lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e2f9c22d-d09c-46b5-9695-a052859d04d2@intel.com>
Date: Wed, 5 Mar 2025 09:09:47 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Joerg Roedel <jroedel@...e.de>,
 "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
 Ingo Molnar <mingo@...nel.org>, Joerg Roedel <joro@...tes.org>,
 x86@...nel.org, hpa@...or.com, Tom Lendacky <thomas.lendacky@....com>,
 Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
 Larry.Dewey@....com
Subject: Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS

On 3/5/25 08:55, Borislav Petkov wrote:
> On Wed, Mar 05, 2025 at 08:40:29AM -0800, Dave Hansen wrote:
>> TDX guests have CPUID to tell them that they're running that way.
> 
> And those CPUID leafs cannot be modified or intercepted or so by the
> hypervisor?

They are documented as coming straight from the TDX module when TDX is
in place. But there's nothing stopping an evil hypervisor from faking
them, except attestation.

>> We've just got X86_FEATUREs for hosts and guests:
>>
>> 	#define X86_FEATURE_TDX_HOST_PLATFORM ( 7*32+ 7)
>> 	#define X86_FEATURE_TDX_GUEST ( 8*32+22)
>>
>> and that's it.
> 
> And there are no new ones coming down the pipe?

Not really. There are always new features in the pipeline, but no real
fundamental changes to the threat model like SEV has had throughout its
iterations.

>> Folks certainly _want_ something in sysfs to dump the TDX module version
>> and so forth, but we've resisted the urge so far.
> 
> Perhaps now is the time do design something together...
> 
> I was thinking
> 
> /sys/guest/...
> 
> or something tied to the x86_platform gunk so that we can stick always some
> info there about any platform arch/x86/ has detected and is running on...

Xen has a bunch of gunk in:

	/sys/hypervisor

Joerg, why do folks care if they're running under SEV? What kind of
stuff are they doing after they do the rdmsr and see that SEV is in play?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