powerpoint presentation · vsc. shielding data file ‘root’ password timezone ip address ssh...

Guarded Hyper-V hosts

Host Guardian Service

Provisioning

Process

Boot Linux inshielded mode

Additional Scenarios

Shielded

virtual

machines

Users who request to

start specific shielded

VMs on the host

VM03

VM02

VM01

Host Guardian

Service (HGS)

running on a cluster

Attestation Service: contains information about the expected configuration of guarded hosts. Authorizes only legitimate guarded hosts to run the shielded VMs.

Key Protection Service: contains keys needed for starting shielded VMs. Ensures that a given key is released only if the host is authorized and is in a Guarded Fabric specified by the VM owner.

Host Guardian Service components:

Guarded host

Key requests and

responses

Attestation requests

and responses

init program

Boot scripts

grub.cfg

Linux kernel

Initial ramdisk

SHIM

grub

Root partition(encrypted)

Boot partition(encrypted)

EFI System partition(unencrypted)

lsvmload Rest of Linux

Encrypted with well-known

passphrase

init program

Boot scripts

grub.cfg

Linux kernel

Initial ramdisk

SHIM

grub

Root partition(encrypted)

Boot partition(encrypted)

EFI System partition(unencrypted)

lsvmload

PA*

*Active boot loader

Rest of Linux

VSC

Shielding

Data File

‘root’ password

timezone

IP address

ssh private key

Other per-VM files

Guarded

Fabric #1

Guarded

Fabric #2

Guarded

Fabric #N

. . .

Cert used to

sign VSC

OwnerKey

Encrypted

init program

Boot scripts

grub.cfg

Linux kernel

Initial ramdisk

SHIM

grub

Root partition(encrypted)

Boot partition(encrypted)

EFI System partition(unencrypted)

lsvmload*

*Active boot loader

sealedkeys

specialization.aes

Rest of Linux

Encrypted with

key sealed

in the vTPM

Encrypted with

LUKS/dm-crypt

masterkey for

boot partition

Each encrypted

with a passphrase

in ‘sealedkeys’

• initramfs updated to get dm-crypt

passphrase from a file

• lsmvload used as a precursor to the

normal Linux boot shim

• lsmvload inject disk passphrases as a

file into virtualized copy of initramfs

• Linux shim

• grub

• Linux kernel

• I/O to encrypted boot partition is mediated by custom UEFI file I/O protocols

• initramfs gets dm-crypt passphrases from injected file*First boot only

init program

Boot scripts

grub.cfg

Linux kernel

Initial ramdisk

SHIM

grub

Root partition(encrypted)

Boot partition(encrypted)

EFI System partition(unencrypted)

lsvmload*

*Active boot loader

sealedkeys Rest of Linux

Encrypted with

key sealed

in the vTPM

Each encrypted

with a passphrase

in ‘sealedkeys’

Wrap-Up