From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C259C4361A for ; Fri, 4 Dec 2020 13:27:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD2D5225A9 for ; Fri, 4 Dec 2020 13:27:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727711AbgLDN04 (ORCPT ); Fri, 4 Dec 2020 08:26:56 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:21840 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726395AbgLDN04 (ORCPT ); Fri, 4 Dec 2020 08:26:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607088329; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references; bh=X/a++xww5bzaRfGpbjrSlypbsSv7INhqHTSBjxbZQlc=; b=X6fSz39psvX/BpdUhpe7r6FVBGV8hFcuGi7dG2ySJV/D85dwwVSr2Fuf7Xhwi5rZXvC0cp 2qukAEtfxexaLQy4l2DBBGG0mNN0mNWMGvJ9PFEHXLumioe2qmOVRHpLjRITQNkcPK5lOW 53TE1t8iiqkkw8rVutzZz/ZoS8iWliI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-277-monpTWtON_mFFFUnjNVkCw-1; Fri, 04 Dec 2020 08:25:17 -0500 X-MC-Unique: monpTWtON_mFFFUnjNVkCw-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 189C1800D55; Fri, 4 Dec 2020 13:25:15 +0000 (UTC) Received: from redhat.com (ovpn-115-10.ams2.redhat.com [10.36.115.10]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 55A805C22B; Fri, 4 Dec 2020 13:25:03 +0000 (UTC) Date: Fri, 4 Dec 2020 13:25:00 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= To: "Dr. David Alan Gilbert" Cc: Cornelia Huck , pair@us.ibm.com, brijesh.singh@amd.com, frankja@linux.ibm.com, kvm@vger.kernel.org, "Michael S. Tsirkin" , Richard Henderson , Marcelo Tosatti , david@redhat.com, qemu-devel@nongnu.org, Eduardo Habkost , mdroth@linux.vnet.ibm.com, pasic@linux.ibm.com, Christian Borntraeger , qemu-s390x@nongnu.org, qemu-ppc@nongnu.org, thuth@redhat.com, pbonzini@redhat.com, rth@twiddle.net, David Gibson Subject: Re: [for-6.0 v5 00/13] Generalize memory encryption models Message-ID: <20201204132500.GI3056135@redhat.com> Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <20201204054415.579042-1-david@gibson.dropbear.id.au> <20201204140205.66e205da.cohuck@redhat.com> <20201204130727.GD2883@work-vm> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20201204130727.GD2883@work-vm> User-Agent: Mutt/1.14.6 (2020-07-11) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org On Fri, Dec 04, 2020 at 01:07:27PM +0000, Dr. David Alan Gilbert wrote: > * Cornelia Huck (cohuck@redhat.com) wrote: > > On Fri, 4 Dec 2020 09:06:50 +0100 > > Christian Borntraeger wrote: > > > > > On 04.12.20 06:44, David Gibson wrote: > > > > A number of hardware platforms are implementing mechanisms whereby the > > > > hypervisor does not have unfettered access to guest memory, in order > > > > to mitigate the security impact of a compromised hypervisor. > > > > > > > > AMD's SEV implements this with in-cpu memory encryption, and Intel has > > > > its own memory encryption mechanism. POWER has an upcoming mechanism > > > > to accomplish this in a different way, using a new memory protection > > > > level plus a small trusted ultravisor. s390 also has a protected > > > > execution environment. > > > > > > > > The current code (committed or draft) for these features has each > > > > platform's version configured entirely differently. That doesn't seem > > > > ideal for users, or particularly for management layers. > > > > > > > > AMD SEV introduces a notionally generic machine option > > > > "machine-encryption", but it doesn't actually cover any cases other > > > > than SEV. > > > > > > > > This series is a proposal to at least partially unify configuration > > > > for these mechanisms, by renaming and generalizing AMD's > > > > "memory-encryption" property. It is replaced by a > > > > "securable-guest-memory" property pointing to a platform specific > > > > > > Can we do "securable-guest" ? > > > s390x also protects registers and integrity. memory is only one piece > > > of the puzzle and what we protect might differ from platform to > > > platform. > > > > > > > I agree. Even technologies that currently only do memory encryption may > > be enhanced with more protections later. > > There's already SEV-ES patches onlist for this on the SEV side. > > > > Perhaps 'confidential guest' is actually what we need, since the > marketing folks seem to have started labelling this whole idea > 'confidential computing'. I think we shouldn't worry about the specific name too much, as it won't be visible much outside QEMU and the internals of the immediate layer above such as libvirt. What matters much more is that we have documentation that clearly explains what the different levels of protection are for each different architecture, and/or generation of architecture. Mgmt apps / end users need understand exactly what kind of unicorns they are being promised for a given configuration. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|