From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C9B9C77B78 for ; Wed, 26 Apr 2023 15:24:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240647AbjDZPYD (ORCPT ); Wed, 26 Apr 2023 11:24:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240838AbjDZPYC (ORCPT ); Wed, 26 Apr 2023 11:24:02 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B28C26B9; Wed, 26 Apr 2023 08:24:01 -0700 (PDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 33QFMjXN011286; Wed, 26 Apr 2023 15:23:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=5IyWirluzXQID9XJYcX+SwZPx1Xgh0mwKf+sipnh1Rk=; b=o54+pZAyY/T3idbk4Xjk7C+slAUjFDJ8GSUrpGNXtiw21jIhhTkkKwyGPwQgcfkAdlsY qN3m1FTvVGWuIZJV5J/9kxLFfV2IWDROOm9wcnuE9YBVMNzvYeZu8dpRADOMQIFsMSpQ HsY5LMqpjaJEcgd94b5mDpYiTt/YkBLKxcN6XhB5AW+gU1LEPXPxh1ZTBEtbjFaIxI+x AJqVLlfzGTWuoq2Clsb7temKdSnxLkA+V6GCNBwrgG7fnjMcqSk/HAtb+WcjUwp0RUD7 R+SZfgSpoq+lYOhHR/fA+ugF1El133qrudJI5SSxVA6wAEmfagqB+rjrgSpylO68FxyS eg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3q765wrr5e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:23:17 +0000 Received: from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 33QF7O7A002103; Wed, 26 Apr 2023 15:23:15 GMT Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3q765wrr33-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:23:15 +0000 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 33QCT3Ed032073; Wed, 26 Apr 2023 15:18:12 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([9.208.129.114]) by ppma04wdc.us.ibm.com (PPS) with ESMTPS id 3q4777wygr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:18:12 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 33QFIBlw54526288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 26 Apr 2023 15:18:11 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E2AE958065; Wed, 26 Apr 2023 15:18:10 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1956F58058; Wed, 26 Apr 2023 15:18:05 +0000 (GMT) Received: from lingrow.int.hansenpartnership.com (unknown [9.211.118.80]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 26 Apr 2023 15:18:04 +0000 (GMT) Message-ID: <7502e1af0615c08167076ff452fc69ebf316c730.camel@linux.ibm.com> Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model From: James Bottomley Reply-To: jejb@linux.ibm.com To: "Reshetova, Elena" , "Christopherson, , Sean" , Carlos Bilbao Cc: "corbet@lwn.net" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "ardb@kernel.org" , "kraxel@redhat.com" , "dovmurik@linux.ibm.com" , "dave.hansen@linux.intel.com" , "Dhaval.Giani@amd.com" , "michael.day@amd.com" , "pavankumar.paluri@amd.com" , "David.Kaplan@amd.com" , "Reshma.Lal@amd.com" , "Jeremy.Powell@amd.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "alexander.shishkin@linux.intel.com" , "thomas.lendacky@amd.com" , "tglx@linutronix.de" , "dgilbert@redhat.com" , "gregkh@linuxfoundation.org" , "dinechin@redhat.com" , "linux-coco@lists.linux.dev" , "berrange@redhat.com" , "mst@redhat.com" , "tytso@mit.edu" , "jikos@kernel.org" , "joro@8bytes.org" , "leon@kernel.org" , "richard.weinberger@gmail.com" , "lukas@wunner.de" , "cdupontd@redhat.com" , "jasowang@redhat.com" , "sameo@rivosinc.com" , "bp@alien8.de" , "security@kernel.org" , Andrew Bresticker , Rajnesh Kanwal , Dylan Reid , Ravi Sahita Date: Wed, 26 Apr 2023 11:18:03 -0400 In-Reply-To: References: <20230327141816.2648615-1-carlos.bilbao@amd.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: kr6owqMIH95NE01e4SLMhX0r13XFzqpx X-Proofpoint-GUID: _lSiUX2-N5MOlon2znWzr_yfsQngWUho X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-26_07,2023-04-26_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 adultscore=0 bulkscore=0 clxscore=1011 spamscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304260134 Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org On Wed, 2023-04-26 at 13:32 +0000, Reshetova, Elena wrote: > > On Mon, Mar 27, 2023, Carlos Bilbao wrote: [...] > > > +provide stronger security guarantees to their clients (usually > > > referred to +as tenants) by excluding all the CSP's > > > infrastructure and SW out of the +tenant's Trusted Computing Base > > > (TCB). > > > > This is inaccurate, the provider may still have software and/or > > hardware in the TCB. > > Well, this is the end goal where we want to be, the practical > deployment can differ of course. We can rephrase that it "allows to > exclude all the CSP's infrastructure and SW out of tenant's TCB." That's getting even more inaccurate. To run in a Cloud with CoCo you usually have to insert some provided code, like OVMF and, for AMD, the SVSM. These are often customized by the CSP to suit the cloud infrastructure, so you're running their code. The goal, I think, is to make sure you only run code you trust (some of which may come from the CSP) in your TCB, which is very different from the statement above. James