New updates for Red Hat Enterprise Linux on confidential virtual machines

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: 

• Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump support
• Intel Trusted Domain Extension (TDX) guests
• Trustee attestation client

Full support for RHEL Unified Kernel Image (UKI)

First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line. Having all these parts in one binary allows for extending Secure Boot protection to cover the whole operating system boot process. This is important in various scenarios where the operating system starts booting from an untrusted storage, such as a confidential virtual machine (CVM) on a public cloud.

RHEL UKI is shipped  in the kernel-uki-virt package, and currently supports x86_64 architecture only. In the future, we plan to add other architectures that support UEFI firmware, in particular, ARM64 (Aarch 64). 

RHEL UKI is targeted at virtual machines and cloud instances. It can be used when the following prerequisites are met:

• UEFI firmware is used for booting (legacy BIOS boot is unsupported)
• Storage is NVMe, Virtio, or VMBus
• The drive uses GPT with standard partitioning. The partitioning scheme must be compliant with systemd-gpt-auto-generator. LUKS encrypted volumes are also supported
• Root volume uses XFS or Ext4 filesystem

UKI is based on systemd-stub and as a PE binary, and it can be booted directly from UEFI firmware. At Red Hat, we recommend using the shim bootloader when booting UKI. This allows the use of additional security mechanisms provided by shim, such as Machine Owner Key (MOK) and Secure Boot Advanced Targeting (SBAT). To simplify managing UEFI variables, uki-direct package (part of python3-virt-firmware) contains a convenient kernel-bootcfg tool. This package can also be used to implement A/B booting, in which the newly installed UKI is tried once and, in the event it boots successfully, becomes the default.

With the release of RHEL 10 and RHEL9.6, RHEL UKI technology is fully supported. Note that RHEL UKI can also be extended using the addons mechanism. 

RHEL UKI supports FIPS mode

In some cases, when using RHEL UKI, it may be necessary to modify an otherwise static kernel command line. In particular, switching RHEL to FIPS mode requires the fips=1 parameter on the kernel command line. To simplify common use cases, RHEL UKI ships with a set of pre-built and signed kernel command-line extensions included with kernel-uki-virt-addons package. With this package, FIPS enablement on the kernel command line is as easy as copying an addon to the EFI system partition:

# rpm -q kernel-uki-virt kernel-uki-virt-addons 
kernel-uki-virt-5.14.0-569.el9.x86_64 
kernel-uki-virt-addons-5.14.0-569.el9.x86_64 
# cp \ 
/lib/modules/5.14.0-569.el9.x86_64/vmlinuz-virt.efi.extra.d/fips-enable-virt.rhel.x86_64.addon.efi \ 
/boot/efi/EFI/Linux/`cat /etc/machine-id`-5.14.0-569.el9.x86_64.efi.extra.d/ 
# reboot 

After rebooting, you can verify that fips=1 appeared on the kernel command line:
 

# cat /proc/cmdline 
console=tty0 console=ttyS0  fips=1 

Note that in RHEL 9, you must also use fips-mode-setup to switch system-wide crypto policies to FIPS mode. With RHEL UKI, launch it with the --no-bootcfg switch:

# fips-mode-setup --no-bootcfg

RHEL UKI supports kdump enablement

Similar to FIPS, enabling kdump requires memory reservation. This is done by specifying crashkernel= parameter on the kernel command line. For convenience, kernel-uki-virt-addons includes signed addons for most common use cases:

# ls -1 /lib/modules/`uname -r`/vmlinuz-virt.efi.extra.d/ \ 
| grep crashkernel 
crashkernel-1536M-virt.rhel.x86_64.addon.efi 
crashkernel-192M-virt.rhel.x86_64.addon.efi 
crashkernel-1G-virt.rhel.x86_64.addon.efi 
crashkernel-256M-virt.rhel.x86_64.addon.efi 
crashkernel-2G-virt.rhel.x86_64.addon.efi 
crashkernel-512M-virt.rhel.x86_64.addon.efi 
crashkernel-default-virt.rhel.x86_64.addon.efi 

To enable the required addon, copy it to the /boot/efi/EFI/Linux/`cat /etc/machine-id`-`uname -r`.efi.extra.d/ directory.

Intel Trust Domain Extension (TDX) guests are now fully supported

Intel Trusted Domain Extension (TDX) is a confidential computing technology from Intel that provides hardware-isolated virtual machines (called a "trusted domain" or TD). Intel TDX provides confidentiality, authenticity, and integrity guarantees.

Support for running RHEL inside a TDX trusted domain was introduced with the RHEL 9.2 release as a Technology Preview. With the RHEL 10 and RHEL 9.6 releases, this use-case is fully supported. In particular, RHEL can be used on Google's C3 machine series in Google Cloud as well as on Microsoft Azure DCesv5 and ECesv5 series (currently in public preview).

Trustee client in RHEL

Remote attestation is an essential part of Confidential Computing because it proves the trustworthiness of an environment before confidential data can be put there. In a previous article, we described the IETF remote attestation procedures architecture (RATS) model and the Trustee project, and how these can be applied to Confidential Containers. RHEL 9.6 and 10 make using Trustee simple, and the Trustee client is included as the trustee-guest-components package. Note that the client is offered as a Technology Preview and can be used for development and testing purposes.

Summary

When confidentiality and security is an absolute priority, you can run RHEL on state-of-the-art hardware technologies, like AMD’s SEV-SNP and Intel’s TDX, with confidence that the software shipped with RHEL, such as RHEL UKI, is stable. Red Hat focuses on the ease of consumption of confidential computing technologies, making sure they are available to all customers running RHEL in virtualized and cloud environments.