lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Apr 2022 11:02:44 +1200 From: Kai Huang <kai.huang@...el.com> To: Dave Hansen <dave.hansen@...el.com>, Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, Hans de Goede <hdegoede@...hat.com>, Mark Gross <mgross@...ux.intel.com> Cc: "H . Peter Anvin" <hpa@...or.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, Tony Luck <tony.luck@...el.com>, Andi Kleen <ak@...ux.intel.com>, linux-kernel@...r.kernel.org, platform-driver-x86@...r.kernel.org Subject: Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver On Tue, 2022-04-19 at 15:49 -0700, Dave Hansen wrote: > On 4/19/22 15:21, Kai Huang wrote: > > On Tue, 2022-04-19 at 07:13 -0700, Dave Hansen wrote: > > > On 4/19/22 00:47, Kai Huang wrote: > > > > > From security's perspective, attestation is an essential part of TDX. That > > > > being said, w/o attestation support in TD guest, I guess nobody will seriously > > > > use TD guest. > > > Are you saying you can't think of a single threat model where there's a > > > benefit to running a TDX guest without attestation? Will TDX only be > > > used in environments where secrets are provisioned to guests on the > > > basis of attestation? > > > > > I don't think anyone should provision secret to a TD before it get attested that > > it is a genuine TD that he/she expected. If someone does that, he/she takes the > > risk of losing the secret. Of course if someone just want to try a TD then w/o > > attestation is totally fine. > > Yeah, but you said: > > w/o attestation support in TD guest, I guess nobody will > seriously use TD guest. > > I'm trying to get to the bottom of that. That's a much more broad > statement than something about when it's safe to deploy secrets. > > There are lots of secrets deployed in (serious) VMs today. There are > lots of secrets deployed in (serious) SEV VMs that don't have > attestation. Yet, the world somehow hasn't come crashing down. > > I think it's crazy to say that nobody will deploy secrets to TDX VMs > without attestation. I think it's a step father into crazy land to say > that no one will "seriously" use TDX guests without attestation. > > Let's be honest about this and not live in some fantasy world, please. OK agree. No argument about this. -- Thanks, -Kai
Powered by blists - more mailing lists