From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Alexander Graf <graf@amazon.com>,
Ashish Kalra <Ashish.Kalra@amd.com>,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org
Cc: rafael@kernel.org, peterz@infradead.org, adrian.hunter@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com,
jun.nakajima@intel.com, rick.p.edgecombe@intel.com,
thomas.lendacky@amd.com, michael.roth@amd.com, seanjc@google.com,
kai.huang@intel.com, bhe@redhat.com,
kirill.shutemov@linux.intel.com, bdas@redhat.com,
dionnaglaze@google.com, anisinha@redhat.com, jroedel@suse.de,
ardb@kernel.org, kexec@lists.infradead.org,
linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 0/4] x86/snp: Add kexec support
Date: Thu, 09 May 2024 11:19:36 +0200 [thread overview]
Message-ID: <877cg3fil3.fsf@redhat.com> (raw)
In-Reply-To: <c2732461-e768-4356-82ce-a80c73997f02@amazon.com>
Alexander Graf <graf@amazon.com> writes:
> Correct. With IMA, you even do exactly that: Enforce a signature check
> of the next binary with kexec.
>
> The problem is that you typically want to update the system because
> something is broken; most likely your original environment had a
> security issue somewhere. From a pure SEV-SNP attestation point of view,
> you can not distinguish between the patched and unpatched environment:
> Both look the same.
>
> So while kexec isn't the problem, it's the fact that you can't tell
> anyone that you're now running a fixed version of the code :).
...
>
> I'm happy for CoCo to stay smoke and mirrors :).
"Only a Sith deals in absolutes" :-)
> But I believe that if
> you want to genuinely draw a trust chain back to an AMD/Intel
> certificate, we need to come up with a good way of making updates work
> with a working trust chain so that whoever checks whether you're running
> sanctioned code is able to validate the claim.
Launch measurements are what they are, they describe the state of your
guest before it started booting. There are multiple mechanisms in Linux
which change CPL0 code already: self-modifying code like static keys,
loadable modules, runtime patching, kexec,... In case some specific
deployment requires stronger guarantees we can probably introduce
something like 'full lockdown' mode (as a compile time option, I guess)
which would disable all of the aforementioned mechanisms. It will still
not be a hard proof that the running code matches launch measurements
(because vulnerabilities/bugs may still exist) I guess but could be an
improvement.
Basically, what I wanted to argue is that kexec does not need to be
treated 'specially' for CVMs if we keep all other ways to modify kernel
code. Making these methods 'attestable' is currently a challenge indeed.
--
Vitaly
next prev parent reply other threads:[~2024-05-09 9:19 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 11:29 [PATCHv10 00/18] x86/tdx: Add kexec support Kirill A. Shutemov
2024-04-09 11:29 ` [PATCHv10 01/18] x86/acpi: Extract ACPI MADT wakeup code into a separate file Kirill A. Shutemov
2024-04-18 16:03 ` Borislav Petkov
2024-04-19 13:28 ` Kirill A. Shutemov
2024-04-09 11:29 ` [PATCHv10 02/18] x86/apic: Mark acpi_mp_wake_* variables as __ro_after_init Kirill A. Shutemov
2024-04-09 11:29 ` [PATCHv10 03/18] cpu/hotplug: Add support for declaring CPU offlining not supported Kirill A. Shutemov
2024-04-18 14:37 ` Borislav Petkov
2024-04-19 13:31 ` Kirill A. Shutemov
2024-04-23 13:17 ` Borislav Petkov
2024-04-09 11:29 ` [PATCHv10 04/18] cpu/hotplug, x86/acpi: Disable CPU offlining for ACPI MADT wakeup Kirill A. Shutemov
2024-04-23 16:02 ` Borislav Petkov
2024-04-24 8:38 ` Kirill A. Shutemov
2024-04-24 13:50 ` Borislav Petkov
2024-04-24 14:35 ` Kirill A. Shutemov
2024-04-24 14:40 ` Dave Hansen
2024-04-24 14:51 ` Borislav Petkov
2024-04-27 15:36 ` [PATCHv10.1 " Kirill A. Shutemov
2024-04-09 11:29 ` [PATCHv10 05/18] x86/kexec: Keep CR4.MCE set during kexec for TDX guest Kirill A. Shutemov
2024-04-09 12:38 ` Huang, Kai
2024-04-09 14:22 ` Sean Christopherson
2024-04-09 15:26 ` Kirill A. Shutemov
2024-04-28 17:11 ` Borislav Petkov
2024-04-29 13:17 ` Kirill A. Shutemov
2024-04-29 14:45 ` Borislav Petkov
2024-04-29 15:16 ` Kirill A. Shutemov
2024-04-30 12:57 ` Borislav Petkov
2024-04-30 13:03 ` Borislav Petkov
2024-04-30 14:49 ` Kirill A. Shutemov
2024-05-02 13:22 ` Borislav Petkov
2024-05-02 13:38 ` Borislav Petkov
2024-04-09 11:29 ` [PATCHv10 06/18] x86/mm: Make x86_platform.guest.enc_status_change_*() return errno Kirill A. Shutemov
