Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp2021246pxb; Sat, 2 Oct 2021 04:39:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxHzXLpKvv9VaNIdPpY7To2TMFKN6pF0NRR1fViR/P0FtULqihB8aP6o0udM1dwC7hZ8lQg X-Received: by 2002:a62:1ac3:0:b0:44b:85d0:5a98 with SMTP id a186-20020a621ac3000000b0044b85d05a98mr16206216pfa.18.1633174766979; Sat, 02 Oct 2021 04:39:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633174766; cv=none; d=google.com; s=arc-20160816; b=msIpvkTyqUKrJQD/Pw4Vlw4VtYr0ux/Odfu6Bd54QvQHH18PeOSzJMgVPqW8wEPMhX GFeiYSypWxErHOl9nDet2WsElCQ7N5L7M07DNeRyJMlRwfqUGalbHR5hfHmJFqx3cdbF YcaPv6AygXsf64IsFnR5767IjQwr1cP3TqcjBviPwYe2nK0inEkzaxzd0qzBjO/kmqhb GXs+59BU0EEilrsQyPa//nUQISvDsjViYvhms77Ih+ZKVaoP3FC3HoTw3zdtEyMDb7oR MnQnhCgO8rOk9AY0oN5omXtT1TVSb75fJizXyE0/s0yOesPKUHKSu4HCvj1K5vImJr4s E2vQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=4UFhmDDY7aDGcaAbVM2yVlMwp+c4OB6nK4+Oc/Gbqzk=; b=V9Ph5LZzuhfsQEcezjgymU+PriHS3w+8tPMF1o2BZzy7W1EF0tFkBMNSPkfHi+2WmG g2uqilY7HMYnXdZxVZHai6bVZD+DoROB6QXZhVoC9fkC+rEqUkyAHIkBAsBWMNSqH8S8 CVJV5H7XywynU74uKWDTHl2pLUwWnybTt/xE/1X0IcsbgNzttS+sSDCki+lDu1INsVlX 9D9+Qgt3xKQYbMJuUJrcpd/zWmod3eXVCODyafuUcmAmMwMxMv0lcH/bSViI3jVaYVsw RbIvoIeeRPTqZX7tW3fQmeTEdrBtk+IE3QlJte6NdW5MKdsnEL34uIw0MRXRwWqMhMju gggA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1Z9pCS6A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cp18si10481023plb.448.2021.10.02.04.38.37; Sat, 02 Oct 2021 04:39:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1Z9pCS6A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232854AbhJBLQW (ORCPT + 99 others); Sat, 2 Oct 2021 07:16:22 -0400 Received: from mail.kernel.org ([198.145.29.99]:57100 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232805AbhJBLQU (ORCPT ); Sat, 2 Oct 2021 07:16:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A9F1A61A8F; Sat, 2 Oct 2021 11:14:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633173274; bh=oA5M5+lU7nwhD/rOivosaKv0XTN5QnVPtj675tCx3ks=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=1Z9pCS6A/zvKbuIWtPQJlXbQRYqiOOfvQxKqHhEIkajwh0e3d4lJeeYcqUtmHAduS 9p1lU36Hd879Z2rHYNKKlSlgdoVXSyo0enKGfKCPqHiQm3G+LWvy/TiI25Ef+L2jJm AZPD3QuK/tbDBXoLEs5C2I3i7LyKTQCngkqZPsXE= Date: Sat, 2 Oct 2021 13:14:31 +0200 From: Greg Kroah-Hartman To: "Michael S. Tsirkin" Cc: Andi Kleen , "Kuppuswamy, Sathyanarayanan" , Dan Williams , Borislav Petkov , X86 ML , Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux PCI , USB list , virtualization@lists.linux-foundation.org, "Reshetova, Elena" Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest Message-ID: References: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930065953-mutt-send-email-mst@kernel.org> <6d1e2701-5095-d110-3b0a-2697abd0c489@linux.intel.com> <1cfdce51-6bb4-f7af-a86b-5854b6737253@linux.intel.com> <64eb085b-ef9d-dc6e-5bfd-d23ca0149b5e@linux.intel.com> <20211002070218-mutt-send-email-mst@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20211002070218-mutt-send-email-mst@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 02, 2021 at 07:04:28AM -0400, Michael S. Tsirkin wrote: > On Fri, Oct 01, 2021 at 08:49:28AM -0700, Andi Kleen wrote: > > > Do you have a list of specific drivers and kernel options that you > > > feel you now "trust"? > > > > For TDX it's currently only virtio net/block/console > > > > But we expect this list to grow slightly over time, but not at a high rate > > (so hopefully <10) > > Well there are already >10 virtio drivers and I think it's reasonable > that all of these will be used with encrypted guests. The list will > grow. What is keeping "all" drivers from being on this list? How exactly are you determining what should, and should not, be allowed? How can drivers move on, or off, of it over time? And why not just put all of that into userspace and have it pick and choose? That should be the end-goal here, you don't want to encode policy like this in the kernel, right? thanks, greg k-h