openhcl: pass encryption policy and hcl feature flags (#1844)

Allow the host to specify OpenHCL features and encryption policy for the
VMGS.

Author: tjones60

openhcl/underhill_attestation/Cargo.toml

@@ -15,6 +15,7 @@ openssl-vendored = ["openssl/vendored"]
 guest_emulation_transport.workspace = true
 openhcl_attestation_protocol.workspace = true
 vmgs = { workspace = true, features = ["encryption_ossl"] }
+get_protocol.workspace = true
 guid.workspace = true
 mesh.workspace = true
 openssl_kdf.workspace = true
@@ -37,7 +38,6 @@ zerocopy.workspace = true
 [target.'cfg(target_os = "linux")'.dev-dependencies]
 disklayer_ram.workspace = true
 disk_backend.workspace = true
-get_protocol.workspace = true
 vmgs_format.workspace = true
 
 [lints]

openhcl/underhill_attestation/src/lib.rs

@@ -23,6 +23,7 @@ pub use igvm_attest::ak_cert::parse_response as parse_ak_cert_response;
 use ::vmgs::EncryptionAlgorithm;
 use ::vmgs::Vmgs;
 use cvm_tracing::CVM_ALLOWED;
+use get_protocol::dps_json::GuestStateEncryptionPolicy;
 use guest_emulation_transport::GuestEmulationTransportClient;
 use guest_emulation_transport::api::GspExtendedStatusFlags;
 use guest_emulation_transport::api::GuestStateProtection;
@@ -100,6 +101,8 @@ enum GetDerivedKeysError {
     GetIngressKeyFromKGspByIdFailed,
     #[error("Encryption cannot be disabled if VMGS was previously encrypted")]
     DisableVmgsEncryptionFailed,
+    #[error("VMGS encryption is required, but no encryption sources were found")]
+    EncryptionRequiredButNotFound,
     #[error("failed to seal the egress key using hardware derived keys")]
     SealEgressKeyUsingHardwareDerivedKeys(#[source] hardware_key_sealing::HardwareKeySealingError),
     #[error("failed to write to `FileId::HW_KEY_PROTECTOR` in vmgs")]
@@ -237,6 +240,8 @@ pub async fn initialize_platform_security(
     attestation_type: AttestationType,
     suppress_attestation: bool,
     driver: LocalDriver,
+    guest_state_encryption_policy: GuestStateEncryptionPolicy,
+    strict_encryption_policy: bool,
 ) -> Result<PlatformAttestationData, Error> {
     tracing::info!(CVM_ALLOWED,
         attestation_type=?attestation_type,
@@ -357,6 +362,8 @@ pub async fn initialize_platform_security(
         ingress_rsa_kek.as_ref(),
         wrapped_des_key.as_deref(),
         tcb_version,
+        guest_state_encryption_policy,
+        strict_encryption_policy,
     )
     .await
     .map_err(AttestationErrorInner::GetDerivedKeys)?;
@@ -562,7 +569,24 @@ async fn get_derived_keys(
     ingress_rsa_kek: Option<&Rsa<Private>>,
     wrapped_des_key: Option<&[u8]>,
     tcb_version: Option<u64>,
+    guest_state_encryption_policy: GuestStateEncryptionPolicy,
+    strict_encryption_policy: bool,
 ) -> Result<DerivedKeyResult, GetDerivedKeysError> {
+    tracing::info!(
+        CVM_ALLOWED,
+        ?guest_state_encryption_policy,
+        strict_encryption_policy,
+        "encryption policy"
+    );
+
+    // TODO: implement hardware sealing only
+    if matches!(
+        guest_state_encryption_policy,
+        GuestStateEncryptionPolicy::HardwareSealing
+    ) {
+        todo!("hardware sealing")
+    }
+
     let mut key_protector_settings = KeyProtectorSettings {
         should_write_kp: true,
         use_gsp_by_id: false,
@@ -626,13 +650,20 @@ async fn get_derived_keys(
         };
 
     // Handle various sources of Guest State Protection
-    let mut requires_gsp_by_id =
-        key_protector_by_id.found_id && key_protector_by_id.inner.ported != 1;
+    let is_gsp_by_id = key_protector_by_id.found_id && key_protector_by_id.inner.ported != 1;
+    let is_gsp = key_protector.gsp[ingress_idx].gsp_length != 0;
+    tracing::info!(
+        CVM_ALLOWED,
+        is_encrypted,
+        is_gsp_by_id,
+        is_gsp,
+        found_dek,
+        "initial vmgs encryption state"
+    );
+    let mut requires_gsp_by_id = is_gsp_by_id;
 
     // Attempt GSP
     let (gsp_response, no_gsp, requires_gsp) = {
-        let found_kp = key_protector.gsp[ingress_idx].gsp_length != 0;
-
         let response = get_gsp_data(get, key_protector).await;
 
         tracing::info!(
@@ -644,10 +675,19 @@ async fn get_derived_keys(
             "GSP response"
         );
 
-        let no_gsp =
-            response.extended_status_flags.no_rpc_server() || response.encrypted_gsp.length == 0;
-
-        let requires_gsp = found_kp || response.extended_status_flags.requires_rpc_server();
+        let no_gsp = response.extended_status_flags.no_rpc_server()
+            || response.encrypted_gsp.length == 0
+            || (matches!(
+                guest_state_encryption_policy,
+                GuestStateEncryptionPolicy::GspById | GuestStateEncryptionPolicy::None
+            ) && (!is_gsp || strict_encryption_policy));
+
+        let requires_gsp = is_gsp
+            || response.extended_status_flags.requires_rpc_server()
+            || matches!(
+                guest_state_encryption_policy,
+                GuestStateEncryptionPolicy::GspKey
+            );
 
         // If the VMGS is encrypted, but no key protection data is found,
         // assume GspById encryption is enabled, but no ID file was written.
@@ -658,14 +698,19 @@ async fn get_derived_keys(
         (response, no_gsp, requires_gsp)
     };
 
-    // Attempt GSP By Id protection if GSP is not available, or when changing schemes.
+    // Attempt GSP By Id protection if GSP is not available, when changing
+    // schemes, or as requested
     let (gsp_response_by_id, no_gsp_by_id) = if no_gsp || requires_gsp_by_id {
         let gsp_response_by_id = get
             .guest_state_protection_data_by_id()
             .await
             .map_err(GetDerivedKeysError::FetchGuestStateProtectionById)?;
 
-        let no_gsp_by_id = gsp_response_by_id.extended_status_flags.no_registry_file();
+        let no_gsp_by_id = gsp_response_by_id.extended_status_flags.no_registry_file()
+            || (matches!(
+                guest_state_encryption_policy,
+                GuestStateEncryptionPolicy::None
+            ) && (!requires_gsp_by_id || strict_encryption_policy));
 
         if no_gsp_by_id && requires_gsp_by_id {
             Err(GetDerivedKeysError::GspByIdRequiredButNotFound)?
@@ -768,14 +813,23 @@ async fn get_derived_keys(
         if is_encrypted {
             Err(GetDerivedKeysError::DisableVmgsEncryptionFailed)?
         }
-
-        tracing::trace!(CVM_ALLOWED, "No VMGS encryption used.");
-
-        return Ok(DerivedKeyResult {
-            derived_keys: None,
-            key_protector_settings,
-            gsp_extended_status_flags: gsp_response.extended_status_flags,
-        });
+        match guest_state_encryption_policy {
+            // fail if some minimum level of encryption was required
+            GuestStateEncryptionPolicy::GspById
+            | GuestStateEncryptionPolicy::GspKey
+            | GuestStateEncryptionPolicy::HardwareSealing => {
+                Err(GetDerivedKeysError::EncryptionRequiredButNotFound)?
+            }
+            GuestStateEncryptionPolicy::Auto | GuestStateEncryptionPolicy::None => {
+                tracing::info!(CVM_ALLOWED, "No VMGS encryption used.");
+
+                return Ok(DerivedKeyResult {
+                    derived_keys: None,
+                    key_protector_settings,
+                    gsp_extended_status_flags: gsp_response.extended_status_flags,
+                });
+            }
+        }
     }
 
     // Attempt to get hardware derived keys
@@ -803,7 +857,7 @@ async fn get_derived_keys(
 
     // Use tenant key (KEK only)
     if no_gsp && no_gsp_by_id {
-        tracing::trace!(CVM_ALLOWED, "No GSP used with SKR");
+        tracing::info!(CVM_ALLOWED, "No GSP used with SKR");
 
         derived_keys.ingress = ingress_key;
         derived_keys.decrypt_egress = decrypt_egress_key;
@@ -837,7 +891,20 @@ async fn get_derived_keys(
                 .map_err(GetDerivedKeysError::GetDerivedKeyById)?;
 
         if no_kek && no_gsp {
-            tracing::trace!(CVM_ALLOWED, "Using GSP with ID.");
+            if matches!(
+                guest_state_encryption_policy,
+                GuestStateEncryptionPolicy::None
+            ) {
+                // Log a warning here to indicate that the VMGS state is out of
+                // sync with the VM's configuration.
+                //
+                // This should only happen if the VM is configured to
+                // have no encryption, but it already has GspById encryption
+                // and strict encryption policy is disabled.
+                tracing::warn!(CVM_ALLOWED, "Allowing GspById");
+            } else {
+                tracing::info!(CVM_ALLOWED, "Using GspById");
+            }
 
             // Not required for Id protection
             key_protector_settings.should_write_kp = false;
@@ -852,7 +919,7 @@ async fn get_derived_keys(
 
         derived_keys.ingress = derived_keys_by_id.ingress;
 
-        tracing::trace!(CVM_ALLOWED, "Converting GSP method.");
+        tracing::info!(CVM_ALLOWED, "Converting GSP method.");
     }
 
     let egress_seed;
@@ -969,6 +1036,21 @@ async fn get_derived_keys(
         }
     }
 
+    if matches!(
+        guest_state_encryption_policy,
+        GuestStateEncryptionPolicy::None | GuestStateEncryptionPolicy::GspById
+    ) {
+        // Log a warning here to indicate that the VMGS state is out of
+        // sync with the VM's configuration.
+        //
+        // This should only happen if the VM is configured to have no
+        // encryption or GspById encryption, but it already has GspKey
+        // encryption and strict encryption policy is disabled.
+        tracing::warn!(CVM_ALLOWED, "Allowing Gsp");
+    } else {
+        tracing::info!(CVM_ALLOWED, "Using Gsp");
+    }
+
     Ok(DerivedKeyResult {
         derived_keys: Some(derived_keys),
         key_protector_settings,

openhcl/underhill_core/src/lib.rs

@@ -328,6 +328,7 @@ async fn launch_workers(
         nvme_always_flr: opt.nvme_always_flr,
         test_configuration: opt.test_configuration,
         disable_uefi_frontpage: opt.disable_uefi_frontpage,
+        guest_state_encryption_policy: opt.guest_state_encryption_policy,
     };
 
     let (mut remote_console_cfg, framebuffer_access) =

openhcl/underhill_core/src/options.rs

@@ -33,6 +33,28 @@ impl std::str::FromStr for TestScenarioConfig {
     }
 }
 
+#[derive(Clone, Debug, MeshPayload)]
+pub enum GuestStateEncryptionPolicyCli {
+    Auto,
+    None,
+    GspById,
+    GspKey,
+}
+
+impl std::str::FromStr for GuestStateEncryptionPolicyCli {
+    type Err = anyhow::Error;
+
+    fn from_str(s: &str) -> Result<GuestStateEncryptionPolicyCli, anyhow::Error> {
+        match s {
+            "AUTO" | "0" => Ok(GuestStateEncryptionPolicyCli::Auto),
+            "NONE" | "1" => Ok(GuestStateEncryptionPolicyCli::None),
+            "GSP_BY_ID" | "2" => Ok(GuestStateEncryptionPolicyCli::GspById),
+            "GSP_KEY" | "3" => Ok(GuestStateEncryptionPolicyCli::GspKey),
+            _ => Err(anyhow::anyhow!("Invalid encryption policy: {}", s)),
+        }
+    }
+}
+
 // We've made our own parser here instead of using something like clap in order
 // to save on compiled file size. We don't need all the features a crate can provide.
 /// underhill core command-line and environment variable options.
@@ -157,6 +179,10 @@ pub struct Options {
     /// will result in UEFI terminating, shutting down the guest instead of
     /// showing the frontpage.
     pub disable_uefi_frontpage: bool,
+
+    /// (HCL_GUEST_STATE_ENCRYPTION_POLICY=\<GuestStateEncryptionPolicyCli\>)
+    /// Specify which guest state encryption policy to use.
+    pub guest_state_encryption_policy: Option<GuestStateEncryptionPolicyCli>,
 }
 
 impl Options {
@@ -259,6 +285,15 @@ impl Options {
         });
         let disable_uefi_frontpage = parse_env_bool("OPENHCL_DISABLE_UEFI_FRONTPAGE");
         let signal_vtl0_started = parse_env_bool("OPENHCL_SIGNAL_VTL0_STARTED");
+        let guest_state_encryption_policy = parse_env_string("HCL_GUEST_STATE_ENCRYPTION_POLICY")
+            .and_then(|x| {
+                x.to_string_lossy()
+                    .parse::<GuestStateEncryptionPolicyCli>()
+                    .map_err(|e| {
+                        tracing::warn!("failed to parse HCL_GUEST_STATE_ENCRYPTION_POLICY: {}", e)
+                    })
+                    .ok()
+            });
 
         let mut args = std::env::args().chain(extra_args);
         // Skip our own filename.
@@ -316,6 +351,7 @@ impl Options {
             nvme_always_flr,
             test_configuration,
             disable_uefi_frontpage,
+            guest_state_encryption_policy,
         })
     }