[svsm-devel] Call for mentors/ideas for Google Summer of Code
Nicolai Stange
nstange at suse.de
Wed Mar 26 15:58:38 CET 2025
Hi all,
Stefano Garzarella <sgarzare at redhat.com> writes:
> On Fri, 21 Mar 2025 at 15:42, Jörg Rödel <jroedel at suse.de> wrote:
>>
>> > We also have a PoC working with a very minimal FS+encryption, but at
>> > least can be used by the student to understand the final scenario.
>> > In addition, we have OpenVMM to take inspiration from and perhaps
>> > reuse some code.
>> >
>> > That said, this is in my ToDo list (after the vTPM driver saga...) so
>> > I don't know whether it makes sense to wait until September to get a
>> > result from a student or to work on it directly.
>>
>> This should probably be split up anyways, in a task for the file storage
>> layer and one for the encryption layer. Since you are planning to work
>> on these topics in the near future maybe you can scope out some parts as
>> suitable projects for students?
>
> Yes, perhaps it could be split, although I'm seeing that OpenVMM has
> self-contained crates to handle what they called VM Guest State (VMGS)
> file: https://github.com/microsoft/openvmm/tree/main/vm/vmgs
>
> It's a custom FS, with a file table, each file has an ID that
> identifies its type (e.g. TPM_NVRAM) and on top of that they use AES
> 256 GCM for encryption. They also provide a tool for
> manipulation/inspection:
> https://openvmm.dev/guide/dev_guide/dev_tools/vmgstool.html?highlight=vtpm#vmgstool
>
I would like to mention at this point that I'm also working on a FS for
quite some time now. The main motivation for developing one from scratch
is to have full Merkle-Tree style authentication over the whole FS,
which I think (hope) would be affordable for the expected image sizes in
the MB range. With that however, a Journal is also desirable, because
otherwise powercuts/crashes in the middle of a write would render the
whole image definitely unreadable.
Anyway, I'm in the last steps of having something working, I expect it
to take ~2-3 more weeks until I can present some code + docs on the
format for discussion.
Thanks!
Nicolai
--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)
More information about the Svsm-devel
mailing list