[svsm-devel] Questions about crypto support

[Jörg Rödel]

Hi Dionna,

On Tue, Sep 26, 2023 at 11:50:44AM -0700, Dionna Amalie Glaze wrote:
> There are a number of string manipulation functions, of course
> malloc/free, and also pthread_once and pthread_key_* functions.
> Without pthreads, you have to build with
> -DOPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
> I don't know what the concurrency story is for SVSM, but I imagine
> it's concurrent for all vCPUs to use without a global lock.

Ugh, pthreads, that is bit harder to support right now as SVSM will
start with cooperative scheduling. Given that we only need the bare
crypto functionality and none of the protocols or file parsing
functionality I wonder what the pthread calls are used for.

The concurrency story for SVSM is still very simple, I already mentioned
cooperative scheduling. Besides that we don't have a facility yet to
force another VCPU into VMPL0 to execute threads there. Same with timers
to implement preemptive scheduling.

> VMPCKs may have a single conceptual owner, but they'll still need to
> be used in cryptographic operations, so I do see them getting passed
> around.

We can encapsulate that into a module which talks to the PSP. AFAIR the
commands have sequence numbers, and that module would also keep track of
them. Any other module sending requests would format and send them to
the PSP communication module. That would then also be the single owner
of the VMPCK0 key.

Regards,

-- 
Jörg Rödel
jroedel at suse.de

SUSE Software Solutions Germany GmbH
Frankenstraße 146
90461 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman