Description

libkrun-sev allows running confidential workloads in a lightweight VM within a container. I'd like to experiment with libkrun-sev, the oci2cw image tool, and attestation using reference-kbs.

Goals

Start a container with confidential workload on an LUKS encrypted disk. Attest the container against a reference KBS, which on success provides a key to unlock the disk and start running the workload.

Resources

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 24

Activity

  • about 1 month ago: jfehlig started this project.
  • about 1 month ago: jfehlig originated this project.

  • Comments

    • jfehlig
      28 days ago by jfehlig | Reply

      I didn't quite reach the goal of this project. It's easy enough to start containerized micro VMs with krunvm and libkrun, but getting all the pieces for full attestation workflow have been challenging.

      The first step of this project was updating libkrun[1] and libkrunfw[2] to latest upstream releases to get all the latest SEV-related code. The next task was familiarizing myself with libkrun et.al. I experimented with starting some micro VMs based on opensuse/tumbleweed OCI. I then buit a container to serve as a confidential workload. The workload is a simple program to serve "Hello Confidential Computing" on a HTTP port. The workload could be switched to something more interesting, like an AI chatbot, in future work :-). I checked the workload functioned when run as a normal container and as a containerized micro VM. E.g. as a normal container

      # podman run --rm -ti -p 8080:8080 sevdemo

      serving on 8080

      # curl localhost:8080

      Hello Confidential Workload!

      Running as a containerized micro VM simply requires specifying libkrun as a container runtime. E.g. # podman run --runtime krun --rm -ti -p 8080:8080 sevdemo

      With a functioning workload running in a containerized micro VM, I moved to building additional pieces needed to run the workload as a confidential container. The first component was an attestation server. For experiments like this, the reference-kbs server[3] seemed like a good choice. Getting it built and running took more effort than needed, mostly due to being a Rust noob.

      The next piece of the puzzle is an image transformation tool called oci2cw[4]. It takes a "regular" OCI and transforms it to a "Confidential Workload (CW)" OCI. The CW OCI includes the original OCI workload payload in an encrypted volume, along with additional content that will be used by the libkrun runtime such as attestation server parameters. With minimal hacking, I was able to get this tool working and transformed my workload to a CW OCI. During the transformation process, measurements and secrets were stashed in the attestation server for later use when starting the workload.

      Unfortunately, I made little progress beyond this point before Hackweek came to an end for me. I got past some smaller issues, but got stuck at the following error during initialization of the confidential micro VM

      # podman run --runtime krun --privileged --rm -ti -p 8080:8080 sevdemo-cw

      [2024-11-22T00:22:57Z ERROR krun] Building the microVM failed: Internal(Vm(SevSecVirtInit(DownloadCek(Error { description: "SSL peer certificate or SSH remote key was not OK", code: 60, extra: None })))) {"msg":"exec container process failed with handler as krun: Unknown error -22","level":"error","time":"2024-11-22T00:22:57.203343Z"}

      This project interests me enough that I'd like to find time to reach the goal. Becoming knowledgeable of the attestation workflow would be a good next step. That would allow me to better understand the above failure. ATM I'm not sure if it's a problem in the OCI transformation process or in the libkrun runtime.

      [1] https://github.com/containers/libkrun

      [2] https://github.com/containers/libkrunfw

      [3] https://github.com/virtee/reference-kbs

      [4] https://github.com/virtee/oci2cw

    Similar Projects

    This project is one of its kind!