From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Andi Kleen <ak@linux.intel.com>
Cc: "Kuppuswamy,
Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>,
"Rafael J . Wysocki" <rafael@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>
Subject: Re: [PATCH v1] driver: base: Add driver filter support
Date: Thu, 5 Aug 2021 20:11:43 +0200 [thread overview]
Message-ID: <YQwp33gKxab6RB/e@kroah.com> (raw)
In-Reply-To: <f4dedead-5b6c-2712-deca-0d59d314016b@linux.intel.com>
On Thu, Aug 05, 2021 at 10:52:10AM -0700, Andi Kleen wrote:
>
> On 8/5/2021 10:25 AM, Kuppuswamy, Sathyanarayanan wrote:
> >
> >
> > On 8/5/21 9:37 AM, Dan Williams wrote:
> > > I overlooked the "authorized" attribute in usb and thunderbolt. The
> > > collision problem makes sense. Are you open to a core "authorized"
> > > attribute that buses like usb and thunderbolt would override in favor
> > > of their local implementation? I.e. similar to suppress_bind_attrs:
> >
> > Even if such overriding is allowed in default boot, it should not be
> > allowed in protected guest + driver_filter model.
>
>
> Allowing overriding would be acceptable, as long as nobody does it by
> default. In theory a (root) user program can already do other things that
> make the guest insecure.
>
> Still it's not clear to me how this proposal solves the builtin and platform
> drivers problem. AFAIK that needs a builtin allowlist in any case. And once
> we have that likely we don't need anything else for current TDX at least,
> because the allowlist is so small and there is no concept of hotplug or
> similar.
What specific platform drivers do you need on these systems that you
would ever want to exclude some and not just allow them all?
> Also another consideration is that we were trying to avoid relying too much
> on user space for this. One of the goals was to move an existing guest image
> to a confidential guest with only minor changes (new kernel / enable
> attestation). Complex changes for securing it would make that much harder.
Just deny all and only allow the ones you "trust". That is a
well-defined policy that (/me checks notes) Intel created for USB a very
long time ago.
greg k-h
next prev parent reply other threads:[~2021-08-05 18:11 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 17:43 [PATCH v1] driver: base: Add driver filter support Kuppuswamy Sathyanarayanan
2021-08-04 18:08 ` Matthew Wilcox
2021-08-04 18:29 ` Kuppuswamy, Sathyanarayanan
2021-08-04 18:33 ` Matthew Wilcox
2021-08-04 19:27 ` Andi Kleen
2021-08-04 18:45 ` Dan Williams
2021-08-04 19:29 ` Greg Kroah-Hartman
2021-08-04 19:50 ` Andi Kleen
2021-08-04 20:09 ` Kuppuswamy, Sathyanarayanan
2021-08-05 7:50 ` Greg Kroah-Hartman
2021-08-05 7:49 ` Greg Kroah-Hartman
2021-08-05 7:55 ` Greg Kroah-Hartman
2021-08-05 7:58 ` Greg Kroah-Hartman
2021-08-05 13:52 ` Andi Kleen
2021-08-05 17:51 ` Greg Kroah-Hartman
2021-08-05 17:58 ` Andi Kleen
2021-08-05 18:09 ` Greg Kroah-Hartman
2021-08-05 18:44 ` Andi Kleen
2021-08-05 19:01 ` Dan Williams
2021-08-05 19:08 ` Kuppuswamy, Sathyanarayanan
2021-08-05 19:28 ` Greg Kroah-Hartman
2021-08-05 21:10 ` Andi Kleen
2021-08-06 1:00 ` Dan Williams
2021-08-06 5:17 ` Greg Kroah-Hartman
2021-08-06 14:36 ` Dan Williams
2021-08-06 5:07 ` Greg Kroah-Hartman
2021-08-05 18:53 ` Kuppuswamy, Sathyanarayanan
2021-08-05 19:12 ` Greg Kroah-Hartman
2021-08-05 19:18 ` Dan Williams
2021-08-05 19:28 ` Greg Kroah-Hartman
2021-08-05 19:52 ` Dan Williams
2021-08-06 11:15 ` Jonathan Cameron
2021-08-05 16:37 ` Dan Williams
2021-08-05 17:25 ` Kuppuswamy, Sathyanarayanan
2021-08-05 17:48 ` Greg Kroah-Hartman
2021-08-05 17:52 ` Andi Kleen
2021-08-05 18:11 ` Greg Kroah-Hartman [this message]
2021-08-05 17:49 ` Greg Kroah-Hartman
2021-08-04 20:11 ` Dan Williams
2021-08-04 20:29 ` Kuppuswamy, Sathyanarayanan
2021-08-04 21:07 ` Matthew Wilcox
2021-08-04 21:28 ` Dan Williams
2021-08-05 4:45 ` Andi Kleen
2021-08-05 7:59 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YQwp33gKxab6RB/e@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ak@linux.intel.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=knsathya@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox