Skip to content

Use SYSFS to read MSR_SEV_STATUS #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Use SYSFS to read MSR_SEV_STATUS #88

wants to merge 2 commits into from

Conversation

@joergroedel
Copy link

@joergroedel joergroedel commented Mar 5, 2025

Avoid using the insecure MSR kernel module and use a file in SYSFS to read the SEV_STATUS MSR.

This is a draft PR as the SYSFS support patch is still under discussion here

@joergroedel
ok.rs: Rename get_values() to get_sev_status()
77ad8b2 
The function is only ever used to read the SEV_STATUS MSR, so rename
it and hard-code the function parameters. This helps adding
alternative means to read SEV_STATUS.

Signed-off-by: Joerg Roedel <[email protected]>
@joergroedel
Grab SEV_STATUS from SYSFS if available
b6cb76b 
Since reading MSRs using the Linux MSR kernel module is generally
discouraged and disabled by default in many Linux distributions, add
another way of reading the SEV_STATUS value via SYSFS.

If that does not work the MSR module is still used as a fall-back.

Signed-off-by: Joerg Roedel <[email protected]>
tylerfanelli
tylerfanelli approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@tylerfanelli tylerfanelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, we'll wait for the changes to be upstream. Let us know when that's completed and we can merge this.

Just out of curiosity, why is the MSR module generally discouraged/disabled?

@joergroedel
Copy link
Author

joergroedel commented Mar 7, 2025

Just out of curiosity, why is the MSR module generally discouraged/disabled?

The MSR module does not only give access to SEV_STATUS, but to all MSRs, including those that can affect system stability and security.

@larrydewey
Copy link
Contributor

larrydewey commented Apr 10, 2025

I don't have any arguments against using the sysfs approach. One reason we were leaning so heavily on the MSR implementation is that 1) there was no other implementation, and 2) the MSR in question is a protected MSR. DO you know if the method of providing this through sysfs will be protected from hypervisor modification, as well?

@joergroedel
Copy link
Author

joergroedel commented Apr 16, 2025

I don't have any arguments against using the sysfs approach. One reason we were leaning so heavily on the MSR implementation is that 1) there was no other implementation, and 2) the MSR in question is a protected MSR. DO you know if the method of providing this through sysfs will be protected from hypervisor modification, as well?

There is no change in security by using SYSFS instead of the MSR module, as there is also no guarantee that the MSR module behaves correctly and does actually read the MSR in question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@larrydewey larrydewey larrydewey approved these changes

@tylerfanelli tylerfanelli tylerfanelli approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joergroedel @larrydewey @tylerfanelli