[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6afe76be-90a7-4cf7-8c6c-23e6a14f8116@suse.com>
Date: Fri, 26 Jan 2024 16:46:50 +0200
From: Nikolay Borisov <nik.borisov@...e.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
Theodore Ts'o <tytso@....edu>, "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>,
Elena Reshetova <elena.reshetova@...el.com>,
Jun Nakajima <jun.nakajima@...el.com>, Tom Lendacky
<thomas.lendacky@....com>, "Kalra, Ashish" <ashish.kalra@....com>,
Sean Christopherson <seanjc@...gle.com>, linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org
Subject: Re: [RFC] Randomness on confidential computing platforms
On 26.01.24 г. 15:42 ч., Kirill A. Shutemov wrote:
> 4. Exit to the host/VMM with an error indication after a Confidential
> Computing Guest failed to obtain random input from RDRAND/RDSEED
> instructions after reasonable number of retries. This option allows
> host/VMM to take some correction action for cases when the load on
> RDRAND/RDSEED instructions has been put by another actor, i.e. the
> other guest VM. The exit to host/VMM in such cases can be made
> transparent for the Confidential Computing Guest in the TDX case with
> the assistance of the TDX module component.
But is this really a viable solution in the face of malicious VMM? It
assumes that if the VMM is signaled that randomness has been exhausted
it will try to rectify it, what if such a signal can instead be
repurposed for malicious purposes? Could it perhaps be used as some sort
of a side channel attack ?
Powered by blists - more mailing lists