Mark tracing statements across the codebase as CVM_ALLOWED or CVM_CONFIDENTIAL #852
Assignees
Milestone
Comments
smalis-msft
added
snp
smalis-msft
added this to the OpenHCL support for the GA of TDX CVMs in Azure milestone
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
By default, when operating within a CVM, OpenHCL will block all of its internal tracing statements from reaching the host. This is necessary to prevent the accidental disclosure of sensitive information to the host. However this creates a debugging challenge, as our logs are one of the only signals we can get out of a CVM. To solve this we have a marker,
CVM_ALLOWED, that can be added to a tracing statement to attest that it contains information that is safe to disclose to the host. We need to go through all of our tracing statements and determine which are safe to log, which are not, and annotate them appropriately.(We also have a
CVM_CONFIDENTIALmarker to mark statements that contain sensitive information that should not go to the host, however this is the same as the default behavior, and thus is a functional no-op. It is intended just to provide a signal that the tracing statement has been audited.)See the documentation in the
cvm_tracingcrate and this guide section for more information.The text was updated successfully, but these errors were encountered: