Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp170822pxv; Wed, 30 Jun 2021 02:51:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzNfSQ5Z6O3rNRkzDpRVu1EVYj9X8BoIvUEAb+Se/iLCg73cu6PjEt5hNitsZhdtRfQHVwb X-Received: by 2002:a92:710a:: with SMTP id m10mr25682355ilc.254.1625046696860; Wed, 30 Jun 2021 02:51:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1625046696; cv=pass; d=google.com; s=arc-20160816; b=JAgH79Qz2+Rbae6bVzoTEbIfSwJWWM1sYk4DUOrPceX195fxYkPITFaWlGjytt4Hat Al21tf4po90JGxavoXoJzC77Tu+SkgHgRAOH1CDhdLXMV1YBfKLa72km6kzpYEpxvHwn 2sK9uQizrO2z8L1gURV1LOTD4vKUk9EkavjRam9lvMhw4SieBSGw+b2MlEmXSKYjwBQI czXQf6oSJf4Se9AS0x0PWge4cZ+X8Y5IpJv1gOc3Fn9ndMsVpPARWL1UbWpLzvWbLv8+ 65nCcoNn5ZcAYcc9zTyGZQd8ZDuPZWBMUoTYwhCylIC878vNDAwMc56ml32pVL/hTo0s GDmw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :content-language:in-reply-to:user-agent:date:message-id:from :references:cc:to:subject:dkim-signature:dkim-signature; bh=Z6HSfD0A/U5It2umTSol8i5rt1uWyK0aoN5QPST7Rzw=; b=sV6vvyn17vSrAEtlp4UODUEuLHegMB5mT4FUrJyzEIT7y7muj7XQHA+6SBm2KYMCwM YcMMIEhUxYyYfWkABwvvwF6tGYhnMqIUkopTSUTSrXYRFKEBVzoRdin/1vwF6MgZCcZH 5KlcevtznU0NCLeRa+8DjLZC3O9MS4YeLQvzo+u4mR7W+MD822PTkIrQhssaCH6U4jPz eCfpMXlaoHSsG9HpdvhytvoZnxHU49jqNgGucIdhOKAV2yF1tGO1f3lTjUbSivYcZ65d YAcYYrFYPD84JuZjZCBCUPR1UyswmWPPx99u2aTwYb8J9xrQ1X+9bsqYhbKBcGm+E45I HQbw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=trrzfrDa; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=q0InlIKp; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d16si15381500ilf.112.2021.06.30.02.51.25; Wed, 30 Jun 2021 02:51:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=trrzfrDa; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=q0InlIKp; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234017AbhF3JxP (ORCPT + 99 others); Wed, 30 Jun 2021 05:53:15 -0400 Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]:43354 "EHLO mx0b-00069f02.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233541AbhF3JxO (ORCPT ); Wed, 30 Jun 2021 05:53:14 -0400 Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 15U9kqik008746; Wed, 30 Jun 2021 09:50:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : in-reply-to : content-type : content-transfer-encoding : mime-version; s=corp-2020-01-29; bh=Z6HSfD0A/U5It2umTSol8i5rt1uWyK0aoN5QPST7Rzw=; b=trrzfrDa/2u0cR4r8DP1ZBENCz2FgFIR71qD1ddi57tB55UN8lt6Y0prlaI7PBqmLGsM Hl+PO9pG9Dk8hAE0akHCgaWgp31db69H5BARTSnq9Q+U5twO3N/fCpde7HT7l6BFvjh3 edOO2sZD48hiMasCbJvSBzFzS81G5Uba8hyLUySfAAT2taBG8bD3OSeWyTZ0d7FoHPKw XA3HAjCQ0Do+Xv9uaDh6HYGgmH+jPE8AwN/HTAeOAzg1vPfvcYUYPvkVIYKV/TFgfPT6 Qwu5NTd9GqcTsfYYy26iXsPwJTg05Hrl+Q7n+6Fsbp/VwvBStSSxLF1ucXbj5SCAVP9/ Gw== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by mx0b-00069f02.pphosted.com with ESMTP id 39gguq0kxs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Jun 2021 09:50:28 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 15U9o65a152249; Wed, 30 Jun 2021 09:50:27 GMT Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2048.outbound.protection.outlook.com [104.47.57.48]) by aserp3030.oracle.com with ESMTP id 39dt9grmkv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Jun 2021 09:50:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PDx2fNxZmh7/CmiEAAHxI2UmKmzBXbr1aLud0hCjhj6n4kPDe7nswdjZ62xbre9I/2vgwFasMBKW5uE/xDQetQlCJV7Sg5u8pr4t33J9DB+nuiX0FPxBk+4Wqf+hifUMfUcZtmVhtS6ZoyY5/G1AdgS/bXU82D19HYp3do/0YejKQIAkiVkhFcC0L5dSsT3S3QbGjaHqLTpUMJH8ucyeDS4hs7RQUy/EwbkKhIQfOXrpzojEwLKcv2eQf8IQDgJ0+rUN52GrpTPh8odjuXwbBQgtI+3m5o4fXOhilpVGN5/jRBlQqEGohQic0tQQ2Im6egKEw60S4JYnHjH+P4XFtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z6HSfD0A/U5It2umTSol8i5rt1uWyK0aoN5QPST7Rzw=; b=oJpL3d3Ymq4oF1UuC1tdaU3p2MzRtLKiTjzcVv/Z9emEmFMaEq7v0XHKEX2MRdaL/3Le3EAo3Xj7/jZ5FguYO4BP/TkgnU2Dw94oOtOGctU//PsL35comw2QxhI6m7SABYFiz/ua3hHtqT3m7W3em/23FugZRBPE3F5u9I7DUhQp5na2TAr97Tbg6LBdUBZBBtkSa0TSOO+TokHxXecywUMVEpeKTcImqb/MEk6ie6l3j/ujhH2PmkgjkIHo088E1OgRO6lhv8e1NOBVekffM4Ca+bCtiJG2K/mDnCUaPYEtFpXo2ilLqM77nufUwz4/pRGLkcdIwRcFlrzO6EI5rg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Z6HSfD0A/U5It2umTSol8i5rt1uWyK0aoN5QPST7Rzw=; b=q0InlIKpmBHSonzHICABOwkvQhNvPkSmlZrqYltZFc8hPHWAIngZQ7BJMb+Mp2dgZa1p5HrLKleOJC39b+oHqdLUuECjtD9f2hVHeZpz6+6ZmEZ3Yk76KU4v6mbEG7JXFptvg4NHNMRmE8L0ul8VUkEetklMDqoVTIz694bejK0= Authentication-Results: googlegroups.com; dkim=none (message not signed) header.d=none;googlegroups.com; dmarc=none action=none header.from=oracle.com; Received: from BY5PR10MB3793.namprd10.prod.outlook.com (2603:10b6:a03:1f6::14) by BY5PR10MB3794.namprd10.prod.outlook.com (2603:10b6:a03:1b2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4287.22; Wed, 30 Jun 2021 09:50:25 +0000 Received: from BY5PR10MB3793.namprd10.prod.outlook.com ([fe80::e859:fa81:bf13:66b6]) by BY5PR10MB3793.namprd10.prod.outlook.com ([fe80::e859:fa81:bf13:66b6%7]) with mapi id 15.20.4287.022; Wed, 30 Jun 2021 09:50:24 +0000 Subject: Re: [PATCH v2 12/12] iommu: Do not allow IOMMU passthrough with Secure Launch To: Andy Lutomirski , Andi Kleen , Joerg Roedel , Thomas Gleixner , Jason Wang , Andrew Cooper Cc: Robin Murphy , LKML , X86 ML , iommu , linux-integrity , "open list:DOCUMENTATION" , "Daniel P. Smith" , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , trenchboot-devel@googlegroups.com References: <1624032777-7013-1-git-send-email-ross.philipson@oracle.com> <1624032777-7013-13-git-send-email-ross.philipson@oracle.com> <53edcf0e-c094-876c-ac3d-7c9752e9ea99@arm.com> <34d05f0e-b24c-b8cf-c521-8b30cc1df532@oracle.com> From: Ross Philipson Message-ID: <61f383bc-d582-418f-8d6b-4838bd0d912c@oracle.com> Date: Wed, 30 Jun 2021 05:50:20 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [2601:191:8500:cff0::722e] X-ClientProxiedBy: BLAPR03CA0012.namprd03.prod.outlook.com (2603:10b6:208:32b::17) To BY5PR10MB3793.namprd10.prod.outlook.com (2603:10b6:a03:1f6::14) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [IPv6:2601:191:8500:cff0::722e] (2601:191:8500:cff0::722e) by BLAPR03CA0012.namprd03.prod.outlook.com (2603:10b6:208:32b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.20 via Frontend Transport; Wed, 30 Jun 2021 09:50:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2229d28c-8836-4c97-5582-08d93bac7bbc X-MS-TrafficTypeDiagnostic: BY5PR10MB3794: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UUrfNEbRchC75Lvws9napwxnEVusscMxkCY5ZLOfKjm+21KV1mDVJh9FfXLWyFDa/l4sdnlEjiaIRjZdJzfdUOOaVfphUD8Yy2hhALg6Uv1PQHCd4AtySDwaUbyHmJ89E/nSeLBUdJyhXHLyuDexGpx+QsVwUSUTEquJhp2U+qONXlbRhETre882rs0rwE+/w/G3q6VgHHWpgIqR8ScK4yrnPQUIQEkeyko/nyzIQiLVXduhnfZ/i7aJzLhTVSiHpvzO5Hc78Vu0xtfhfeymNxzdIv2anwgz2T+5ZR5uW7Vx1ILQrn5F4QCIuKco1joKjJyrQdkPRR3uFDCWOyt0YWbWQVL4k17JC1jD1XIi74/CksaAtQ/aK1emW2KVHB3f05LLuHMegWAK+/RNSAlioyy+zezUMCrvWHdR/J4m5xj0YnR+EbY2dDxqqHtRQDhDCPt1A0PaYMME4jLR/Xs+GXN0kIhpjhM1f12bkXMz/AqvJs6UWNHFLZiyDCabw2pmJNThOlzJiE32AIv//nwcXgzIDyamaf39ZHxD71bdIVO1wVnDEGuXTWrToTHAgvLf+OYTuourCMSQ6PzkZ5eSX9/aWaAFPlc5R+GPxnHvKiHkif5NHNFOCqjcOs66zc4M4Uc2N+ZRmzsZjyeWGr3LSmUMdlLsv9qnV7NjSQPpBc9mC+I+wMtu+VMzEAKJH1xXNLNlnMc3zd8OrsQ6wIHRit+Kp/8jWu0fbR6Q5yFm5MU= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR10MB3793.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(376002)(366004)(39860400002)(136003)(346002)(316002)(31686004)(110136005)(54906003)(44832011)(36756003)(8676002)(2906002)(6486002)(478600001)(8936002)(5660300002)(2616005)(86362001)(83380400001)(38100700002)(7416002)(4326008)(53546011)(16526019)(186003)(66476007)(66946007)(31696002)(66556008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cU9qbit5STdEYzhnZDJnejh5Mm1rTXVjc1VjKzc3MVF5ejlnNEgzUUJpUGxL?= =?utf-8?B?WnhOTDMxTFRxNDcwaUtGdzNXTnJNRzhOYXpuOVZUaXJJKzhQUnNHY05Pa3Nr?= =?utf-8?B?NjI0NFN5bm5tdG9MdzRJQ0VFMjdPeTVYaVhncm96RCtlRDQ3Y3drc0ZHRWFX?= =?utf-8?B?b0t3ZkMvVEFCL2ZBMGNQOHVnSTFFQ2JtU1k4dDVGa3pYS2JaL2N0RXpDRktu?= =?utf-8?B?RDNtdHh1L0lYUitLV0xia1J1Sm4xbG11Wmk0cXVPZ3kyTElqNzJZdjNrSlNN?= =?utf-8?B?Snkydy9MUS90Z3dJc2t5UlhUbHJIREVmV1cyYml1VFJGTUN0bEN6UkJnc2po?= =?utf-8?B?RHNaTXlyMDNuOWJPV092M2NhekpLdS9DUkpTTkFHam9aV243Y2R6TEw1TUVa?= =?utf-8?B?eXk0Mk85eWtPTDA1YjZORkhhOFVleVR1MlhKTUtxRGlOTDBHRDM1OEgraDY3?= =?utf-8?B?NVpFZVNxM0tqQ2JrRDhoZ21jZytwdGcxcjV5MmNDc0N6eDU0K2pZYU1CMVcr?= =?utf-8?B?YkFaazZ1Ylloa0dyNmxZdGFJYTIyVXFyRU1tZldKenlvZ0dDZ0M5WC8yMHEy?= =?utf-8?B?UVBaQnF0TlJLZUpuSVNZb1dyTWNucHlIdzdwdldvM3pEa25ibXl6QUdtUjRq?= =?utf-8?B?cVhEVXg2MjNGeldBcFVNSzlkdUsrMkI1bTh2bTZkUm8xVTlIMDcrUm5UWEhK?= =?utf-8?B?R1c0czFHQmJxcmNpaTNTWkl2T2ZhMElweHVMNThaVW12S3JCVWJXRzY3YTls?= =?utf-8?B?OVRJTm5TR1NwUGhubEVnRVRFQWtnZHlCQWVUTFYwR3JHQzI1R20zR1hwQzJ6?= =?utf-8?B?QnBuOC9HcWNUR0hBY1BBb00wdnhmUlA1TFlrVUU4Vjlta1VwbExaZFpseTBV?= =?utf-8?B?TE8wWVhIazVCdHJHMEkweGc5VDlaeHlTeWQxTHpKeEwwclBST0cya3EwWFZF?= =?utf-8?B?bkxsYXdWUFM2aWJQL1BoVFVmVmg5WUwrN3NUczZaSGNlY01HSzJFUG90SENJ?= =?utf-8?B?cEUrMjl2eW5tb0hBSy9rbFJtbXZlSEdRanVjOG1uaTQvVXVGTUR1aG5meTUy?= =?utf-8?B?aDVJeEFMTHlZaTJoVGlhNnk2cE94TlFOcEVCTW1NdFE2RTZlc2RUNklEa3Zu?= =?utf-8?B?ZjJqT2g3OHpmM3RBNUlxYXZKY1dQVWUvU3czV0I4aUx0UG56RlBRT0puVnNp?= =?utf-8?B?SGJSSkJWa3BnQWdpd2N3RFNqR2RoeXl2RWdoSGpLMnNmRHRxUnhPQzJLUGxt?= =?utf-8?B?YzVOWVN4blVRb21LYlltb2R1dUx0RGc2UWwzb3RBMUJFblprU0Q4NGtzd1ht?= =?utf-8?B?NWIxbGRrUzBEc1QxVTMvVk4rNUVmdFA2cC9aMVp2NE5JREE5NmRnek81Zzkz?