lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Oct 2021 13:14:31 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: "Michael S. Tsirkin" <mst@...hat.com> Cc: Andi Kleen <ak@...ux.intel.com>, "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@...ux.intel.com>, Dan Williams <dan.j.williams@...el.com>, Borislav Petkov <bp@...en8.de>, X86 ML <x86@...nel.org>, Bjorn Helgaas <bhelgaas@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Andreas Noever <andreas.noever@...il.com>, Michael Jamet <michael.jamet@...el.com>, Yehezkel Bernat <YehezkelShB@...il.com>, "Rafael J . Wysocki" <rafael@...nel.org>, Mika Westerberg <mika.westerberg@...ux.intel.com>, Jonathan Corbet <corbet@....net>, Jason Wang <jasowang@...hat.com>, Kuppuswamy Sathyanarayanan <knsathya@...nel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linux PCI <linux-pci@...r.kernel.org>, USB list <linux-usb@...r.kernel.org>, virtualization@...ts.linux-foundation.org, "Reshetova, Elena" <elena.reshetova@...el.com> Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest On Sat, Oct 02, 2021 at 07:04:28AM -0400, Michael S. Tsirkin wrote: > On Fri, Oct 01, 2021 at 08:49:28AM -0700, Andi Kleen wrote: > > > Do you have a list of specific drivers and kernel options that you > > > feel you now "trust"? > > > > For TDX it's currently only virtio net/block/console > > > > But we expect this list to grow slightly over time, but not at a high rate > > (so hopefully <10) > > Well there are already >10 virtio drivers and I think it's reasonable > that all of these will be used with encrypted guests. The list will > grow. What is keeping "all" drivers from being on this list? How exactly are you determining what should, and should not, be allowed? How can drivers move on, or off, of it over time? And why not just put all of that into userspace and have it pick and choose? That should be the end-goal here, you don't want to encode policy like this in the kernel, right? thanks, greg k-h
Powered by blists - more mailing lists