lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAMkAt6qrrxkFEmsa_Df_PKo8pL7g4MhmkXFGQ19KZ-eqcqA61w@mail.gmail.com>
Date:   Thu, 27 Apr 2023 13:06:39 -0600
From:   Peter Gonda <pgonda@...gle.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Dave Hansen <dave.hansen@...el.com>,
        Carlos Bilbao <carlos.bilbao@....com>, corbet@....net,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        ardb@...nel.org, kraxel@...hat.com, dovmurik@...ux.ibm.com,
        elena.reshetova@...el.com, dave.hansen@...ux.intel.com,
        Dhaval.Giani@....com, michael.day@....com,
        pavankumar.paluri@....com, David.Kaplan@....com,
        Reshma.Lal@....com, Jeremy.Powell@....com,
        sathyanarayanan.kuppuswamy@...ux.intel.com,
        alexander.shishkin@...ux.intel.com, thomas.lendacky@....com,
        tglx@...utronix.de, dgilbert@...hat.com,
        gregkh@...uxfoundation.org, dinechin@...hat.com,
        linux-coco@...ts.linux.dev, berrange@...hat.com, mst@...hat.com,
        tytso@....edu, jikos@...nel.org, joro@...tes.org, leon@...nel.org,
        richard.weinberger@...il.com, lukas@...ner.de, jejb@...ux.ibm.com,
        cdupontd@...hat.com, jasowang@...hat.com, sameo@...osinc.com,
        bp@...en8.de, security@...nel.org
Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model

On Wed, Apr 26, 2023 at 10:03 AM Sean Christopherson <seanjc@...gle.com> wrote:
>
> On Wed, Apr 26, 2023, Dave Hansen wrote:
> > On 4/25/23 08:02, Sean Christopherson wrote:
> > >> +While the traditional hypervisor has unlimited access to guest data and
> > >> +can leverage this access to attack the guest, the CoCo systems mitigate
> > >> +such attacks by adding security features like guest data confidentiality
> > >> +and integrity protection. This threat model assumes that those features
> > >> +are available and intact.
> > > Again, if you're claiming integrity is a key tenant, then SEV and SEV-ES can't be
> > > considered CoCo.
> >
> > This document is clearly trying to draw a line in the sand and say:
> >
> >       CoCo on one side, non-CoCo on the other
> >
> > I think it's less important to name that line than it is to realize what
> > we need to do on one side versus the other.
> >
> > For instance, if the system doesn't have strong guest memory
> > confidentiality protection, then it's kinda silly to talk about the
> > guest's need to defend against "CoCo guest data attacks".
> >
> > Sure, the mitigations for "CoCo guest data attacks" are pretty sane even
> > without all this CoCo jazz. But if your goal is to mitigate damage that
> > a VMM out of the TCB can do, then they don't do much if there isn't
> > VMM->guest memory confidentiality in the first place.
> >
> > So, sure, CoCo implementations exist along a continuum.  SGX is in there
> > (with and without integrity protection), as are SEV=>SEV-ES=>SEV and
> > MKTME=>TDX.
> >
> > This document is making the case that the kernel should go to some new
> > (and extraordinary) lengths to defend itself against ... something.
>
> Then name the document something other than confidential-computing.rst, e.g.
> tdx-and-snp-threat-model.rst.  Because this doc isn't remotely close to achieving
> its stated goal of providing an "architecture-agnostic introduction ... to help
> developers gain a foundational understanding of the subject".  IMO, it does more
> harm than good on that front because it presents Intel's and AMD's viewpoints as
> if they are widely accepted for all of CoCo, and that is just flagrantly false.

I think changing this document to what Dave is describing is a more
useful doc rather than tdx-and-snp-threat-model.rst. The tdx and snp
threat models are well described by their respective white papers.

Lets do as Dave suggests and "not quibble about where CoCo starts or
ends", but make some definition of CoCo and its overall goals that way
we can start executing on kernel improvements to match those goals.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