feat: Introduce namespaced SEV custom data #8215
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frankdavid
force-pushed
the
frankdavid/namespaced-custom-data
branch
from
3841e77 to
5345070
Compare
andrewbattat
reviewed
Jan 7, 2026
Bownairo
approved these changes
Jan 8, 2026
rs/ic_os/remote_attestation/shared/proto/remote_attestation.proto
Outdated
Show resolved
Hide resolved
…ed-custom-data # Conflicts: # rs/ic_os/attestation/src/e2e_tests.rs # rs/ic_os/remote_attestation/server/src/main.rs
Bownairo
approved these changes
Jan 12, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds namespacing to the SEV custom data to prevent attestation reports from being reused across different contexts. Previously it was possible to generate an attestation report for one use case and then use it in another.
For example, during a GuestOS upgrade, the Guest VM running the new GuestOS version has to prove that it's running a blessed GuestOS version in order to get the disk encryption key, which it does by generating an attestation report with a specific custom data field in the attestation report. Without namespacing, the upgrade VM can use the remote attestation endpoint of the old Guest VM to generate an attestation report with this specific custom data (this is possible since an attestation report with arbitrary custom data can be requested). This way, the upgrade VM can run arbitrary software since it can take the attestation report from a valid Guest VM. Similar attacks can be constructed in other scenarios whenever an attestation report leaves the Guest VM.
Namespaced custom data ensures that use cases are separated. An attestation report generated for remote attestation cannot be used during upgrades since the namespaces are different.
Custom data now consists of:
Namespaces are arbitrary 4 bytes which for convenience we represent as
SevCustomDataNamespace.The remote attestation endpoint now only takes 32-byte inputs and prefixes the custom data in the attestion report with [1, 0, 0, 0].
Types that can be used as custom data via DER-encoding (currently only
GetDiskEncryptionKeyTokenCustomData) were previously encoded bySHA512(DER(object)). These are now encoded usingnamespace || [0; 28] || SHA256(DER(object))For backwards compatibility,
GetDiskEncryptionKeyTokenCustomDatawill still be encoded with the legacy encoding so that we can upgrade once. The attestation report verifier code accepts both encodings forGetDiskEncryptionKeyTokenCustomData. New types are encoded with the new encoding.There will be two more steps of this migration:
The PR also adds tests to the previously poorly tested remote attestation service.