= =?utf-8?B?UFRYWTNJZFg4c2pkR29jcm1hWDlRRFEraWNaY3ZMQVZjTkJwUXkrUTI0SElp?= =?utf-8?B?Rm03MXdlLytYSkdVUzh3enB4eHVIbTdCa0EyR2x0UEVJbXpNVEwrZHZGd3Rp?= =?utf-8?B?aDRtTGg2MGNKK1F4dHFoMDFiOWdTS3NLK1B6NHR6UXJuZGZNV2dlNWtRc3h1?= =?utf-8?B?aGVJcUZ2Z3RpOU5WRGh3enFEaTRDdVlySTE4N0ZWbVo1d3Z3QWJsUXNsWUZN?= =?utf-8?B?NzhsVXB0Rk1FUkVkVVRCcG1Sc21YajRSS0NRNjJwYWR3WUtyLzQ2Y05vN0VI?= =?utf-8?B?VUN1MGdxeEFQaDI0WFpTN3lYc2IyZ2ozZy9MaEZkWE45cHBqdGViWUEvckhT?= =?utf-8?B?TmZ0WWxyTldDOFFMVUJ0TmJXOGl5ZGttbXJOcWx2dDBHVE5hOGdPaHhwd3VN?= =?utf-8?B?VERYcUNYT2JpT3FtWk9GQT09?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2229d28c-8836-4c97-5582-08d93bac7bbc X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB3793.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jun 2021 09:50:24.7289 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: H8Ev7RzlroGdsln7PL1A/38iltGKaTrLykKxSjitF4siOqezYpsu8M5hA5jgBSb0hUnWwBFOKtHGeEwNWoj+t/+jSxbAz4y/0ugjFemq4Fk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB3794 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=10030 signatures=668682 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 bulkscore=0 mlxlogscore=999 phishscore=0 spamscore=0 malwarescore=0 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2106300064 X-Proofpoint-ORIG-GUID: KH2SzMP7zZtJ2U8HkmLfpauFfm9neNiE X-Proofpoint-GUID: KH2SzMP7zZtJ2U8HkmLfpauFfm9neNiE Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/21/21 5:15 PM, Andy Lutomirski wrote: > On Mon, Jun 21, 2021 at 10:51 AM Ross Philipson > wrote: >> >> On 6/18/21 2:32 PM, Robin Murphy wrote: >>> On 2021-06-18 17:12, Ross Philipson wrote: >>>> The IOMMU should always be set to default translated type after >>>> the PMRs are disabled to protect the MLE from DMA. >>>> >>>> Signed-off-by: Ross Philipson >>>> --- >>>> drivers/iommu/intel/iommu.c | 5 +++++ >>>> drivers/iommu/iommu.c | 6 +++++- >>>> 2 files changed, 10 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c >>>> index be35284..4f0256d 100644 >>>> --- a/drivers/iommu/intel/iommu.c >>>> +++ b/drivers/iommu/intel/iommu.c >>>> @@ -41,6 +41,7 @@ >>>> #include >>>> #include >>>> #include >>>> +#include >>>> #include >>>> #include >>>> #include >>>> @@ -2877,6 +2878,10 @@ static bool device_is_rmrr_locked(struct device >>>> *dev) >>>> */ >>>> static int device_def_domain_type(struct device *dev) >>>> { >>>> + /* Do not allow identity domain when Secure Launch is configured */ >>>> + if (slaunch_get_flags() & SL_FLAG_ACTIVE) >>>> + return IOMMU_DOMAIN_DMA; >>> >>> Is this specific to Intel? It seems like it could easily be done >>> commonly like the check for untrusted external devices. >> >> It is currently Intel only but that will change. I will look into what >> you suggest. >> >>> >>>> + >>>> if (dev_is_pci(dev)) { >>>> struct pci_dev *pdev = to_pci_dev(dev); >>>> diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c >>>> index 808ab70d..d49b7dd 100644 >>>> --- a/drivers/iommu/iommu.c >>>> +++ b/drivers/iommu/iommu.c >>>> @@ -23,6 +23,7 @@ >>>> #include >>>> #include >>>> #include >>>> +#include >>>> #include >>>> static struct kset *iommu_group_kset; >>>> @@ -2761,7 +2762,10 @@ void iommu_set_default_passthrough(bool cmd_line) >>>> { >>>> if (cmd_line) >>>> iommu_cmd_line |= IOMMU_CMD_LINE_DMA_API; >>>> - iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; >>>> + >>>> + /* Do not allow identity domain when Secure Launch is configured */ >>>> + if (!