Add AMD-SEV musings

Signed-off-by: SabreenKaur <[email protected]>

musings/amd-sev.md

@@ -0,0 +1,47 @@
+# AMD Secure Encrypted Virtualization (AMD-SEV)
+
+# Concepts
+- AMD-SEV is targeted at securing virtual machines by encrypting the memory of each virtual machine with a unique key.
+- SEV can protect your machine from a potentially malicious hypervisor.
+- SEV can calculate a signature of virtual machine's memory content which can be sent to the VM's owner as an attestation that the memory on the target host, was encrypted correctly by firmware.
+- AMD-SEV SNP is an extension to SEV which adds new hardware-based security protections
+
+## Keys used in SEV
+The AMD SEV firmware provides a mechanism to verify that it is executing on AMD hardware that supports SEV. The following key hierarchy, rooted in an AMD-owned key, is used in this process:
+
+- $PDH$ (Platform Diffie Hellman) key - This key is used to negotiate a master secret which is then used with a key derivation function to establish a trusted channel
+- $PEK$ (Platform Endorsement Key) - This key signs the $PDH$ to anchor the $PDH$ to the AMD root of trust and the platform owner's root of trust
+- $CEK$ (Chip endorsement key) - This key signs the $PEK$ to anchor the $PEK$ to the AMD root of trust. Each chip has a unique $CEK$ which is derived from secrets stored in the chip's one-time programmable (OTP) memory
+- $ASK$ (AMD Signing Key) - The $ASK$ private key signs the $CEK$ public key  to demonstrate that the $CEK$ is an authentic AMD key
+- $ARK$ (AMD Root Key) - The $ARK$ private key signs the $ASK$ public key to demonstrate that the $ASK$ is an authentic AMD key. This key is the root of trust of AMD and its signatures signify AMD authencity
+
+Therefore the following certificate chain is produced:
+
+
+$ARK \rightarrow ASK \rightarrow CEK \rightarrow PEK \rightarrow PDH$
+
+
+Therefore if the secure channel can be established using the $PDH$ key, then it is ensured that, the attesting workload is executed on, is an authentic AMD system which has the SEV feature.
+
+## AMD-SEV SNP Attestation report measurements
+
+### Platform measurements
+- CHIP_ID - The unique chip identifier
+- PLATFORM_INFO - Indicates properties of the platform configuration, for example whether whole system memory encryption (TSME) or simultaneous multithreading (SMT) is enabled
+- CURRENT_TCB - Security Version Numbers (SVNs) of the current executing platform firmware and microcode
+- COMMITTED_TCB - SVNs of the anti-rollback minimum of the platform firmware and microcode
+- REPORTED_TCB - SVN of the hypervisor. The hypervisor has the option to report a lower version
+- LAUNCH_TCB - SVNs of the platform firmware and microcode at the time the guest was launched or imported
+
+### Guest measurements
+- FAMILY_ID - The family ID of the guest that is provided at launch
+- IMAGE_ID - The image ID of the guest that is provided at launch
+- GUEST_SVN - The guest SVN
+- MEASUREMENT - Measurement of the guest address space
+- ID_KEY_DIGEST - SHA-384 digest of the ID public key that signed the [ID block](https://www.amd.com/system/files/TechDocs/56860.pdf#page=91) provided in `SNP_LAUNCH_FINISH`
+- AUTHOR_KEY_DIGEST - SHA-384 digest of the Author public key that certified the ID key, if provided in `SNP_LAUNCH_FINISH`
+- POLICY - The [guest policy](https://www.amd.com/system/files/TechDocs/56860.pdf#page=26)
+- REPORT_ID - Report ID of this guest
+- REPORT_ID_MA - Report ID of this guest's migration agent, if the guest is associated with a migration agent
+
+More details on other elements of the produced attestation report are outlined [here](https://www.amd.com/system/files/TechDocs/56860.pdf#page=44).