Running Linux in a Shielded VM
Total Page:16
File Type:pdf, Size:1020Kb
Additional Scenarios Provisioning Process Boot Linux in shielded mode Host Guardian Service Guarded Hyper-V hosts Users who request to start specific shielded VMs on the host Host Guardian Service components: VM03 Shielded Attestation requests Attestation Service: virtual VM02 and responses contains information about the machines expected configuration of guarded VM01 hosts. Authorizes only legitimate guarded hosts to run the shielded VMs. Key requests and responses Key Protection Service: contains keys needed for starting shielded VMs. Ensures that a given key is released only if the host is authorized Host Guardian Guarded host and is in a Guarded Fabric specified by Service (HGS) the VM owner. running on a cluster Encrypted with well-known passphrase EFI System partition Boot partition Root partition (unencrypted) (encrypted) (encrypted) grub.cfg init program Linux kernel Boot scripts lsvmload Initial ramdisk Rest of Linux SHIM grub EFI System partition Boot partition Root partition (unencrypted) (encrypted) (encrypted) grub.cfg init program PA* Linux kernel Boot scripts lsvmload Initial ramdisk Rest of Linux VSC SHIM grub *Active boot loader Shielding ‘root’ password Guarded Cert used to Fabric #1 Data File timezone sign VSC IP address Guarded ssh private key Fabric #2 Other per-VM files . Owner Key Guarded Encrypted Fabric #N Each encrypted with a passphrase in ‘sealedkeys’ EFI System partition Boot partition Root partition (unencrypted) (encrypted) (encrypted) grub.cfg init program Encrypted with lsvmload* Linux kernel Boot scripts key sealed in the vTPM sealedkeys Initial ramdisk Rest of Linux Encrypted with specialization.aes SHIM LUKS/dm-crypt masterkey for grub boot partition *Active boot loader • initramfs updated to get dm-crypt • Linux shim passphrase from a file • grub • lsvmload used as a precursor to the • Linux kernel normal Linux boot shim • lsvmload inject disk passphrases as a file into virtualized copy of initramfs • I/O to encrypted boot partition is mediated by custom UEFI file I/O protocols • initramfs gets dm-crypt *First boot only passphrases from injected file Each encrypted with a passphrase in ‘sealedkeys’ EFI System partition Boot partition Root partition (unencrypted) (encrypted) (encrypted) grub.cfg init program Encrypted with lsvmload* Linux kernel Boot scripts key sealed in the vTPM sealedkeys Initial ramdisk Rest of Linux SHIM grub *Active boot loader Wrap-Up .