lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <160df81d-e5fa-4798-96d4-5ab1809a9680@gmail.com>
Date: Fri, 5 Jan 2024 10:35:04 +0100
From: Christian König <ckoenig.leichtzumerken@...il.com>
To: Jeffrey Kardatzke <jkardatzke@...gle.com>, Simon Ser <contact@...rsion.fr>
Cc: Pekka Paalanen <ppaalanen@...il.com>, Joakim Bech
 <joakim.bech@...aro.org>, Yong Wu <yong.wu@...iatek.com>,
 Rob Herring <robh+dt@...nel.org>, Sumit Semwal <sumit.semwal@...aro.org>,
 christian.koenig@....com, Matthias Brugger <matthias.bgg@...il.com>,
 dri-devel@...ts.freedesktop.org, John Stultz <jstultz@...gle.com>,
 Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
 Benjamin Gaignard <benjamin.gaignard@...labora.com>,
 Vijayanand Jitta <quic_vjitta@...cinc.com>,
 Nicolas Dufresne <nicolas@...fresne.ca>, jianjiao.zeng@...iatek.com,
 linux-media@...r.kernel.org, devicetree@...r.kernel.org,
 Conor Dooley <conor+dt@...nel.org>, linaro-mm-sig@...ts.linaro.org,
 linux-mediatek@...ts.infradead.org, tjmercier@...gle.com,
 linux-arm-kernel@...ts.infradead.org,
 AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
 kuohong.wang@...iatek.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/7] dma-buf: heaps: Add secure heap

Am 04.01.24 um 20:50 schrieb Jeffrey Kardatzke:
> Any feedback from maintainers on what their preference is?  I'm fine
> with 'restricted' as well, but the main reason we chose secure was
> because of its use in ARM nomenclature and this is more for ARM usage
> than x86.

Well AMD calls this "trusted", but I think that's just slightly better 
than "secure".

+1 for using "restricted" cause that seems to match the technical 
consequences.

Regards,
Christian.

>
> The main difference with similar buffers on AMD/Intel is that with
> AMD/Intel the buffers are mappable and readable by the CPU in the
> kernel. The problem is their contents are encrypted so you get junk
> back if you do that. On ARM, the buffers are completely inaccessible
> by the kernel and the memory controller prevents access to them
> completely from the kernel.
>
> There are also other use cases for this where the hypervisor is what
> is controlling access (second stage in the MMU is providing
> isolation)....and in that case I do agree that 'secure' would not be
> the right terminology for those types of buffers.   So I do agree
> something other than 'secure' is probably a better option overall.
>
>
> On Fri, Dec 22, 2023 at 1:40 AM Simon Ser <contact@...rsion.fr> wrote:
>> On Wednesday, December 13th, 2023 at 15:16, Pekka Paalanen <ppaalanen@...il.com> wrote:
>>
>>>>> It is protected/shielded/fortified from all the kernel and userspace,
>>>>> but a more familiar word to describe that is inaccessible.
>>>>> "Inaccessible buffer" per se OTOH sounds like a useless concept.
>>>>>
>>>>> It is not secure, because it does not involve security in any way. In
>>>>> fact, given it's so fragile, I'd classify it as mildly opposite of
>>>>> secure, as e.g. clients of a Wayland compositor can potentially DoS the
>>>>> compositor with it by simply sending such a dmabuf. Or DoS the whole
>>>>> system.
>>>> I hear what you are saying and DoS is a known problem and attack vector,
>>>> but regardless, we have use cases where we don't want to expose
>>>> information in the clear and where we also would like to have some
>>>> guarantees about correctness. That is where various secure elements and
>>>> more generally security is needed.
>>>>
>>>> So, it sounds like we have two things here, the first is the naming and
>>>> the meaning behind it. I'm pretty sure the people following and
>>>> contributing to this thread can agree on a name that makes sense. Would
>>>> you personally be OK with "restricted" as the name? It sounds like that.
>>> I would. I'm also just a by-stander, not a maintainer of kernel
>>> anything. I have no power to accept nor reject anything here.
>> I'd also personally be OK with "restricted", I think it's a lot better
>> than "secure".
>>
>> In general I agree with everything Pekka said.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