Confidential DataHub Part 4: CDH binary & Attestation API for AA #322
Conversation
KBCs are now impled as KMS drivers, also known as `get_resource_provider` in CDH. To follow the forward compatibility, `sev` is the same as previous `online_sev_kbc` and `kbs` is the same as previous `cc_kbc`. Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
feat-cdh-binary
branch
2 times, most recently
from
5c5ac9e to
51de772
Compare
Xynnn007
changed the title
Xynnn007
force-pushed
the
feat-cdh-binary
branch
from
a8dd0b8 to
fce83dc
Compare
confidential-data-hub/hub/src/bin/confidential-data-hub/main.rs
Outdated
Show resolved
Hide resolved
Xynnn007
force-pushed
the
feat-cdh-binary
branch
from
8b36a70 to
5bfdd90
Compare
| | sev | For SEV based on efi secret pre-attestation | | ||
|
|
||
| Note: `offline-fs` is built-in, we do not need to manually enable. If no `RESOURCE_PROVIDER` | ||
| is given, all features will be enabled. |
There was a problem hiding this comment.
Are we deprecating the sample option?
There was a problem hiding this comment.
I'm not sure whether we are still using sample in current CoCo (except enclave-cc). As all the tests can be covered by offline-fs-kbc, sample seem somehow useless. If it is still used I can add that.
|
|
||
| package api; | ||
|
|
||
| message UnSealSecretInput { |
There was a problem hiding this comment.
Nice catch, we should sync with https://github.com/kata-containers/kata-containers/pull/7545/files#diff-e0bf528729d06d2a2c080a9689807bc7b8795745c6edb1a6803dbe67b3be2bddR5. Let me fix this here.
@Lu-Biao could you help to update the PR of yours ?
| //! | ||
| //! for example | ||
| //! ``` | ||
| //! cdh.kbs_resources=kbs:///default/key/1::/run/temp1,kbs:///default/key/2::/run/temp2 |
There was a problem hiding this comment.
I am skeptical of this format and of reading this config from the kernel command line.
There was a problem hiding this comment.
To specify the resources (like credential for KMS) are needed. This is only a workaround up to now as we do not have a generic mechanism to inject these data. See kata-containers/kata-containers#7669 (comment) and maybe we can improve this in future
There was a problem hiding this comment.
Hmmm. I am not sure about the future proposal or the workaround tbh.Are you sure that this config actually needs to be measured? I will comment on the issue as well.
Also, it seems a bit odd to store all this on the FS. What is the advantage of this over holding credentials in the memory of the CDH process?
I guess one key question is who actually sets up all these configs? Does the user have to do that? Will the shim do it? I had pictured that a user who wrapped a key with the Aliyun KMS, the data in the wrapped secret would be enough to complete the entire process. I guess this allows us to decouple the credentials for that KBS from the information about the secret itself?
There was a problem hiding this comment.
Hmmm. I am not sure about the future proposal or the workaround tbh.Are you sure that this config actually needs to be measured? I will comment on the issue as well.
Yes I think so. When the pod's attestation report can pass KBS's RCAR handshake, which resource will be fetched should be known and ensured to avoid abuse, or unexpected overwriting. The config specifies the resource names.
Also, it seems a bit odd to store all this on the FS. What is the advantage of this over holding credentials in the memory of the CDH process?
The FS is still inside the guest's encrypted memory as it is in /run so it can not be seen by the host. If we put them in the ram FS, the high-level code of hub do not need to care about how to organize the credential files and cosume them, it just get_resource and put to where it should be. All later work can be done by KMS plugin code.
I guess one key question is who actually sets up all these configs? Does the user have to do that? Will the shim do it? I had pictured that a user who wrapped a key with the Aliyun KMS, the data in the wrapped secret would be enough to complete the entire process. I guess this allows us to decouple the credentials for that KBS from the information about the secret itself?
The user should do that. Currently an user of aliyun kms does not have an open api to receive all the KMS requests. Instead we have different KMS "instances" like different servers which need different credential to connect to. So the information inside the sealed secret must include the kms instance id and the credential id. (kms instance and credential are not one-to-one)
So the whole story will be: an user makes a sealed secret with aliyun kms, then store the credential into kbs and set the launch parameter of cdh to get the credential from KBS. When launching cdh, it will gets enough credential from the kbs and put them into encrypted guest memory. When unsealling secret, it detects which credential will be used and get from the encrypted guest memory.