2024-04-28 17:25 ` Borislav Petkov
2024-04-29 14:29 ` Kirill A. Shutemov
2024-04-29 14:53 ` Borislav Petkov
2024-05-03 16:29 ` Michael Kelley
2024-04-09 11:29 ` [PATCHv10 07/18] x86/mm: Return correct level from lookup_address() if pte is none Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 08/18] x86/tdx: Account shared memory Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 09/18] x86/mm: Adding callbacks to prepare encrypted memory for kexec Kirill A. Shutemov
2024-04-27 16:47 ` Borislav Petkov
2024-04-27 17:06 ` [PATCHv10.1 " Kirill A. Shutemov
2024-05-02 13:45 ` Borislav Petkov
2024-05-06 13:22 ` Kirill A. Shutemov
2024-05-06 14:21 ` Borislav Petkov
2024-04-09 11:30 ` [PATCHv10 10/18] x86/tdx: Convert shared memory back to private on kexec Kirill A. Shutemov
2024-05-05 12:13 ` Borislav Petkov
2024-05-06 15:37 ` Kirill A. Shutemov
2024-05-08 12:04 ` Borislav Petkov
2024-05-08 13:30 ` Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 11/18] x86/mm: Make e820_end_ram_pfn() cover E820_TYPE_ACPI ranges Kirill A. Shutemov
2024-05-08 12:12 ` Borislav Petkov
2024-04-09 11:30 ` [PATCHv10 12/18] x86/mm: Do not zap page table entries mapping unaccepted memory table during kdump Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 13/18] x86/acpi: Rename fields in acpi_madt_multiproc_wakeup structure Kirill A. Shutemov
2024-05-08 12:18 ` Borislav Petkov
2024-04-09 11:30 ` [PATCHv10 14/18] x86/acpi: Do not attempt to bring up secondary CPUs in kexec case Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 15/18] x86/smp: Add smp_ops.stop_this_cpu() callback Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 16/18] x86/mm: Introduce kernel_ident_mapping_free() Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 17/18] x86/acpi: Add support for CPU offlining for ACPI MADT wakeup method Kirill A. Shutemov
2024-04-09 11:30 ` [PATCHv10 18/18] ACPI: tables: Print MULTIPROC_WAKEUP when MADT is parsed Kirill A. Shutemov
2024-04-09 20:42 ` [PATCH v4 0/4] x86/snp: Add kexec support Ashish Kalra
2024-04-09 20:42 ` [PATCH v4 1/4] efi/x86: skip efi_arch_mem_reserve() in case of kexec Ashish Kalra
2024-04-09 20:42 ` [PATCH v4 2/4] x86/sev: add sev_es_enabled() function Ashish Kalra
2024-04-09 21:21 ` Borislav Petkov
2024-04-09 20:42 ` [PATCH v4 3/4] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-09 20:43 ` [PATCH v4 4/4] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-04-10 14:17 ` kernel test robot
2024-04-15 23:22 ` [PATCH v5 0/3] x86/snp: Add kexec support Ashish Kalra
2024-04-15 23:22 ` [PATCH v5 1/3] efi/x86: skip efi_arch_mem_reserve() in case of kexec Ashish Kalra
2024-04-24 14:48 ` Borislav Petkov
2024-04-24 21:17 ` Kalra, Ashish
2024-04-25 16:45 ` Kalra, Ashish
2024-04-26 14:21 ` Borislav Petkov
2024-04-26 14:47 ` Kalra, Ashish
2024-04-26 15:22 ` Borislav Petkov
2024-04-26 15:28 ` Kalra, Ashish
2024-04-26 15:34 ` Borislav Petkov
2024-04-26 16:32 ` Kalra, Ashish
2024-04-15 23:23 ` [PATCH v5 2/3] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-15 23:23 ` [PATCH v5 3/3] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-04-26 16:33 ` [PATCH v6 0/3] x86/snp: Add kexec support Ashish Kalra
2024-04-26 16:33 ` [PATCH v6 1/3] efi/x86: Fix EFI memory map corruption with kexec Ashish Kalra
2024-05-09 9:56 ` Ruirui Yang
2024-05-09 10:00 ` Dave Young
2024-05-10 18:36 ` Kalra, Ashish
2024-04-26 16:34 ` [PATCH v6 2/3] x86/boot/compressed: Skip Video Memory access in Decompressor for SEV-ES/SNP Ashish Kalra
2024-04-26 16:35 ` [PATCH v6 3/3] x86/snp: Convert shared memory back to private on kexec Ashish Kalra
2024-05-02 12:01 ` [PATCH v4 0/4] x86/snp: Add kexec support Alexander Graf
2024-05-02 12:18 ` Vitaly Kuznetsov
2024-05-03 8:32 ` Alexander Graf
2024-05-09 9:19 ` Vitaly Kuznetsov [this message]
2024-05-02 21:54 ` Kalra, Ashish
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877cg3fil3.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=Ashish.Kalra@amd.com \
--cc=adrian.hunter@intel.com \
--cc=anisinha@redhat.com \
--cc=ardb@kernel.org \
--cc=bdas@redhat.com \
--cc=bhe@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=graf@amazon.com \
--cc=jroedel@suse.de \
--cc=jun.nakajima@intel.com \
--cc=kai.huang@intel.com \
--cc=kexec@lists.infradead.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael@kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox