From: Dave Hansen <dave.hansen@intel.com>
To: Carlos Bilbao <carlos.bilbao@amd.com>,
Sean Christopherson <seanjc@google.com>
Cc: Elena Reshetova <elena.reshetova@intel.com>,
"corbet@lwn.net" <corbet@lwn.net>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"ardb@kernel.org" <ardb@kernel.org>,
"kraxel@redhat.com" <kraxel@redhat.com>,
"dovmurik@linux.ibm.com" <dovmurik@linux.ibm.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"Dhaval.Giani@amd.com" <Dhaval.Giani@amd.com>,
"michael.day@amd.com" <michael.day@amd.com>,
"pavankumar.paluri@amd.com" <pavankumar.paluri@amd.com>,
"David.Kaplan@amd.com" <David.Kaplan@amd.com>,
"Reshma.Lal@amd.com" <Reshma.Lal@amd.com>,
"Jeremy.Powell@amd.com" <Jeremy.Powell@amd.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"alexander.shishkin@linux.intel.com"
<alexander.shishkin@linux.intel.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"dgilbert@redhat.com" <dgilbert@redhat.com>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"dinechin@redhat.com" <dinechin@redhat.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"berrange@redhat.com" <berrange@redhat.com>,
"mst@redhat.com" <mst@redhat.com>,
"tytso@mit.edu" <tytso@mit.edu>,
"jikos@kernel.org" <jikos@kernel.org>,
"joro@8bytes.org" <joro@8bytes.org>,
"leon@kernel.org" <leon@kernel.org>,
"richard.weinberger@gmail.com" <richard.weinberger@gmail.com>,
"lukas@wunner.de" <lukas@wunner.de>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"cdupontd@redhat.com" <cdupontd@redhat.com>,
"jasowang@redhat.com" <jasowang@redhat.com>,
"sameo@rivosinc.com" <sameo@rivosinc.com>,
"bp@alien8.de" <bp@alien8.de>,
"security@kernel.org" <security@kernel.org>,
Andrew Bresticker <abrestic@rivosinc.com>,
Rajnesh Kanwal <rkanwal@rivosinc.com>,
Dylan Reid <dylan@rivosinc.com>, Ravi Sahita <ravi@rivosinc.com>
Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model
Date: Wed, 26 Apr 2023 13:12:43 -0700 [thread overview]
Message-ID: <45a798dd-af8b-a162-adc5-71237b33b8d1@intel.com> (raw)
In-Reply-To: <9021d861-cde6-a51a-7d8c-b3f67eaa01d8@amd.com>
On 4/26/23 12:21, Carlos Bilbao wrote:
>> Confidential Computing (coco) hardware such as AMD SEV (Secure Encrypted
>> Virtualization) allows guest owners to inject secrets into the VMs
>> memory without the host/hypervisor being able to read them.
>>
>> My complaint about this document being too Intel/AMD centric isn't that it doesn't
>> mention other implementations, it's that the doc describes CoCo purely from the
>> narrow viewpoint of Intel TDX and AMD SNP, and to be blunt, reads like a press
>> release and not an objective overview of CoCo.
> Be specific about the parts of the document that you feel are too
> AMD/Intel centric, and we will correct them.
That's kinda not the point.
Confidential computing covers a *REALLY* wide swath of technologies,
even on just AMD and Intel: SGX, SEV{,-ES,SNP}, MKTME, TDX.
But this document is talking about one *VERY* *SPECIFIC* thing: VMs
running under SEV-SNP or TDX and in a very specific environment: CSPs.
Also, not even *ALL* CSPs, a subset of CSPs. You're tossing out a huge
chunk of the confidential computing world without acknowledging it.
I don't have any great suggestions on what you call this subset. Maybe
you get an ack from the CoVE folks:
> https://lore.kernel.org/all/20230419221716.3603068-1-atishp@rivosinc.com/
and call it
tdx-and-snp-and-cove-at-some-random-unnamed-big-fancy-csps-threat-model.rst.
Just add an -and-foo each time a new hardware vendor shows up until
someone smarter than us finds a good name.
But I do think the difficulty here is in drawing that "line in the sand"
I was talking about. You're trying to make the argument that once you
get hardware support for:
1. Increased guest data and state confidentiality from a VMM
2. Better guest data and state integrity in the face of VMM modification
3. More tightly controlled guest interrupt injection
4. Some additional mechanisms to control guest-host page mapping.
... then you need all this *other* stuff that the document talks about.
I think #3 and #4 are really just (SEV and TDX) implementation details.
I can certainly imagine a sane architecture without all of x86's warts
that doesn't care much about #3.
I think I know what #4 is talking about, but it's too handwavy for me to
even offer any improvements. I actually think #4 is just a subset of
integrity protection: make sure that the same data that the guest puts
in memory at a guest physical address comes back out at that address
later. SEV and TDX implement that by preventing the host from remapping
guest physical address space willy nilly, but it's just integrity
protection by another name.
next prev parent reply other threads:[~2023-04-26 20:12 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 14:18 [PATCH] docs: security: Confidential computing intro and threat model Carlos Bilbao
2023-03-29 10:40 ` Greg KH
2023-03-30 17:32 ` Carlos Bilbao
2023-04-22 3:17 ` Bagas Sanjaya
2023-04-21 21:09 ` Kaplan, David
2023-04-25 13:43 ` Carlos Bilbao
2023-04-25 15:02 ` Sean Christopherson
2023-04-26 13:32 ` Reshetova, Elena
2023-04-26 15:08 ` Carlos Bilbao
2023-04-26 15:51 ` Sean Christopherson
2023-04-26 19:21 ` Carlos Bilbao
2023-04-26 19:53 ` Sean Christopherson
2023-04-26 20:15 ` Carlos Bilbao
2023-04-26 21:33 ` Sean Christopherson
2023-04-26 22:27 ` Carlos Bilbao
2023-04-27 12:29 ` Reshetova, Elena
2023-04-27 14:16 ` Carlos Bilbao
2023-04-27 15:18 ` Sean Christopherson
2023-04-27 17:59 ` Carlos Bilbao
2023-04-26 20:12 ` Dave Hansen [this message]
2023-04-26 15:18 ` James Bottomley
2023-04-26 16:17 ` Sean Christopherson
2023-04-27 12:43 ` Reshetova, Elena
2023-04-27 13:18 ` James Bottomley
2023-04-27 15:47 ` Reshetova, Elena
2023-04-27 16:16 ` James Bottomley
2023-04-27 16:46 ` Randy Dunlap
2023-04-27 17:19 ` Michael S. Tsirkin
2023-04-27 18:27 ` James Bottomley
2023-04-27 12:56 ` Reshetova, Elena
2023-04-26 15:46 ` Dave Hansen
2023-04-26 16:03 ` Sean Christopherson
2023-04-27 19:06 ` Peter Gonda
2023-04-27 18:47 ` Peter Gonda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45a798dd-af8b-a162-adc5-71237b33b8d1@intel.com \
--to=dave.hansen@intel.com \
--cc=David.Kaplan@amd.com \
--cc=Dhaval.Giani@amd.com \
--cc=Jeremy.Powell@amd.com \
--cc=Reshma.Lal@amd.com \
--cc=abrestic@rivosinc.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=ardb@kernel.org \
--cc=berrange@redhat.com \
--cc=bp@alien8.de \
--cc=carlos.bilbao@amd.com \
--cc=cdupontd@redhat.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dgilbert@redhat.com \
--cc=dinechin@redhat.com \
--cc=dovmurik@linux.ibm.com \
--cc=dylan@rivosinc.com \
--cc=elena.reshetova@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=jasowang@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=jikos@kernel.org \
--cc=joro@8bytes.org \
--cc=kraxel@redhat.com \
--cc=leon@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=michael.day@amd.com \
--cc=mst@redhat.com \
--cc=pavankumar.paluri@amd.com \
--cc=ravi@rivosinc.com \
--cc=richard.weinberger@gmail.com \
--cc=rkanwal@rivosinc.com \
--cc=sameo@rivosinc.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).