COCONUT Secure VM Service Module

Related tags

Command-line svsm
Overview

COCONUT Secure VM Service Module

This is the source code repository for the COCONUT Secure VM Service Module (SVSM), a software which aims to provide secure services and device emulations to guest operating systems in confidential virtual machines (CVMs). It requires AMD Secure Encrypted Virtualization with Secure Nested Paging (AMD SEV-SNP), especially the VM Privilege Level (VMPL) feature.

The COCONUT-SVSM is dual-licensed under the MIT and Apache-2.0 licenses. The licenses are included in the LICENSE.MIT and LICENSE-APACHE-2.0.txt files.

The project builds on support code written for the linux-svsm, a software written and published by AMD. This includes the necessary hypervisor changes for KVM host, guest, and for the EDK2 firmware.

Some of the key parts already implemented are:

  • SVSM core protocol support
  • Boots SMP Linux guests
  • Buddy and slab-based memory allocator
  • PerCPU page-tables with dedicated address space areas for shared and PerCPU mappings
  • Backtraces
  • Exception fixups
  • Multi-stage launch process so it can run from any guest physical address

In the future the COCONUT-SVSM will gain support to run modules at ring 3. These modules can extend the SVSM base functionality and implement advanced features like TPM emulation and live migration.

Installation

Detailed installation instructions are in the INSTALL.md file. It walks through the process of building all the necessary parts to get a virtual machine powered by the COCONUT-SVSM up and running.

Reporting Bugs

Any issues, bugs or feature requests for the SVSM project can be reported via https://github.com/coconut-svsm/svsm/issues.

Contributing

Contributing to the project is as easy as sending a pull-request via GitHub. For detailed instructions on patch formatting and contribution guidelines please have a look at CONTRIBUTING.md.

TODO List

The project is far from being ready. Here is an list of next steps that are planned for the COCONUT-SVSM. The items are not sorted in any way:

  • Improve documentation
  • Support for modules running in ring 3
    • vTPM emulation
  • Attestation support
  • Persistency layer (needed for TPM and others)
  • Carry FW as payload of SVSM to make the SVSM binary a drop-in replacement for the FW when launching QEMU
  • Live migration

Acknowledgments

The COCONUT-SVSM project would not have been possible without the close relationship to AMD. AMD provided the Linux kernel and OVMF modifications to complete the SVSM host and guest stack. Many thanks for the work and our continuous cooperation!

Comments
  • stage2 trusts VMM provided addresses

    stage2 trusts VMM provided addresses

    Why can stage2 trust the VMM's addresses provided here?

    https://github.com/coconut-svsm/svsm/blob/b8042679f07d24dc0a6df53cf73b278eb545a8fd/src/fw_cfg.rs#L123-L132

    AFAICT the data read here is not attested or verified and the VMM can respond with anything it wants.

    opened by Freax13 13
  • Stage2: Extract C-bit position from CPUID page

    Stage2: Extract C-bit position from CPUID page

    Previously the C-bit position was requested from the hypervisor by executing a SEV Information request via the GHCB MSR protocol. This allows a malicous host to feed us an incorrect value. Instead the C-bit position should be extracted from the CPUID page.

    opened by Freax13 6
  • Improve error typing

    Improve error typing

    Add a new generic error type, SvsmError. This type can be expanded over time with additional carried information or new variants to represent different error conditions.

    In general, internally each subsystem may have its own internal error type (e.g. GhcbError), but must return in its public interface(s) an SvsmError, which may contain this internal (but not private) error type with additional details (e.g. SvsmError::Ghcb).

    For guest requests, we define a way to translate these general errors to error codes (SvsmError -> SvsmReqError) via the From trait.

    Unfortunately, due to the pervasiveness of error handling and strong typing, this requires a lot of small cascading changes, so making commits self-contained was not an easy task :)

    opened by 00xc 3
  • Allow guest VMPL compile-time configuration

    Allow guest VMPL compile-time configuration

    Remove all hardcoded instances of VMPL=1 for the guest, and replace them with a new constant, GUEST_VMPL. Introduce as well a new value in RMPFlags so that users of the structure can easily refer to the guest VMPL.

    The best home for the new constant seems to be src/types.rs, but this could be changed.

    I have verified that a guest can be booted in VMPL 2 by simply changing the value of the constant.

