Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp836360pxt; Fri, 6 Aug 2021 15:19:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyX6pJHJMaPFZIe2kG3jD8PeAOCipiFv3U1DDcRlOn17k6mKBs4vZ0Ey+FcINpwJA8KNojh X-Received: by 2002:a17:906:3019:: with SMTP id 25mr11803120ejz.91.1628288389380; Fri, 06 Aug 2021 15:19:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628288389; cv=none; d=google.com; s=arc-20160816; b=XzAbreNYnRu6mDZ48PLsi4C4n2y+Fhz4MbRfSRs0t5ptFiN0/yD6nak+dRbyqc1Wf9 TZhnhpm8UeemiRzDWC55p8GnpK7CvdtrvMfntBADPG1Du8vG8pgUkFb//qFeAOEnywq9 SB7pjJcHi3BAoAverQtSqIfPecZt6fPYmwYPA64BKaARdR3L4RyHTc068WkiJGW6MPSc TywdxUBRh38fH1OePmHIFK0XaeT+0RwC5A7j5TZeZc4qLcCe8k8ivagXVHDwXeSIa7YQ j4nFvGa6F18f0tIrfnYW/m/SP9VYQUkrYzLW24/5Hi3ivLmqlGl8WEP0XK1L8aTvLPjY kf3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ZqXrxedYpNPa+pS9MJbTiWVLg/Z/EX+UpGC/w4iURC0=; b=cgnTA8Fu8b4TWX07VXpy9k0fcgFDZYa5soYzeoPQKr9fXB+8qT6OmWQPd4/YmvgnU4 YmoT5ehfO3IR2+vl7noouZqrFrDCjkIpMXIKWFhmBYXLwduOMFx9IcHGfkT01MKl7jUA h9kKopaViQ06BAzlkDL2haGwkcAoEMksV7Nmi/vAxbULvUvEENMBtn+DbODDpWo+OXA8 zHeIBqCuKaR0eGLbHR4qjjecpVZCg16GD/UpI7Ap1t0KHVOCg9qjZQ1N43fwqq6JWp3r i8Dqyi7E7Gysua8jOYUJuvH7R04LdYHDQhyyaWVwqmaTj6qNJBS8m3IEJBiAYvPeOEm7 FvUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=ELeGMIX6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k17si9782177ejc.528.2021.08.06.15.19.22; Fri, 06 Aug 2021 15:19:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=ELeGMIX6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240667AbhHFOgx (ORCPT + 99 others); Fri, 6 Aug 2021 10:36:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240655AbhHFOgw (ORCPT ); Fri, 6 Aug 2021 10:36:52 -0400 Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E4EBCC0613CF for ; Fri, 6 Aug 2021 07:36:36 -0700 (PDT) Received: by mail-pl1-x62c.google.com with SMTP id a20so7401509plm.0 for ; Fri, 06 Aug 2021 07:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZqXrxedYpNPa+pS9MJbTiWVLg/Z/EX+UpGC/w4iURC0=; b=ELeGMIX6y7VBCdKUScbWJkc4XgbYUEmqZR3z+eK89xK6emOE2IW9Z2zF/rPuOCthKO 4foOBKtCvz1m0L998tQJzo3qLyiArIiaz951+dJ9JiDzQK68G25+hURtA0vAP1bp7ITw qORY1ROxfocMro77lZiqa9doTclZwa4Fwxi8TK1KpCq5j5Z9Hl5WjBR79ju2OJDXwyqG 4N4L8e64/8y3X6gEsu9qEboMmRqrAjsgO8j0eXftLBEp6RfiLx84Q+3NlwJ30H2cf2iM xOOw75VFMbH1or4qDNQ4PQbAAcd5BjIfmiqdyrwiUAkFpJzbIo/U//NHgys4aICVHUrl Qgvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZqXrxedYpNPa+pS9MJbTiWVLg/Z/EX+UpGC/w4iURC0=; b=XAz9JZoEJ8ff2VOMYGHxljbelXsePy53As/bGgU+ERBN6FSiyvEpZM0dUc9Qa+4iGu eh6hJOVoYLITrl2qTDp3TsEB/XXYqlBY++vJkPQ9QbBcLe0aZjdUXusioiGsm7lTbTR/ nRdJDqDlTALRwv7c1I1pFmp8ZHupgVs8qm9z7vjNOeVmcpYDvc8Fd8E4QWKbVQTJ1MMD JBNmWO7jXfQZ4eKtUgLG8FCOhWJByAolKhVANhzMl0MASlC6yrxKGvOcOpoT9C6TwfFR 79KShumDE6/nOR45ez4HIO9R3fl7cSOUwdLfBcLo74KbUSzqPQLHVJ0GpdHyQsBIN5Z2 Rpjw== X-Gm-Message-State: AOAM530wRseI66dTIFWyNMiWguFZ3IieSx34xmu6bNOMlVmyainocsnl C8Mi4zkDDNXsYnE8qDgLLo/uZutYMp0JrBLVK54THg== X-Received: by 2002:a05:6a00:16c6:b029:32d:e190:9dd0 with SMTP id l6-20020a056a0016c6b029032de1909dd0mr10799551pfc.70.1628260596449; Fri, 06 Aug 2021 07:36:36 -0700 (PDT) MIME-Version: 1.0 References: <21db8884-5aa1-3971-79ef-f173a0a95bef@linux.intel.com> <1e0967ee-c41e-fd5d-f553-e4d7ab88838c@linux.intel.com> <9b2956f5-3acf-e798-ff0f-002d2d5254db@linux.intel.com> In-Reply-To: From: Dan Williams Date: Fri, 6 Aug 2021 07:36:25 -0700 Message-ID: Subject: Re: [PATCH v1] driver: base: Add driver filter support To: Greg Kroah-Hartman Cc: Andi Kleen , Kuppuswamy Sathyanarayanan , "Rafael J . Wysocki" , Jonathan Corbet , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux Doc Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 5, 2021 at 10:17 PM Greg Kroah-Hartman wrote: > > On Thu, Aug 05, 2021 at 06:00:25PM -0700, Dan Williams wrote: > > That said, per-device authorization is a little bit different than > > per-driver trust. Driver trust is easy to reason about for a built-in > > policy, while per-device authorization is easy for userspace to reason > > about for "why is this device not talking to its driver?". > > See my other email about how the "per driver" trust is the wrong model, > you need to stick to "per device" trust. Especially given that you are > giving control of your kernel drivers over to third parties, you already > trust them to do the right thing. Andi, if the number of TDX devices is small could they grow an SPDM over virtio channel? Then you can measure trust from the VM to the VMM to the attestation server.