The workaround give a straightforward way. We can talk about the init data injection mechanism for kata/coco. If we have that, a more easy way for the user to specify the configs via k8s annotations can be done.
Moreover, for diffferent CSP, the steps can be automatic via outer web page or user interface.
There was a problem hiding this comment.
Hm well I guess what we're getting into here are integration questions.
My main concern is that we're making things too complicated for the end user. It's true that the CSP could setup some of this stuff automatically, but keep in mind that today people can use CoCo simply by adding a runtime class to their yaml file. I'm a bit worried that the new features we're adding will be too hard to consume.
With the workaround the issues are mainly that the kernel params are not very robust. This will make validating the launch measurement much more difficult. For the short term, I guess that could be okay.
Anyway, we can probably go ahead here, but I think there are some unanswered integration questions still.
| input: UnSealSecretInput, | ||
| ) -> ::ttrpc::Result<UnSealSecretOutput> { | ||
| debug!("get new UnsealSecret request"); | ||
| let reader = HUB.read().await; |
There was a problem hiding this comment.
I would just call this hub.
btw does this mean that the hub methods can't modify the state of the hub?
There was a problem hiding this comment.
Yes. UnsealSecret function does not change any state of the hub. It only
- read KMS credential and create a client
- use the kms plugin to unseal the secret
No modifications would be applied to local fs or the status of hub.
| @@ -93,19 +55,13 @@ impl DataHub for Hub { | |||
|
|
|||
| async fn get_resource(&self, uri: String) -> Result<Vec<u8>> { | |||
| // to initialize a get_resource_provider client we do not need the ProviderSettings. | |||
| let mut client = kms::new_getter(&self.get_resource_provider, ProviderSettings::default()) | |||
| let mut client = kms::new_getter("kbs", ProviderSettings::default()) | |||
There was a problem hiding this comment.
Any sev option here?
Also, why create a new getter for each request? That means that you have to use the fake client. Instead could we just create the getter once at the beginning?
There was a problem hiding this comment.
the concrete kbc under kbs plugin is determined by aa_kbc_params. So we do not need to care if it uses online-sev-kbc of cc-kbc.
Also, why create a new getter for each request? That means that you have to use the fake client. Instead could we just create the getter once at the beginning?
Your idea is ok, too. But we will store an extra fake client object in CDH, while the fake client only provides the function pointer to the real client. Also, when an unseal secret request with kbs provider comes, it will still create a fake client. The consumption of creation a fake client is very low (check the lock), thus I think the way makes sense.
There was a problem hiding this comment.
Ok, the first part is a bit confusing because in the past the KbcClient was just for the KBS protocol, but here it can do both that and the SEV protocol. I guess that is ok tho.
Signed-off-by: Xynnn007 <[email protected]>
The kbs auth plugin helps to get the resouces that CDH will needs during the runtime. Such as the credential files that KMS plugin need, etc. Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
feat-cdh-binary
branch
2 times, most recently
from
7601425 to
5dafdd2
Compare
Xynnn007
force-pushed
the
feat-cdh-binary
branch
from
5dafdd2 to
dbc2db2
Compare
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
As everytime the guest launches, only one KBC will be specified by aa_kbc_params in kernel commandline. Thus the KMS plugin only needs to expose one API to hide the underlying kbc type. Also, this commit adds offline-fs-kbc as the by default supported one. If kernel does not specify the offline-fs-kbc, no files will be read, so we do not need to worry about the guest image. Signed-off-by: Xynnn007 <[email protected]>
when aliyun feature is not enabled, the lint error will be raised. Signed-off-by: Xynnn007 <[email protected]>
Ttrpc api receives Arc<Box<A>> as a parameter to init the server, while Arc<Box<A+B>> cannot downcast to Arc<Box<A>>. So a static variable is used to be the actual server object. Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Because we combine cc-kbc/offline-fs-kbc/online-sev-kbc into one KMS plugin named kbs. Thus the high level caller hub does not need to care about the concrete kbc type underneath. Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Signed-off-by: Xynnn007 <[email protected]>
Xynnn007
force-pushed
the
feat-cdh-binary
branch
from
dbc2db2 to
1dbd378
Compare
This PR is the last PR in v0.8.0 cycle for CDH & sealed secret. This PR
This PR only added new features to current AA. It didn't delete any existed code.
Some TODOs after v0.8.0:
get_tokenandget_evidencecc @arronwy @LindaYu17 @Lu-Biao
see #296