(slaunch_get_flags() & SL_FLAG_ACTIVE)) >>>> + iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; >>> >>> Quietly ignoring the setting and possibly leaving iommu_def_domain_type >>> uninitialised (note that 0 is not actually a usable type) doesn't seem >>> great. AFAICS this probably warrants similar treatment to the >> >> Ok so I guess it would be better to set it to IOMMU_DOMAIN_DMA event >> though passthrough was requested. Or perhaps something more is needed here? >> >>> mem_encrypt_active() case - there doesn't seem a great deal of value in >>> trying to save users from themselves if they care about measured boot >>> yet explicitly pass options which may compromise measured boot. If you >>> really want to go down that route there's at least the sysfs interface >>> you'd need to nobble as well, not to mention the various ways of >>> completely disabling IOMMUs... >> >> Doing a secure launch with the kernel is not a general purpose user use >> case. A lot of work is done to secure the environment. Allowing >> passthrough mode would leave the secure launch kernel exposed to DMA. I >> think what we are trying to do here is what we intend though there may >> be a better way or perhaps it is incomplete as you suggest. >> > > I don't really like all these special cases. Generically, what you're > trying to do is (AFAICT) to get the kernel to run in a mode in which > it does its best not to trust attached devices. Nothing about this is > specific to Secure Launch. There are plenty of scenarios in which > this the case: > > - Virtual devices in a VM host outside the TCB, e.g. VDUSE, Xen > device domains (did I get the name right), whatever tricks QEMU has, > etc. > - SRTM / DRTM technologies (including but not limited to Secure > Launch -- plain old Secure Boot can work like this too). > - Secure guest technologies, including but not limited to TDX and SEV. > - Any computer with a USB-C port or other external DMA-capable port. > - Regular computers in which the admin wants to enable this mode for > whatever reason. > > Can you folks all please agree on a coordinated way for a Linux kernel > to configure itself appropriately? Or to be configured via initramfs, > boot option, or some other trusted source of configuration supplied at > boot time? We don't need a whole bunch of if (TDX), if (SEV), if > (secure launch), if (I have a USB-C port with PCIe exposed), if > (running on Xen), and similar checks all over the place. > I replied to Robin Murphy in another thread. As far as the IOMMU is concerned, I think we need to rethink our approach. As to the other technologies you mention here, we have not considered special casing anything at this point. Thanks Ross