[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230809061348.vhm5ie4uzystwfya@box.shutemov.name>
Date: Wed, 9 Aug 2023 09:13:48 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: "Reshetova, Elena" <elena.reshetova@...el.com>
Cc: "Hansen, Dave" <dave.hansen@...el.com>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>,
"Lutomirski, Andy" <luto@...nel.org>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"Nakajima, Jun" <jun.nakajima@...el.com>,
"x86@...nel.org" <x86@...nel.org>,
"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86/tdx: Mark TSC reliable
On Wed, Aug 09, 2023 at 05:44:37AM +0000, Reshetova, Elena wrote:
> >
> > I don't know what the rules here. As far as I can see, all other clock
> > sources relevant for TDX guest have lower rating. I guess we are fine?
>
> What about acpi_pm?
> See this:
> https://github.com/intel/tdx/commit/045692772ab4ef75062a83cc6e4ffa22cab40226
clocksource_acpi_pm.rating is 200 while TSC is 300.
> > There's notable exception to the rating order is kvmclock which is higher
> > than tsc. It has to be disabled, but it is not clear to me how. This topic
> > is related to how we are going to filter allowed devices/drivers, so I
> > would postpone the decision until we settle on wider filtering schema.
>
> One option is to include "no-kvmclock" into kernel command line, which
> is attested. Another option is to try to disable it explicitly, like we had
> in past:
> https://github.com/intel/tdx/commit/6b0357f2115c1bdd158c0c8836f4f541517bf375
>
> The obvious issues with command line is that it is going to 1) grow
> considerably if we try to disable everything we can via command line
> and 2) there is a high chance that in practice people will not use secure default
> and/or forget to verify the correct status of cmd line. But this is to be
> expected I guess for any security method that involves attestation unfortunately.
I guess command line is fine, until we have coherent solution on
filtering.
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists