lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Apr 2024 00:13:36 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
 "seanjc@...gle.com" <seanjc@...gle.com>
Cc: "davidskidmore@...gle.com" <davidskidmore@...gle.com>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "srutherford@...gle.com" <srutherford@...gle.com>,
 "pankaj.gupta@....com" <pankaj.gupta@....com>,
 "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
 "Yamahata, Isaku" <isaku.yamahata@...el.com>,
 "Wang, Wei W" <wei.w.wang@...el.com>
Subject: Re: [ANNOUNCE] PUCK Notes - 2024.04.03 - TDX Upstreaming Strategy

On 4/9/2024 11:49 PM, Edgecombe, Rick P wrote:
>> I don't want JSON.  I want a data payload that is easily consumable in C code,
>> which contains (a) the bits that are fixed and (b) their values.  If a value
>> can
>> change at runtime, it's not fixed.
> Right. The fixed values have to come in a reasonable format from the TDX module
> at runtime, or require an opt-in for any CPUID bits to change in future TDX
> modules.

I have a thought for current situation that TDX module doesn't report 
fixed CPUID bits via SEAMCALL interface but defines them in docs. VMM 
(KVM or userspace) can maintain a hardcoded array of fixed CPUID bits 
and their values according to TDX docs.  And VMM needs to update the 
fixed array by striping out the bits that are reported in 
TDSYSINFO.CPUID_CONFIG[], which are configurable.

If the newer TDX module changes some fixed bits to configurable bits, 
They will show up in TDSYSINFO.CPUID_CONFIG[]. So VMM can update fixed 
array correctly.

In fact, this is how TDX QEMU series current implements.

However, it requires TDX module to follow the rule that if any bit 
becomes not fixed, it needs to be reported in TDSYSINFO.CPUID_CONFIG[] 
as configurable.

It's just for the case there is no interface from TDX module to report 
the fixed CPUID bits in the end.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