    Fixes #11.

    opened by 00xc 2
  • Add error handling for GHCB operations

    Add error handling for GHCB operations

    Add error types for GHCB and MSR protocol operations.

    These errors are mostly only to be handled from two sites, namely the firmware setup in svsm_main() and the PerCpu handlers. At the first one, we just panic as before, printing a more verbose message. At the second group, we ignore the error types for now to simplify the patches, but handling will be added in a separate PR.

    opened by 00xc 1
  • mysterious load-bearing no-op

    mysterious load-bearing no-op

    Commenting out this line causes a crash. https://github.com/coconut-svsm/svsm/blob/b8042679f07d24dc0a6df53cf73b278eb545a8fd/src/mm/pagetable.rs#L54

    This shouldn't happen because ENCRYPT_MASK is already set to new_encrypt_mask (this is checked in the lines above), so this is essentially a no-op. Yet for some reason removing this line causes a crash. This hints at some kind of UB/memory corruption happening.

    Replacing the line for the following code causes the VM to hang even though it should be equivalent:

    assert_eq!(new_encrypt_mask, old_encrypt_mask);
    unsafe { ENCRYPT_MASK.reinit(&old_encrypt_mask) }; 
    
    opened by Freax13 1
  • svsm/types: check at compile time that guest VMPL is valid

    svsm/types: check at compile time that guest VMPL is valid

    If an invalid guest VMPL is specified, the user will get the following error at compile time:

    $ make
    cargo build  --bin stage2
       Compiling svsm v0.1.0 (/home/user/svsm)
    error[E0080]: evaluation of constant value failed
      --> src/types.rs:27:15
       |
    27 | const _: () = assert!(GUEST_VMPL > 0 && GUEST_VMPL < VMPL_MAX);
       |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the evaluated program panicked at 'assertion failed: GUEST_VMPL > 0 && GUEST_VMPL < VMPL_MAX', src/types.rs:27:15
       |
       = note: this error originates in the macro `assert` (in Nightly builds, run with -Z macro-backtrace for more info)
    
    For more information about this error, try `rustc --explain E0080`.
    error: could not compile `svsm` due to previous error
    make: *** [Makefile:30: stage1/stage2.bin] Error 101
    
    opened by 00xc 0
  • SVSM: Use fixed layout for `KernelLaunchInfo`

    SVSM: Use fixed layout for `KernelLaunchInfo`

    Previously the default representation was used which doesn't guarantee a stable layout. This is problematic because KernelLaunchInfo is passed from the loader to the kernel and any differences in layout would cause a crash. Using the C representation guarantees a stable layout.

    Previously a crash could be provoked by setting randomize-layout:

    RUSTFLAGS="-Z randomize-layout -Z layout-seed=2" cargo build --bin stage2
    RUSTFLAGS="-Z randomize-layout -Z layout-seed=3" cargo build --bin svsm
    
    opened by Freax13 0
  • Make guest VMPL compile-time configurable

    Make guest VMPL compile-time configurable

    Currently the guest VMPL is hard-coded to VMPL-1 throughout the code.

    Introduce a single global constant which defines the guest VMPL level and use it everywhere in the code. Try to run a guest at VMPL-2 and VMPL-3.

    Note that the VMPLCK keys in the secret page need to be cleared for all lower-level VMPLs before the page is passed to the guest.

    enhancement good first issue help wanted 
    opened by joergroedel 0
  • mm/alloc: fix optimized out inline assembly

    mm/alloc: fix optimized out inline assembly

    Fix a subtle bug in allocate_zeroed_page() where inline assembly setting a memory region to zero would get optimized out due to the target address being set as an "in" parameter instead of "inout". This would cause the compiler to assume that the contents of the pointer were not changed, resulting in a crash during boot in release builds release builds. This is similar to the bug fixed in 35b8a31aa2b96e86 ("SVSM/mm/guestmem: Fix GuestPtr::read() operations").

    Fix this by using zero_mem_region(), which casts the address to a raw pointer before zeroing out the region, ensuring the operation does not get opimized away.

    opened by 00xc 0
  • Implement a lib crate to write COCONUT modules

    Implement a lib crate to write COCONUT modules

    Implement a lib-crate which can be used to write COCONUT modules in Rust. The crate should contain the runtime for Rust code running in COCONUT on CPL-3: A list of required parts:

    • [ ] Application entry point and startup code up to calling main() function
    • [ ] Force no-std
    • [ ] Linker script
    • [ ] SYSCALL wrappers
    • [ ] Memory allocator registering itself as the global allocator
    • [ ] Re-export parts from the Rust core library
    enhancement 
    opened by joergroedel 0
  • Implement support for running modules at CPL-3

    Implement support for running modules at CPL-3

    Implement the needed infrastructure to run additional modules in Ring-3 and have it separated from the core COCONUT kernel.

    The modules should be in ELF format and provided to the COCONUT kernel via an archive file contained in the final SVSM binary. The kernel will unpack the files and populate a RAM filesystem, from which the kernel launches CPL-3 modules.

    This requires (possibly incomplete list):

    • [ ] Archive file in SVSM binary
    • [ ] RAM file system support
    • [ ] Page allocator enhancements for reference counting pages
    • [ ] ELF loader (WIP, see #4)
    • [ ] Task concept
    • [ ] Task switching
    • [ ] Task memory management
    • [ ] Page fault handling
    • [ ] SYSCALL entry/exit
    • [ ] SYSCALL interface
    • [ ] VC handling (see #14 )
    • [ ] Protocol request multiplexer
    enhancement 
    opened by joergroedel 0
  • Convert to use stable Rust

    Convert to use stable Rust

    The project currently requires rust-nightly to be compiled. This makes it impossible to build the project in an automated build environment like the ones used to compile Linux distributions.

    Make the necessary modifications step by step to build the project using Rust stable.

    enhancement help wanted 
    opened by joergroedel 2
  • Implement VC handling in stage2 and COCONUT kernel

    Implement VC handling in stage2 and COCONUT kernel

    Move away from directly making GHCB calls and implement a proper #VC exception handler to handle NAE events.

    This is required for CPL-3 support, as some instructions that cause NAEs are allowed in unprivileged code (e.g. CPUID). But the console printing support also benefits from this, as its driver infrastructure can be removed so that it uses IN/OUT instructions directly.

    Further, by handling #VC exceptions in stage2 already we can get console support very early in the COCONUT kernel, which makes debugging of the early boot stages much easier.

    There is no reason yet to handle MMIO related NAE events, but IOIO is needed, best including INS/OUTS instructions (but these are not needed in the first step).

    enhancement help wanted 
    opened by joergroedel 0
  • Implement a log buffer to keep log in memory

    Implement a log buffer to keep log in memory

    The SVSM prints all log messages directly to the serial console. In a production environment this could be a security problem as it reveals information about the guest.

    Implement a log buffer which stores all log messages in memory. A single 4KiB page is sufficient for now. The log buffer should be set up in stage-2 and passed to the COCONUT kernel when it launches. The COCONUT kernel then migrates the log buffer into its own memory. This way the log-buffer will also contain the stage-2 messages.

    For debug builds additionally print the message to the console. For release builds do not print anything to the console by default. Add a flag to set in the code to re-enable console printing also for release builds to make debugging issues easier.

    Also start designing a request protocol to allow the guest to read the SVSM log buffer and implement a Linux kernel driver and user-space (in rust) to access the SVSM log from the guest.

    enhancement help wanted 
    opened by joergroedel 0
  • Load the SVSM kernel from an ELF file

    Load the SVSM kernel from an ELF file

    • Implement a minimal ELF file reader
    • Make the Stage2 to read the SVSM kernel from an ELF (instead of raw binary) and load it according to the layout described therein.
    • Let the SVSM kernel determine its own memory layout to transfer over to the runtime page tables from the ELF metadata as well.
    • Implement address space randomization in Stage2.

    Future plans include

    • to load the symbol table from the ELF as well and to e.g. pretty-print stacktraces and
    • to use the unwinding records from the ELF for unwinding, alleviating the need for the current framepointer based approach.
    opened by nicstange 1
Owner
null
An experimental, work-in-progress PAM module for Tailscale

Experimental Tailscale PAM Module This is a very very experimental Tailscale PAM module that allows you to SSH using your Tailscale credentials. This

Tailscale 129 Nov 20, 2022
Basic template for an out-of-tree Linux kernel module written in Rust.

