From: Lukas Wunner <lukas@wunner.de>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Linuxarm <linuxarm@huawei.com>,
"Weiny, Ira" <ira.weiny@intel.com>,
Linux PCI <linux-pci@vger.kernel.org>,
linux-cxl@vger.kernel.org, CHUCK_LEVER <chuck.lever@oracle.com>
Subject: Re: [RFC PATCH 0/1] DOE usage with pcie/portdrv
Date: Sat, 7 May 2022 12:18:48 +0200 [thread overview]
Message-ID: <20220507101848.GB31314@wunner.de> (raw)
In-Reply-To: <CAPcyv4geBaTkoJ+Gefgq6RaKHtB3NMh5ruZ-1yV_i0UVaw3SWA@mail.gmail.com>
On Fri, May 06, 2022 at 03:40:25PM -0700, Dan Williams wrote:
> On Tue, May 3, 2022 at 8:35 AM Jonathan Cameron <Jonathan.Cameron@huawei.com> wrote:
> So, like you, I was envisioning all the CMA and SPDM code landing in
> the kernel until I read this:
>
> "Extending in-kernel TLS support"
> https://lwn.net/Articles/892216/
>
> ...and questioned why this new CMA/SPDM session establishment, which
> is similar to TLS, be done inside the kernel while TLS session
> establishment is done in userspace? I had a chance to chat with Chuck
> at LSF/MM and confirmed there is little appetite to change this
> up-call requirement for session establishment and expect CMA to be the
> same. The rough idea of how this works with CMA/SPDM is providing an
> ABI to retrieve session setup data with the end result of userspace
> instantiating a keyid via keyctl the to be used for future SPDM
> messages.
I'm still somewhat undecided on the kernel vs. user space question.
The simplest approach would be to expose DOE to user space and just
let it send the requests necessary for setting up an SPDM session
as well as IDE.
Jonathan posted patches a while ago to expose a DOE chrdev:
https://lore.kernel.org/all/20210524133938.2815206-5-Jonathan.Cameron@huawei.com/
On the other hand, I'm poring over Jonathan's latest kernel SPDM/CMA
patches and they're not very large, hence seem upstreamable.
It would be nice to have the kernel auto-detect that a PCI device
supports IDE and create a directory in sysfs as a result. The user
would just drop certificates there which are added to a keyring
and the kernel would automatically try to set up an SPDM session
with one of the certificates and bring up IDE encryption. Binding of
drivers to devices could be delayed until IDE is set up, as could be
enumeration of devices below a hot-plugged, IDE-capable PCIe switch.
(I can think of plenty of use cases, some good, some evil.
Such as preventing malicious / forged devices from being used,
but also vendors and employers controlling what people plug into
their machines. Brave new world.)
Of course, it would probably be possible to implement all of this
in user space but it might not be as seamless.
I just fear that we may become a laughing stock for security researchers
with a kernel-only implementation. Kind of like "ASN.1 parsing at ring 0":
https://x41-dsec.de/lab/blog/kernel_userspace/
I have some feedback on Jonathan's SPDM/CMA patches and will send it
out in a bit...
Thanks,
Lukas
next prev parent reply other threads:[~2022-05-07 10:18 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-03 15:34 [RFC PATCH 0/1] DOE usage with pcie/portdrv Jonathan Cameron
2022-05-03 15:34 ` [RFC PATCH 1/1] pcie/portdrv: Hack in DOE and CDAT support Jonathan Cameron
2022-05-06 22:40 ` [RFC PATCH 0/1] DOE usage with pcie/portdrv Dan Williams
2022-05-07 10:18 ` Lukas Wunner [this message]
2022-05-09 9:48 ` Jonathan Cameron
2022-05-11 19:13 ` Lukas Wunner
2022-05-11 19:19 ` Lukas Wunner
2022-05-11 19:43 ` Dan Williams
2022-05-14 13:55 ` Lukas Wunner
2022-05-16 17:01 ` Dan Williams
2022-05-27 9:39 ` Lukas Wunner
2022-05-18 13:43 ` Christoph Hellwig
2022-05-18 15:08 ` Dan Williams
2022-05-20 5:42 ` Lukas Wunner
2022-05-20 15:37 ` Dan Williams
2022-05-20 15:42 ` Chuck Lever III
2022-05-11 19:42 ` Dan Williams
2022-05-11 20:22 ` Hindman, Gavin
2022-05-11 21:04 ` Dan Williams
2022-05-14 13:31 ` Lukas Wunner
2022-05-16 16:53 ` Dan Williams
2022-05-09 9:33 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220507101848.GB31314@wunner.de \
--to=lukas@wunner.de \
--cc=Jonathan.Cameron@huawei.com \
--cc=chuck.lever@oracle.com \
--cc=dan.j.williams@intel.com \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox