Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-03-03 12:19:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: document STACKIT CC features

Browse Source 
Co-Authored-By: Moritz Eckert <m1gh7ym0@gmail.com>
This commit is contained in:
Malte Poll 2024-03-08 15:06:13 +01:00
parent 938d0ceb00
commit ad8458d0ac
3 changed files with 54 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docs/docs/architecture/attestation.md
View File

@ -217,6 +217,38 @@ The latter means that the value can be generated offline and compared to the one
| 15 | ClusterID | Constellation Bootstrapper | Yes | | 15 | ClusterID | Constellation Bootstrapper | Yes |
| 16&ndash;23 | Unused | - | - | | 16&ndash;23 | Unused | - | - |
</tabItem>
<tabItem value="stackit" label="STACKIT">
Constellation uses a hypervisor-based vTPM for runtime measurements.
The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification.
The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot).
The following table lists all PCR values of the vTPM and the measured components.
It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable.
The latter means that the value can be generated offline and compared to the one in the vTPM.
| PCR | Components | Measured by | Reproducible and verifiable |
| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- |
| 0 | Firmware | STACKIT | No |
| 1 | Firmware | STACKIT | No |
| 2 | Firmware | STACKIT | No |
| 3 | Firmware | STACKIT | No |
| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | STACKIT, Constellation Bootloader | Yes |
| 5 | Firmware | STACKIT | No |
| 6 | Firmware | STACKIT | No |
| 7 | Secure Boot Policy | STACKIT, Constellation Bootloader | No |
| 8 | - | - | - |
| 9 | initramfs, Kernel command line | Linux Kernel | Yes |
| 10 | User space | Linux IMA | No[^1] |
| 11 | Unified Kernel Image components | Constellation Bootloader | Yes |
| 12 | Reserved | (User space, Constellation Bootloader) | Yes |
| 13 | Reserved | (Constellation Bootloader) | Yes |
| 14 | Secure Boot State | Constellation Bootloader | No |
| 15 | ClusterID | Constellation Bootstrapper | Yes |
| 16&ndash;23 | Unused | - | - |
</tabItem> </tabItem>
</tabs> </tabs>
@ -251,13 +283,15 @@ You may customize certain parameters for verification of the attestation stateme
</tabItem> </tabItem>
<tabItem value="gcp" label="GCP"> <tabItem value="gcp" label="GCP">
On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs.
The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
There is no additional configuration available for GCP. There is no additional configuration available for GCP.
</tabItem> </tabItem>
<tabItem value="aws" label="AWS"> <tabItem value="aws" label="AWS">
On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs.
An SEV-SNP attestation report is used to establish trust in the VM and it's vTPM. An SEV-SNP attestation report is used to establish trust in the VM.
You may customize certain parameters for verification of the attestation statement using the Constellation config file. You may customize certain parameters for verification of the attestation statement using the Constellation config file.
* TCB versions * TCB versions
@ -275,6 +309,13 @@ You may customize certain parameters for verification of the attestation stateme
This is the intermediate certificate for verifying the SEV-SNP report's signature. This is the intermediate certificate for verifying the SEV-SNP report's signature.
If it's not specified, the CLI fetches it from the AMD key distribution server. If it's not specified, the CLI fetches it from the AMD key distribution server.
</tabItem>
<tabItem value="stackit" label="STACKIT">
On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs.
The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements).
There is no additional configuration available for STACKIT.
</tabItem> </tabItem>
</tabs> </tabs>

18
docs/docs/overview/clouds.md
View File

@ -14,13 +14,13 @@ For Constellation, the ideal environment provides the following:
The following table summarizes the state of features for different infrastructures as of June 2023. The following table summarizes the state of features for different infrastructures as of June 2023.
| **Feature** | **Azure** | **GCP** | **AWS** | **OpenStack (Yoga)** | | **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** |
|-----------------------------------|-----------|---------|---------|----------------------| |-----------------------------------|-----------|---------|---------|--------------|----------------------|
| **1. Custom images** | Yes | Yes | Yes | Yes | | **1. Custom images** | Yes | Yes | Yes | Yes | Yes |
| **2. SEV-SNP or TDX** | Yes | Yes | Yes | Depends on kernel/HV | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV |
| **3. Raw guest attestation** | Yes | Yes | Yes | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV |
| **4. Reviewable firmware** | No | No | Yes | Depends on kernel/HV | | **4. Reviewable firmware** | No | No | Yes | No | Depends on kernel/HV |
| **5. Confidential measured boot** | Yes | No | No | Depends on kernel/HV | | **5. Confidential measured boot** | Yes | No | No | No | Depends on kernel/HV |
## Microsoft Azure ## Microsoft Azure
@ -53,6 +53,10 @@ However, regarding (5), attestation is partially based on the [NitroTPM](https:/
Hence, the hypervisor is currently part of Constellation's TCB. Hence, the hypervisor is currently part of Constellation's TCB.
Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built.
## STACKIT
[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB.
## OpenStack ## OpenStack
OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation. OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation.

1
docs/styles/config/vocabularies/edgeless/accept.txt
View File

@ -63,6 +63,7 @@ rollout
SBOM SBOM
sigstore sigstore
SSD SSD
STACKIT
superset superset
Syft Syft
systemd systemd