[svsm-devel] Call for mentors/ideas for Google Summer of Code
Stefano Garzarella
sgarzare at redhat.com
Mon Mar 24 12:37:16 CET 2025
On Fri, 21 Mar 2025 at 15:42, Jörg Rödel <jroedel at suse.de> wrote:
>
> Hi Stefano,
>
> On Fri, Mar 21, 2025 at 10:28:19AM +0100, Stefano Garzarella wrote:
> > Another thing I was thinking about is that we should provide an
> > environment for students to use to test/develop the feature.
> >
> > As long as they can use their laptop, fine, but if special HW is
> > required, it might be a problem to give them access.
> >
> > Thanks to Gerd's work, IIUC, native platform support in QEMU could
> > help us test anything in SVSM that doesn't require interaction with
> > guest OS or depend on SEV-SNP/TDX capabilities.
>
> Yes, some projects can be worked on without expensive server hardware,
> but others not. The observability project is an example which requires
> EPYC hardware.
>
> I can ask for some funding via the CCC for that or maybe one of the
> hardware vendors is willing to give us access to a machine. Let me ask
> around.
Cool, that would help!
>
> > Yep, I agree. About my previous point, can this project be done
> > without SEV-SNP machine?
>
> Yes, I think the CPUID handling can be done with the native platform
> support.
>
> > IIUC this requires a SEV-SNP machine, can someone provide access to it
> > to a student?
>
> Right, as mentioned above, I will ask around and see if we can get this
> funded.
>
> > This should not require SEV-SNP machine, and we also have Oliver PR in
> > a good shape to be used as base.
> > We also have a PoC working with a very minimal FS+encryption, but at
> > least can be used by the student to understand the final scenario.
> > In addition, we have OpenVMM to take inspiration from and perhaps
> > reuse some code.
> >
> > That said, this is in my ToDo list (after the vTPM driver saga...) so
> > I don't know whether it makes sense to wait until September to get a
> > result from a student or to work on it directly.
>
> This should probably be split up anyways, in a task for the file storage
> layer and one for the encryption layer. Since you are planning to work
> on these topics in the near future maybe you can scope out some parts as
> suitable projects for students?
Yes, perhaps it could be split, although I'm seeing that OpenVMM has
self-contained crates to handle what they called VM Guest State (VMGS)
file: https://github.com/microsoft/openvmm/tree/main/vm/vmgs
It's a custom FS, with a file table, each file has an ID that
identifies its type (e.g. TPM_NVRAM) and on top of that they use AES
256 GCM for encryption. They also provide a tool for
manipulation/inspection:
https://openvmm.dev/guide/dev_guide/dev_tools/vmgstool.html?highlight=vtpm#vmgstool
That said, I don't think I'll be able by today to figure out if that's
the right way or better something else :-(
I'd like to reuse something instead of re-inventing the wheel.
Thanks,
Stefano
More information about the Svsm-devel
mailing list