Why does the tool sevctl work incorrectly with a CVM-SNP VM?

joeyjoy 0 Reputation points
2024-09-26T04:11:41.26+00:00

Hi~

I found that when I entered the CVM-SNP in Azure and used the sevctl (https://github.com/virtee/sevctl), which is the tool provided by AMD to detect a SNP guest status, the result seemed not normal.

User's image

So, how can I make sure that I am within a real SNP guest? I plan to use sevctl and sevtool for some experiments.

I guess this is related to attestation. In addition, I have a few questions here that hope can be confirmed:

How to verify the security guarantee claimed with Azure CVM?

When I was creating a CVM, I saw that there were options for Confidential Virtual Machines ( it should include trusted launch and measured boot) and EncOSdisk, and I enabled them. I have already read their product documents. But how can I acquire some of these measurements and verify these guarantees?

Can I launch another CVM-SNP with higher kernel version?

When I was creating the existing one, I saw the option 'Ubuntu Server 20.04 LTS (Confidential VM - SEV-SNP Only)' in the image list and chose this for this CVM.

What if I choose 'Ubuntu Pro 22.04 LTS (Confidential VM)', then which type of CVM guest will I obtain? Besides, what if I choose Ubuntu 24.04 image, of which the introduction says 'Secure virtualisation with AMD SEV-SNP and Intel TDX'? I think it is because the SNP guest-kernel support has been upstream.

Many thanks.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,870 questions
0 comments
Accepted answer
  1. Mounika Reddy Anumandla 405 Reputation points Microsoft Vendor
    2024-09-26T07:56:17.0233333+00:00

    Hi joeyjoy,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
    To verify that you're running within a real SNP guest, you can use the sevctl command to check the SNP guest status.
    Run the sevctl status and sevctl guest-status commands to check the SEV-SNP status. Verify that the output shows SEV-SNP: ENABLED and SEV-SNP Guest: RUNNING

    This command should display the SNP features supported by the guest. If the output shows that SNP features are enabled, it's a good indication that you're running within a real SNP guest.
    Attestation is a critical component of Secure Encrypted Virtualization (SEV). It's a process that verifies the identity and integrity of a system or a virtual machine. In the context of SEV, attestation is used to ensure that the guest is running on a trusted platform with the correct firmware and microcode.

    Azure confidential VMs boot only after successful attestation of the platform's critical components and security settings. The attestation report includes:

    • A signed attestation report
    • Platform boot settings
    • Platform firmware measurements
    • OS measurements

    You can initialize an attestation request inside of a confidential VM to verify that your confidential VMs are running a hardware instance with either AMD SEV-SNP, or Intel TDX enabled processors. For more information, see Azure confidential VM guest attestation.

    Your Trusted Launch VM needs Secure Boot and virtual Trusted Platform Module (vTPM) to be enabled so that the attestation extensions can be installed. Microsoft Defender for Cloud offers reports based on Guest Attestation verifying status and that the boot integrity of your VM is set up correctly. To learn more about Microsoft Defender for Cloud integration, see Trusted Launch integration with Microsoft Defender for Cloud.

    To know more about Confidential OS disk encryption and verify these guarantees, please go through the document: https://video2.skills-academy.com/en-us/azure/confidential-computing/confidential-vm-overview
    Yes, you can launch Confidential Virtual Machines (CVMs) with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) on a higher kernel version. However, it’s important to ensure compatibility and stability.
    https://video2.skills-academy.com/en-us/azure/confidential-computing/confidential-vm-faq#can-i-convert-a-dcasv5-ecasv5-cvm-into-a-dcesv5-ecesv5-cvm-or-a-dcesv5-ecesv5-cvm-into-a-dcasv5-ecasv5-cvm-
    When you create an Ubuntu Server 20.04 LTS (Confidential VM - SEV-SNP Only), you will obtain a Confidential Virtual Machine (CVM) guest that leverages SEV-SNP (Secure Encrypted Virtualization - Secure Nested Paging). This technology, provided by AMD, offers hardware-based isolation between virtual machines, the hypervisor, and host management code. It ensures that the VM's memory is encrypted and protected from unauthorized access. https://azuremarketplace.microsoft.com/en-us/marketplace/apps/canonical.0001-com-ubuntu-confidential-vm-focal?tab=Overview

    When you create an Ubuntu Pro 22.04 LTS (Confidential VM), you will obtain a Confidential Virtual Machine (CVM) guest that includes several advanced security features. These features are designed to provide strong security and confidentiality guarantees. https://azuremarketplace.microsoft.com/en-us/marketplace/apps/canonical.0001-com-ubuntu-pro-confidential-vm-jammy?tab=Overview

    Secure virtualisation with AMD SEV-SNP and Intel TDX

    For the x86 architecture, both AMD and Intel processors provide hardware features (named AMD SEV SNP and Intel TDX respectively) to support running virtual machines with memory encryption and integrity protection. They ensure that the data contained within the virtual machine is inaccessible to the hypervisor and hence the infrastructure operator.  Support for using these features as a guest virtual machine was introduced in the upstream Linux kernel version 5.19.
    https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-24-04-lts

    If you have any further queries, do let us know.

    If the answer is helpful, please click "Accept Answer" and "Upvote it."

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mounika Reddy Anumandla 405 Reputation points Microsoft Vendor
    2024-10-03T09:28:03.7533333+00:00

    Hi Joey,
    Thank you for your patience while we were reviewing your question. The issue needed deeper investigation. I have checked with the internal team, and they have given the solution. as below:
    You can suggest the customer to run below command to check the status

    cpuid -l 0x4000000C -1 | awk '$4 ~ /^ebx=.2$/ { print "AMD SEV-SNP is enabled"}'

    The -l flag specifies the leaf to query, where 0x4000000C is a leaf specific to querying AMD SEV-SNP features.

    The -1 flag means to print the result of the CPUID instruction for this specific leaf.

    ~ /^ebx=.*2$/ is a pattern matching condition that checks if ebx contains a value ending with 2. The value of ebx here could indicate SEV-SNP feature.

    In short, above command checks if AMD SEV-SNP is enabled on the system by querying the CPU features. If the condition is met, it prints the message “AMD SEV-SNP is enabled".
    Beyond what is mentioned above, recently Azure has published one blog about openHCL.

    Azure confidential VMs use the concept of a paravisor to implement enlightenment on behalf of the guest OS so that the guest OS can run mostly unmodified inside a CVM across various hardware providers. With the paravisor, the guest OS does not need to be fully enlightened to run confidential in Azure, meaning that we can support older OS versions on Azure confidential VMs.

    OpenHCL is an implementation of the paravisor for Confidential VMs in Azure, that will soon be available in the Azure fleet. The OpenHCL VTL2 partition is used to securely host the guest paravisor firmware layer for confidential VM support. As mentioned above, OpenHCL will effectively allow guest VMs to run as confidential VMs in Azure, adding support across a wide variety of guest OS’s and confidential hardware providers.  

     Because of Azure implementation methodology of confidential VM leveraging paravisor, the tool sevctl released by AMD does not work. We also recommend customers to leverage CVM guest attestation to attest it is truly confidential VM with security feature turned on.

    If you have any further queries, do let us know.

    If the answer is helpful, please click "Accept Answer" and "Upvote it."

    User's image

     

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.