Rust out-of-tree module This is a basic template for an out-of-tree Linux kernel module written in Rust. Please note that: The Rust support is experim

Rust for Linux 118 Dec 26, 2022
A Rust-based Garry's Mod module for fetching environment variables.

gm_environ Using Environment Variables in Garry's Mod. Installation Download a copy of the module from the releases (or compile from source) Move the

Joshua Piper 2 Jan 4, 2022
This PAM module provides ssh-agent based authentication

PAM-RSSH This PAM module provides ssh-agent based authentication. The primary design goal is to avoid typing password when you sudo on remote servers.

Yuxiang Zhang 21 Dec 14, 2022
Resolve JavaScript/TypeScript module with Rust

ES Resolve JavaScript/TypeScript module resolution in Rust Installation cargo add es_resolve Get Started use std::path::{Path, PathBuf}; use es_resolv

wang chenyu 2 Oct 12, 2022
Custom module for showing the weather in Waybar, using the great wttr.io

wttrbar a simple but detailed weather indicator for Waybar using wttr.in. Installation Compile yourself using cargo build --release, or download the p

Yo'av Moshe 10 Apr 23, 2023
Threadless Module Stomping In Rust with some features

NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve its functionalities. This project is not intended to be a complete or polished product but rather a journey into the technical aspects of malware, showcasing various techniques and features.

null 139 Oct 23, 2023
A Rust implementation of Haxe Module Manager (hmm)

hmm-rs A Rust implementation of Haxe Module Manager (hmm) Installation hmm-rs can be installed as a binary from crates.io: https://crates.io/crates/hm

Cameron Taylor 8 May 6, 2024
A PAM module that runs multiple other PAM modules in parallel, succeeding as long as one of them succeeds.

PAM Any A PAM module that runs multiple other PAM modules in parallel, succeeding as long as one of them succeeds. Development I created a VM to test

Rajas Paranjpe 8 Apr 23, 2024
Binary Field Encodings (BFE) for Secure Scuttlebutt (SSB)

ssb-bfe-rs Binary Field Encodings (BFE) for Secure Scuttlebutt (SSB). Based on the JavaScript reference implementation: ssb-bfe (written according to

null 10 May 13, 2022
Build light & secure cross-platform applications with a web-based UI

Millennium Icon by XFaon. *Stats are from Tauri and may not be fully accurate. Millennium is a cross-platform webview framework written in Rust. With

pyke 20 Dec 29, 2022
A user-friendly TUI for secure file transfers, with arrow-key and VIM-style navigation

gsftp SFTP with an interactive text-based user interface (TUI). Transfer files through an encrypted connection with a visual interface, so you can see

Ben Jiron 3 Jul 7, 2022
Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]

Lanzaboote: Secure Boot for NixOS This repository contains tooling for UEFI Secure Boot on NixOS. The goal is to make Secure Boot available from nixpk

Nix community projects 79 Jan 6, 2023
(Pre-Release Software) Secure, Encrypted, P2P chat written atop Warp, IPFS, LibP2P, Dioxus and many more awesome projects and protocols.

Uplink Privacy First, Modular, P2P messaging client built atop Warp. Uplink is written in pure Rust with a UI in Dioxus (which is also written in Rust

Satellite 13 Jan 25, 2023
Cuprate, an upcoming experimental, modern & secure monero node. Written in Rust

Cuprate an upcoming experimental, modern & secure monero node. Written in Rust (there is nothing working at the moment, stay tuned if you want to see

Someone Else 16 Feb 20, 2023
A Modern And Secure CLI Tool For Managing Environment Variables

Envio is a command-line tool that simplifies the management of environment variables across multiple profiles. It allows users to easily switch between different configurations and apply them to their current environment

Humble Penguin 536 Apr 16, 2023
Simple Secure Static (HTTPS) File Server with embedded certificate

Secure Static File Server Static Files HTTPs server with self signed embedded certificate Installation Install using cargo: cargo install ssfs Or buil

0xor0ne 21 Apr 20, 2023
A secure CLI password generator written in rust.

Rust CLI Password Generator Overview This Project is a secure CLI password generator written in rust. This generates a secure password with three diff

pouyan shalbafan 12 Nov 9, 2023
policy-driven signing service

SigningService (maybe we'll have a more clever name one day!) What is this? This repo has a little "serverless" (runs on lambda and some other service

null 4 Jul 15, 2022