ramdisk(s) are extracted into a temporary kernel and a temporary initrd file which are then hooked into the regular x86 boot mechanism along with the extracted cmdline. The EIF file path should be provided using the '-kernel' QEMU option. In QEMU, the vsock emulation for nitro enclave is added using vhost-user- vsock as opposed to vhost-vsock. vhost-vsock doesn't support sibling VM communication which is needed for nitro enclaves. So for the vsock communication to CID 3 to work, another process that does the vsock emulation in userspace must be run, for example, vhost-device-vsock[4] from rust-vmm, with necessary vsock communication support in another guest VM with CID 3. Using vhost-user-vsock also enables the possibility to implement some proxying support in the vhost-user-vsock daemon that will forward all the packets to the host machine instead of CID 3 so that users of nitro-enclave can run the necessary applications in their host machine instead of running another whole VM with CID 3. The following mandatory nitro-enclave machine option has been added related to the vhost-user-vsock device. - 'vsock': The chardev id from the '-chardev' option for the vhost-user-vsock device. AWS Nitro Enclaves have built-in Nitro Secure Module (NSM) device which has been added using the virtio-nsm device added in a previous commit. In Nitro Enclaves, all the PCRs start in a known zero state and the first 16 PCRs are locked from boot and reserved. The PCR0, PCR1, PCR2 and PCR8 contain the SHA384 hashes related to the EIF file used to boot the VM for validation. The following optional nitro-enclave machine options have been added related to the NSM device. - 'id': Enclave identifier, reflected in the module-id of the NSM device. If not provided, a default id will be set. - 'parent-role': Parent instance IAM role ARN, reflected in PCR3 of the NSM device. - 'parent-id': Parent instance identifier, reflected in PCR4 of the NSM device. [1] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html [2] https://aws.amazon.com/ec2/ [3] https://github.com/aws/aws-nitro-enclaves-image-format [4] https://github.com/rust-vmm/vhost-device/tree/main/vhost-device-vsock Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com> Reviewed-by: Alexander Graf <graf@amazon.com> Link: https://lore.kernel.org/r/20241008211727.49088-6-dorjoychy111@gmail.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-10-09 03:17:26 +06:00
/*
* AWS nitro-enclave machine
*
* Copyright (c) 2024 Dorjoy Chowdhury <dorjoychy111@gmail.com>
*
* This work is licensed under the terms of the GNU GPL, version 2 or
* (at your option) any later version. See the COPYING file in the
* top-level directory.
*/
#ifndef HW_I386_NITRO_ENCLAVE_H
#define HW_I386_NITRO_ENCLAVE_H
#include "crypto/hash.h"
#include "hw/i386/microvm.h"
#include "qom/object.h"
#include "hw/virtio/virtio-nsm.h"
/* Machine type options */
#define NITRO_ENCLAVE_VSOCK_CHARDEV_ID "vsock"
#define NITRO_ENCLAVE_ID "id"
#define NITRO_ENCLAVE_PARENT_ROLE "parent-role"
#define NITRO_ENCLAVE_PARENT_ID "parent-id"
struct NitroEnclaveMachineClass {
MicrovmMachineClass parent;
void (*parent_init)(MachineState *state);
void (*parent_reset)(MachineState *machine, ResetType type);
};
struct NitroEnclaveMachineState {
MicrovmMachineState parent;
/* Machine type options */
char *vsock;
/* Enclave identifier */
char *id;
/* Parent instance IAM role ARN */
char *parent_role;
/* Parent instance identifier */
char *parent_id;
/* Machine state */
VirtIONSM *vnsm;
/* kernel + ramdisks + cmdline sha384 hash */
uint8_t image_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* kernel + boot ramdisk + cmdline sha384 hash */
uint8_t bootstrap_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* application ramdisk(s) hash */
uint8_t app_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
/* certificate fingerprint hash */
uint8_t fingerprint_sha384[QCRYPTO_HASH_DIGEST_LEN_SHA384];
bool signature_found;
};
#define TYPE_NITRO_ENCLAVE_MACHINE MACHINE_TYPE_NAME("nitro-enclave")
OBJECT_DECLARE_TYPE(NitroEnclaveMachineState, NitroEnclaveMachineClass,
NITRO_ENCLAVE_MACHINE)
#endif
Reference in New Issue Copy Permalink