Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-119480

[SVSM] Create a state provisioning tool for coconut-svsm

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • edk2
    • None
    • rhel-virt-confidential-firmware
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Goal

      Create a tool that allows a CVM owner to provision/create an initial encrypted state filesystem image for Coconut-SVSM.
      The tool ideally can run without CoCo hardware.

      Acceptance criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • Verify X
      • Verify Y
      • Verify Z

       

      Initial ideas

      • Use the "nocc" mode of svsm and boot it in QEMU (regular vm) and have it initialzie the state on first boot.
      • Compile the vTPM code and all required Rust crates that svsm uses to read/write/create the state into a regular binary that runs in linux
      • Build the TCG TMP emulator as a Linux executable, run that, and create a tool that converts the state file generated by it to the cocoonfs image / embed it there.{}

              virt-maint virt-maint
              osteffen@redhat.com Oliver Steffen
              virt-maint virt-maint
              Yihuang Yu Yihuang Yu
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: