1 What: security/secrets/coco 1 What: security/secrets/coco
2 Date: February 2022 2 Date: February 2022
3 Contact: Dov Murik <dovmurik@linux.ibm.c 3 Contact: Dov Murik <dovmurik@linux.ibm.com>
4 Description: 4 Description:
5 Exposes confidential computing 5 Exposes confidential computing (coco) EFI secrets to
6 userspace via securityfs. 6 userspace via securityfs.
7 7
8 EFI can declare memory area us 8 EFI can declare memory area used by confidential computing
9 platforms (such as AMD SEV and 9 platforms (such as AMD SEV and SEV-ES) for secret injection by
10 the Guest Owner during VM's la 10 the Guest Owner during VM's launch. The secrets are encrypted
11 by the Guest Owner and decrypt 11 by the Guest Owner and decrypted inside the trusted enclave,
12 and therefore are not readable 12 and therefore are not readable by the untrusted host.
13 13
14 The efi_secret module exposes 14 The efi_secret module exposes the secrets to userspace. Each
15 secret appears as a file under 15 secret appears as a file under <securityfs>/secrets/coco,
16 where the filename is the GUID 16 where the filename is the GUID of the entry in the secrets
17 table. This module is loaded 17 table. This module is loaded automatically by the EFI driver
18 if the EFI secret area is popu 18 if the EFI secret area is populated.
19 19
20 Two operations are supported f 20 Two operations are supported for the files: read and unlink.
21 Reading the file returns the c 21 Reading the file returns the content of secret entry.
22 Unlinking the file overwrites 22 Unlinking the file overwrites the secret data with zeroes and
23 removes the entry from the fil 23 removes the entry from the filesystem. A secret cannot be read
24 after it has been unlinked. 24 after it has been unlinked.
25 25
26 For example, listing the avail 26 For example, listing the available secrets::
27 27
28 # modprobe efi_secret 28 # modprobe efi_secret
29 # ls -l /sys/kernel/security 29 # ls -l /sys/kernel/security/secrets/coco
30 -r--r----- 1 root root 0 Jun 30 -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
31 -r--r----- 1 root root 0 Jun 31 -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
32 -r--r----- 1 root root 0 Jun 32 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
33 -r--r----- 1 root root 0 Jun 33 -r--r----- 1 root root 0 Jun 28 11:54 e6f5a162-d67f-4750-a67c-5d065f2a9910
34 34
35 Reading the secret data by rea 35 Reading the secret data by reading a file::
36 36
37 # cat /sys/kernel/security/s 37 # cat /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
38 the-content-of-the-secret-da 38 the-content-of-the-secret-data
39 39
40 Wiping a secret by unlinking a 40 Wiping a secret by unlinking a file::
41 41
42 # rm /sys/kernel/security/se 42 # rm /sys/kernel/security/secrets/coco/e6f5a162-d67f-4750-a67c-5d065f2a9910
43 # ls -l /sys/kernel/security 43 # ls -l /sys/kernel/security/secrets/coco
44 -r--r----- 1 root root 0 Jun 44 -r--r----- 1 root root 0 Jun 28 11:54 736870e5-84f0-4973-92ec-06879ce3da0b
45 -r--r----- 1 root root 0 Jun 45 -r--r----- 1 root root 0 Jun 28 11:54 83c83f7f-1356-4975-8b7e-d3a0b54312c6
46 -r--r----- 1 root root 0 Jun 46 -r--r----- 1 root root 0 Jun 28 11:54 9553f55d-3da2-43ee-ab5d-ff17f78864d2
47 47
48 Note: The binary format of the 48 Note: The binary format of the secrets table injected by the
49 Guest Owner is described in 49 Guest Owner is described in
50 drivers/virt/coco/efi_secret/e 50 drivers/virt/coco/efi_secret/efi_secret.c under "Structure of
51 the EFI secret area". 51 the EFI secret area".
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.