qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Kenneth Goldman <kgoldman@us.ibm.com>
Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	Kent E Yoder <yoder1@us.ibm.com>,
	Corey Bryant <coreyb@linux.vnet.ibm.com>,
	Michael Roth <mdroth@linux.vnet.ibm.com>,
	qemu-devel <qemu-devel@nongnu.org>,
	Joel Schopp <jschopp@linux.vnet.ibm.com>,
	Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] vNVRAM / blobstore design
Date: Tue, 2 Apr 2013 16:37:25 +0300	[thread overview]
Message-ID: <20130402133725.GL21545@redhat.com> (raw)
In-Reply-To: <OF71D40914.F0A71C9F-ON85257B41.00491C53-85257B41.0049B0E3@us.ibm.com>

On Tue, Apr 02, 2013 at 09:24:51AM -0400, Kenneth Goldman wrote:
> > > You are of course correct.  I advised an integrity value just to detect
> > > a hardware or software fault.  The check value would not protect against an
> > > attack.
> >
> > Fair enough, but why protect these bits specifically?
> > E.g. disk corruption seems more likely (since it's bigger). Add
> > integrity at that level? Why even stop at detection, let's do error
> > correction ...
> 
> Why ... just because it's a security device.  Whenever I code for security,

This is virtualization. Everything is for security here.

> I add layers of protection, constantly looking for "this should never happen"
> cases.

Confused. You said this checksum is for integrity not protection ...

> It might be just a small benefit, but hashing a few kbytes is a small part
> of TPM startup time, and the function is already there.

You are ignoring atomicity issues this can introduce in case of e.g.
host or qemu crash. Most likely, the result just will be data loss
in a situation which would be recoverable otherwise.
The reverse of what you were trying to achieve.

>  Think of it as part
> of the larger (and required) TPM self test that a TPM must do.

Required?

-- 
MST

  reply	other threads:[~2013-04-02 13:38 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-25 21:39 [Qemu-devel] vNVRAM / blobstore design Stefan Berger
2013-03-25 22:05 ` Anthony Liguori
2013-03-25 22:20   ` Stefan Berger
2013-03-27 15:17     ` Corey Bryant
2013-03-27 15:20       ` Corey Bryant
2013-03-27 15:30         ` Michael S. Tsirkin
2013-03-27 16:07           ` mdroth
2013-03-27 15:43         ` Kenneth Goldman
2013-03-27 15:53           ` Michael S. Tsirkin
2013-03-27 16:12             ` Joel Schopp
2013-03-27 16:46               ` Stefan Berger
2013-03-27 17:14                 ` Anthony Liguori
2013-03-27 17:27                   ` Stefan Berger
2013-03-27 18:27                     ` Anthony Liguori
2013-03-27 19:12                       ` Stefan Berger
2013-03-28 16:11                         ` Stefan Berger
2013-03-28 16:31                           ` Michael S. Tsirkin
2013-03-28 17:02                             ` Stefan Berger
2013-03-28 17:27                           ` Anthony Liguori
2013-03-28 17:36                             ` Stefan Berger
2013-03-28 17:39                             ` Michael S. Tsirkin
2013-03-29 13:55                               ` Stefan Berger
2013-03-29 15:12                                 ` Anthony Liguori
2013-03-29 17:33                           ` Kenneth Goldman
2013-03-31  8:17                             ` Michael S. Tsirkin
2013-03-31 20:48                               ` Kenneth Goldman
2013-04-02 12:06                                 ` Michael S. Tsirkin
2013-04-02 13:24                                   ` Kenneth Goldman
2013-04-02 13:37                                     ` Michael S. Tsirkin [this message]
2013-03-27 18:04                   ` Michael S. Tsirkin
2013-03-27 16:20             ` Kenneth Goldman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130402133725.GL21545@redhat.com \
    --to=mst@redhat.com \
    --cc=anthony@codemonkey.ws \
    --cc=coreyb@linux.vnet.ibm.com \
    --cc=jschopp@linux.vnet.ibm.com \
    --cc=kgoldman@us.ibm.com \
    --cc=mdroth@linux.vnet.ibm.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanb@linux.vnet.ibm.com \
    --cc=stefanha@gmail.com \
    --cc=yoder1@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).