Runtime VM Protection By Intel Multi-Key Total Memory Encryption (MKTME)

Similar documents
Intel Virtualization Technology Roadmap and VT-d Support in Xen

Making Nested Virtualization Real by Using Hardware Virtualization Features

Hardware-Assisted Mediated Pass-Through with VFIO. Kevin Tian Principal Engineer, Intel

KVM as The NFV Hypervisor

KVM for IA64. Anthony Xu

Intel Unite. Intel Unite Firewall Help Guide

Nested Virtualization Update From Intel. Xiantao Zhang, Eddie Dong Intel Corporation

How to abstract hardware acceleration device in cloud environment. Maciej Grochowski Intel DCG Ireland

Intel s Architecture for NFV

I/O virtualization. Jiang, Yunhong Yang, Xiaowei Software and Service Group 2009 虚拟化技术全国高校师资研讨班

Intel Graphics Virtualization Technology. Kevin Tian Graphics Virtualization Architect

SR-IOV support in Xen. Yaozu (Eddie) Dong Yunhong Jiang Kun (Kevin) Tian

Intel Software Guard Extensions Platform Software for Windows* OS Release Notes

Clear CMOS after Hardware Configuration Changes

Intel Unite Plugin Guide for VDO360 Clearwater

What is KVM? KVM patch. Modern hypervisors must do many things that are already done by OSs Scheduler, Memory management, I/O stacks

Achieve Low Latency NFV with Openstack*

Intel Transparent Computing

Evolving Small Cells. Udayan Mukherjee Senior Principal Engineer and Director (Wireless Infrastructure)

DPDK Summit China 2017

AMD SEV Update Linux Security Summit David Kaplan, Security Architect

Intel Trusted Execution Technology

VDPA: VHOST-MDEV AS NEW VHOST PROTOCOL TRANSPORT

Intel Architecture Memory Encryption Technologies Specification

Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

Intel Cache Acceleration Software for Windows* Workstation

Modernizing Meetings: Delivering Intel Unite App Authentication with RFID

Intel Unite Solution Version 4.0

Live Migration of vgpu

Lenovo ThinkCentre M90z with Intel vpro Technology. Stefan Richards Intel Corporation Business Client Platform Division

Design of Vhost-pci - designing a new virtio device for inter-vm communication

Jim Harris Principal Software Engineer Intel Data Center Group

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Intel Atom Processor Based Platform Technologies. Intelligent Systems Group Intel Corporation

NVDIMM DSM Interface Example

Intel Unite Solution Intel Unite Plugin for WebEx*

Intel Unite Solution Version 4.0

Intel Unite Solution Version 4.0

Intel Graphics Virtualization on KVM. Aug KVM Forum 2011 Rev. 3

Intel Desktop Board DZ68DB


LED Manager for Intel NUC

Intel Unite Solution. Plugin Guide for Protected Guest Access

Intel Xeon W-3175X Processor Thermal Design Power (TDP) and Power Rail DC Specifications

Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI

Practical Xen Testing at Intel

1. What is Cloud Computing (CC)? What are the Pros and Cons of CC? Technologies of CC 27

Analyze and Optimize Windows* Game Applications Using Intel INDE Graphics Performance Analyzers (GPA)

The following modifications have been made to this version of the DSM specification:

Intel Software Guard Extensions SDK for Linux* OS. Installation Guide

BIOS Implementation of UCSI

Intel Unite Solution. Linux* Release Notes Software version 3.2

VIRTIO: VHOST DATA PATH ACCELERATION TORWARDS NFV CLOUD. CUNMING LIANG, Intel

TITANIUM CLOUD VIRTUALIZATION PLATFORM

Intel Atom Processor E3800 Product Family Development Kit Based on Intel Intelligent System Extended (ISX) Form Factor Reference Design

Optimization of Lustre* performance using a mix of fabric cards

VIRTIO-NET: VHOST DATA PATH ACCELERATION TORWARDS NFV CLOUD. CUNMING LIANG, Intel

Intel Unite Plugin for Logitech GROUP* and Logitech CONNECT* Devices INSTALLATION AND USER GUIDE

Intel Unite Solution Version 4.0

Enhance your Cloud Security with AMD EPYC Hardware Memory Encryption

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on SuSE*Enterprise Linux Server* using Xen*

Intel Cache Acceleration Software - Workstation

Intel Compute Card Slot Design Overview

Docker Networking In OpenStack What you need to know now. Fawad Khaliq

Enhancing pass through device support with IOMMU. Haitao Shan Yunhong Jiang Allen M Kay Eddie (Yaozu) Dong

IBM PowerKVM available with the Linux only scale-out servers IBM Redbooks Solution Guide

Accelerating NVMe I/Os in Virtual Machine via SPDK vhost* Solution Ziye Yang, Changpeng Liu Senior software Engineer Intel

Cloud Builders. Billy Cox. Director Cloud Strategy Software and Services Group

Intel Visual Compute Accelerator Product Family

The Transition to PCI Express* for Client SSDs

Intel Media Server Studio 2018 R1 Essentials Edition for Linux* Release Notes

Intel 848P Chipset. Specification Update. Intel 82848P Memory Controller Hub (MCH) August 2003

Course Review. Hui Lu

Intel G31/P31 Express Chipset

Intel Desktop Board D975XBX2

Intel s s Security Vision for Xen

Merging Enterprise Applications with Docker* Container Technology

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

Intel Unite. Enterprise Test Environment Setup Guide

Intel vpro Technology Virtual Seminar 2010

Intel Stress Bitstreams and Encoder (Intel SBE) 2017 AVS2 Release Notes (Version 2.3)

Micro VMMs and Nested Virtualization

Red Hat Virtualization 4.1 Hardware Considerations for Implementing SR-IOV

Reimagining OpenStack*

Intel Unite Solution. Plugin Guide for Protected Guest Access

Intel Desktop Board D945GCLF2

Red Hat Enterprise Virtualization 3.6

Intel QuickAssist for Windows*

Intel Desktop Board DP55SB

4th Generation Intel Core vpro Processors with Intel VMCS Shadowing

Välkommen. Intel Anders Huge

Intel Desktop Board D945GCCR

INTEL PERCEPTUAL COMPUTING SDK. How To Use the Privacy Notification Tool

Intel Platform Administration Technology Quick Start Guide

Kata Containers The way to run virtualized containers. Sebastien Boeuf, Linux Software Engineer Intel Corporation

Secure Containers with EPT Isolation

Vhost and VIOMMU. Jason Wang (Wei Xu Peter Xu

Innovating and Integrating for Communications and Storage

Intel Virtualization Technology FlexMigration Application Note

Intel & Lustre: LUG Micah Bhakti

Transcription:

Runtime VM Protection By Intel Multi-Key Total Memory Encryption (MKTME) Kai Huang @ Intel Corporation LINUXCON + CONTAINERCON + CLOUDOPEN Beijing, China, 2018 1

Legal Disclaimer No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting www.intel.com/design/literature.htm. Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others Intel Corporation. 2

Agenda MKTME Introduction MKTME Use Cases MKTME Enabling 3

Background: Trusted VM in Cloud VM protection by using encryption VM encrypted at-rest, in-transit and runtime. There has been existing technologies for at-rest and in-transit encryption Qemu TLS support for live migration Qemu encrypted image support VM runtime encryption requires hardware memory encryption support AMD SME/SEV Intel MKTME Launch VM on Trustiness Verified Host Trusted hardware/location, etc. Trusted Cloud SW stack. ❶ At-rest VM Image Repo Cloud Agent ❷ Runtime VM Launch Intel Arch Compute Node ❸ In-transit Live Migration Cloud Orchestrator Cloud Agent VM Launch Intel Arch Compute Node Typical VM Lifecycle in Cloud 4

Trusted VM w/ OpenCIT -- OpenStack as Example Enterprise Data Center Cloud Service Provider Trust Director OpenStack Glance OpenStack Horizon OpenStack Nova App OS App OS App OS Key Broker KB Proxy Attestation hub Trust Agent Policy Enforcement Reporting Verifier Measurement OpenStack Barbican Attestation Server TPM tbootxm Intel Arch w/ TXT Intel OpenStack Compute Node Intel Open CIT helps on Host trustiness verification 5

TME & MKTME Introduction New AES-XTS engine in data path to external memory bus. Data encrypted/decrypted on-the-fly when entering/leaving memory. AES-XTS uses physical address as tweak Same plaintext, different physical address -> different ciphertext. TME (Total Memory Encryption) Full memory encryption by TME key (CPU generated). Enabled/Disabled by BIOS. Transparent to OS & user apps. MKTME (Multi-key Total Memory Encryption) Memory encryption by using multiple keys. Use upper bits of physical address as keyid (see next) 6

MKTME KeyIDs Repurpose upper bits of physical address as KeyID as shown below. Reduces useable physical address bits. Creates aliases of physical memory locations: different keyids can refer to the same page. Cache-coherency is not guaranteed for the same page that accessed by different keyids. CPU caches are unaware of keyid (still treat keyidas part of PA) Architecturally upto 2^15-1 keyids (15 keyid bits). Reported by MSR. Configured by BIOS. KeyID 0 is reserved as TME s key (not useable by MKTME). New PCONFIG instruction to program keyid w/ associated key (see next) MAXPHYADDR - 1 63 Reserved KeyID Platform Addressable Memory 0 MK_TME_MAX_KEYID_BITS 7

MKTME KeyID Programming Overview New Ring-0 instruction PCONFIG to program the KEYID and associated key Package scoped Supports programming keyid to 4 modes: Using CPU generated random ephemeral key (invisible to SW) Using SW provided key (tenant s key) No encryption plaintext domain Clearing a key (using TME s key effectively) Allows SW to specify crypto algorithms Only AES-XTS-128 for initial server intercept 8 8

VM Protection & Isolation With MKTME Protection Use keyid to encrypt VM memory at runtime Isolation Use different keyids for different VMs Software Enabling For CPU access, SW sets keyid at PTEs IA page table (host) EPT (KVM) For Device access (DMA) w/ IOMMU: Set keyidto IOMMU page table Physical DMA: Apply keyidto PA directly 9

Highlights of MKTME Guests continue to run without modifications in MKTME domains: Encrypted with 1) CPU-generated ephemeral key, or 2) the one provided by API ( tenantcontrolled keys ) Virtio, including optimization (direct access to guest memory by kernel) continues to work Direct I/O (including accelerators, FPGA) assignment (including SR-IOV VFs) is available Live migration can be supported (among platforms that support MKTME) vnvdimm can be supported w/ limitation (because of physical address tweak ) Host DIMM configuration cannot be changed cross reboots. Qemu DIMM & vnvdimm configuration cannot be changed cross VM reboots. 10

Agenda MKTME Introduction MKTME Use Cases MKTME Enabling 11

MKTME Enabled Use Cases 1. Launch Tenant VMs with in-use protection (CPU generated keys) Let CSP handle the keys VM image provided by CSP 2. Launch Tenant VMs with at-rest and in-use protection with full tenant-control VM image encrypted @rest with tenant-specific keys Keys in tenant control VM memory isolation with tenant-specific keys Trustiness verified host Additional: integrity verification of VM image Use-case Extension: KeyID Sharing for all VMs launched by single tenant with the same tenant-key (or CPU generated key). 12

VM Launch w/ CPU Generated Keys Image Repo MKTME ephemeral key TME key VM Launch w/ CPU generated key CSP provided VM image Cloud Manager 1 VM Launch Cloud Agent 2 Policy Enforcement Keyid 3 Security Properties w/ VM runtime protection w or w/o at-rest and in-transit protection No Host Trustiness Verification Policy Agent 3 VM Launch w/ KeyID VM HYPERVISOR (Qemu/KVM) Keyid 3 Keyid 3 Keyid 0 HARDWARE Intel TXT / TPM Intel MKTME Keyid 0 DRAM* CSP Controlled 13

VM Launch w/ Tenant Controlled Keys VM Launch w/ Tenant provided key Tenant provided encrypted VM image Tenant controlled key server Trustiness verified host VM image integrity verified Use TPM to wrap/unwrap tenant-key 0 Upload VM image encrypted w/ tenant key Trustiness Verification Cloud Manager 1 2 VM Launch Image Repo Cloud Agent 3 Policy Enforcement Policy Agent Wrapped tenant key Tenant key VM MKTME ephemeral key TME key KeyID 3 KeyID 3 Security Properties w/ VM runtime protection w/ VM at-rest protection w/ or w/o in-transit protection w/ Host trustiness verification w/ VM image integrity verification Key Server Tenant Controlled Attestation Service Request Tenant-key Return wrapped key 4 VM Launch w/ KeyID HYPERVISOR (Qemu/KVM) HARDWARE Intel TXT / TPM Intel MKTME CSP Controlled KeyID 3 KeyID 1 KeyID 1 DRAM* 14

KeyID Sharing Among VMs Cloud SW makes decision whether to share or not. KeyIDPolicy KeyID VMs Policy1: <tenant1, ephemeral > keyid1 VM1, VM2.. New VM Launch w/ MktmePolicy Cloud SW MktmePolicy { } tenant_id: <UUID>, key_type: ephemeral persistent, key_server: https://..., allow_to_share: yes no Policy2: <tenant2, persistent, xxxxxx> keyid2 VM3 Example: KeyID sharing is based on KeyIDPolicy: <tenant_id, key_type, tenant_key> Cloud SW: Maintains KeyIDPolicy-to-KeyID table Makes keyid sharing decision according to the table Updates the table on VM launch and teardown Apply keyid to VM memory Qemu Launch VM w/ keyid Launch VM Compute Node mkey API: MKTME key management API mkey API KVM 15

Agenda MKTME Introduction MKTME Use Cases MKTME Enabling 16

MKTME Enabling High Level Cloud SW Launch VM w/ KeyID Guest memory with KeyID VM Guest Memory QEMU Host kernel mkey APIs Key/KeyID Management Core-MM KeyID support VFIO/IOMMU KeyID support DMA KeyID support Core-MM code with KeyID MMU Notifier mkey APIs Direct I/O Virtio/Vhost Live Migration VFIO/IOMMU with KeyID Vhost-kernel KeyIDs for guest KVM EPT KVM KeyID setup in EPT Qemu Receive KeyID from Cloud SW Apply KeyID to guest memory KeyIDs for Host IA-PT Key/KeyID Management PCONFIG MKTME Engine KeyIDs for DMA Device VT-d (NIC, SCSI, etc) DMA with K eyid KeyIDs for DMA New Code KeyIDs Setting KeyIDs in EPT Encrypted Memory with KeyID 17

MKTME Enabling Current Status Specification has been published [1] Core kernel enabling status Some preliminary patches have been upstreamed Feature emulation (CPUID, MSR); PCONFIG Proposal of some components have been sent to community for feedback Key management API: Using kernel key retention service Other components WIP internally Core-MM keyidsupport; IOMMU keyidsupport; DMA keyidsupport; KVM/Qemu enabling status PoC has been done to prove MKTME actually works. Depending on core kernel parts ready for formal patches. [1] https://software.intel.com/sites/default/files/managed/a5/16/multi-key-total-memory-encryption-spec.pdf 18

THANKS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback