From: Alexander Graf <graf@amazon.com>
To: Ashish Kalra <Ashish.Kalra@amd.com>, <tglx@linutronix.de>,
<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,
<x86@kernel.org>
Cc: <rafael@kernel.org>, <peterz@infradead.org>,
<adrian.hunter@intel.com>,
<sathyanarayanan.kuppuswamy@linux.intel.com>,
<jun.nakajima@intel.com>, <rick.p.edgecombe@intel.com>,
<thomas.lendacky@amd.com>, <michael.roth@amd.com>,
<seanjc@google.com>, <kai.huang@intel.com>, <bhe@redhat.com>,
<kirill.shutemov@linux.intel.com>, <bdas@redhat.com>,
<vkuznets@redhat.com>, <dionnaglaze@google.com>,
<anisinha@redhat.com>, <jroedel@suse.de>, <ardb@kernel.org>,
<kexec@lists.infradead.org>, <linux-coco@lists.linux.dev>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v4 0/4] x86/snp: Add kexec support
Date: Thu, 2 May 2024 14:01:08 +0200 [thread overview]
Message-ID: <26b3b3b5-548d-4ebd-9d21-19580a41e799@amazon.com> (raw)
In-Reply-To: <cover.1712694667.git.ashish.kalra@amd.com>
Hey Ashish,
On 09.04.24 22:42, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@amd.com>
>
> The patchset adds bits and pieces to get kexec (and crashkernel) work on
> SNP guest.
With this patch set (and similar for the TDX one), you enable the
typical kdump case, which is great!
However, if a user is running with direct kernel boot - which is very
typical in SEV-SNP setup, especially for Kata Containers and similar -
the initial launch measurement is a natural indicator of the target
environment. Kexec basically allows them to completely bypass that: You
would be able to run a completely different environment than the one you
measure through the launch digest. I'm not sure it's a good idea to even
allow that by default in CoCo environments - at least not if the kernel
is locked down.
Do you have any plans to build a CoCo native kexec where you allow a VM
to create a new VM context with a guest provided seed? The new context
could rerun all of the attestation and so enable users to generate a new
launch digest. If you then atomically swap into the new context, it
would in turn enable them to natively "kexec" into a completely new VM
context including measurements.
I understand that an SVSM + TPM implementation may help to some extent
here by integrating with IMA and adding the new kernel into the IMA log.
But that quickly becomes very convoluted (hence difficult to assess
correctness for) and the same measurement question arises just one level
up then: How do you update your SVSM while maintaining a full
measurement and trust chain?
Thanks,
Alex
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2024-05-02 12:01 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240409113010.465412-1-kirill.shutemov@linux.intel.com>
[not found] ` <20240409113010.465412-6-kirill.shutemov@linux.intel.com>
2024-04-09 12:38 ` [PATCHv10 05/18] x86/kexec: Keep CR4.MCE set during kexec for TDX guest Huang, Kai
2024-04-09 14:22 ` Sean Christopherson
2024-04-09 15:26 ` Kirill A. Shutemov
2024-04-28 17:11 ` Borislav Petkov
2024-04-29 13:17 ` Kirill A. Shutemov
2024-04-29 14:45 ` Borislav Petkov
2024-04-29 15:16 ` Kirill A. Shutemov
2024-04-30 12:57 ` Borislav Petkov
2024-04-30 13:03 ` Borislav Petkov
2024-04-30 14:49 ` Kirill A. Shutemov
2024-05-02 13:22 ` Borislav Petkov
2024-05-02 13:38 ` Borislav Petkov
2024-04-09 20:42 ` [PATCH v4 0/4] x86/snp: Add kexec support Ashish Kalra
2024-04-09 20:42 ` [PATCH v4 1/4] efi/x86: skip efi_arch_mem_reserve() in case of kexec Ashish Kalra
2024-04-09 20:42 ` [PATCH v4 2/4] x86/sev: add sev_es_enabled() function Ashish Kalra
2024-04-09 21:21 ` Borislav Petkov
2024-04-09 20:42 ` [PATCH v4 3/4] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-09 20:43 ` [PATCH v4 4/4] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-04-10 14:17 ` kernel test robot
2024-04-15 23:22 ` [PATCH v5 0/3] x86/snp: Add kexec support Ashish Kalra
2024-04-15 23:22 ` [PATCH v5 1/3] efi/x86: skip efi_arch_mem_reserve() in case of kexec Ashish Kalra
2024-04-24 14:48 ` Borislav Petkov
2024-04-24 21:17 ` Kalra, Ashish
2024-04-25 16:45 ` Kalra, Ashish
2024-04-26 14:21 ` Borislav Petkov
2024-04-26 14:47 ` Kalra, Ashish
2024-04-26 15:22 ` Borislav Petkov
2024-04-26 15:28 ` Kalra, Ashish
2024-04-26 15:34 ` Borislav Petkov
2024-04-26 16:32 ` Kalra, Ashish
2024-04-15 23:23 ` [PATCH v5 2/3] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-15 23:23 ` [PATCH v5 3/3] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-04-26 16:33 ` [PATCH v6 0/3] x86/snp: Add kexec support Ashish Kalra
2024-04-26 16:33 ` [PATCH v6 1/3] efi/x86: Fix EFI memory map corruption with kexec Ashish Kalra
2024-05-09 9:56 ` Ruirui Yang
2024-05-09 10:00 ` Dave Young
2024-05-10 18:36 ` Kalra, Ashish
2024-04-26 16:34 ` [PATCH v6 2/3] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-26 16:35 ` [PATCH v6 3/3] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-05-02 12:01 ` Alexander Graf [this message]
2024-05-02 12:18 ` [PATCH v4 0/4] x86/snp: Add kexec support Vitaly Kuznetsov
2024-05-03 8:32 ` Alexander Graf
2024-05-09 9:19 ` Vitaly Kuznetsov
2024-05-02 21:54 ` Kalra, Ashish
[not found] ` <20240409113010.465412-4-kirill.shutemov@linux.intel.com>
2024-04-18 14:37 ` [PATCHv10 03/18] cpu/hotplug: Add support for declaring CPU offlining not supported Borislav Petkov
2024-04-19 13:31 ` Kirill A. Shutemov
2024-04-23 13:17 ` Borislav Petkov
[not found] ` <20240409113010.465412-2-kirill.shutemov@linux.intel.com>
2024-04-18 16:03 ` [PATCHv10 01/18] x86/acpi: Extract ACPI MADT wakeup code into a separate file Borislav Petkov
2024-04-19 13:28 ` Kirill A. Shutemov
[not found] ` <20240409113010.465412-5-kirill.shutemov@linux.intel.com>
2024-04-23 16:02 ` [PATCHv10 04/18] cpu/hotplug, x86/acpi: Disable CPU offlining for ACPI MADT wakeup Borislav Petkov
2024-04-24 8:38 ` Kirill A. Shutemov
2024-04-24 13:50 ` Borislav Petkov
2024-04-24 14:35 ` Kirill A. Shutemov
2024-04-24 14:40 ` Dave Hansen
2024-04-24 14:51 ` Borislav Petkov
[not found] ` <20240409113010.465412-10-kirill.shutemov@linux.intel.com>
2024-04-27 16:47 ` [PATCHv10 09/18] x86/mm: Adding callbacks to prepare encrypted memory for kexec Borislav Petkov
[not found] ` <20240427170634.2397725-1-kirill.shutemov@linux.intel.com>
2024-05-02 13:45 ` [PATCHv10.1 " Borislav Petkov
2024-05-06 13:22 ` Kirill A. Shutemov
2024-05-06 14:21 ` Borislav Petkov
[not found] ` <20240409113010.465412-7-kirill.shutemov@linux.intel.com>
2024-04-28 17:25 ` [PATCHv10 06/18] x86/mm: Make x86_platform.guest.enc_status_change_*() return errno Borislav Petkov
2024-04-29 14:29 ` Kirill A. Shutemov
2024-04-29 14:53 ` Borislav Petkov
2024-05-03 16:29 ` Michael Kelley
[not found] ` <20240409113010.465412-11-kirill.shutemov@linux.intel.com>
2024-05-05 12:13 ` [PATCHv10 10/18] x86/tdx: Convert shared memory back to private on kexec Borislav Petkov
2024-05-06 15:37 ` Kirill A. Shutemov
2024-05-08 12:04 ` Borislav Petkov
2024-05-08 13:30 ` Kirill A. Shutemov
[not found] ` <20240409113010.465412-12-kirill.shutemov@linux.intel.com>
2024-05-08 12:12 ` [PATCHv10 11/18] x86/mm: Make e820_end_ram_pfn() cover E820_TYPE_ACPI ranges Borislav Petkov
[not found] ` <20240409113010.465412-14-kirill.shutemov@linux.intel.com>
2024-05-08 12:18 ` [PATCHv10 13/18] x86/acpi: Rename fields in acpi_madt_multiproc_wakeup structure Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26b3b3b5-548d-4ebd-9d21-19580a41e799@amazon.com \
--to=graf@amazon.com \
--cc=Ashish.Kalra@amd.com \
--cc=adrian.hunter@intel.com \
--cc=anisinha@redhat.com \
--cc=ardb@kernel.org \
--cc=bdas@redhat.com \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=jroedel@suse.de \
--cc=jun.nakajima@intel.com \
--cc=kai.huang@intel.com \
--cc=kexec@lists.infradead.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael@kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox