Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp817453pxb; Fri, 22 Apr 2022 11:49:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/F2PGPeEtQSoLdiyF6W4VQYpf5GpaMvhCjIgYXa/qPyZ8MvME7AZRASB3C4hqam0saMI/ X-Received: by 2002:a63:5b22:0:b0:39c:c5a2:b683 with SMTP id p34-20020a635b22000000b0039cc5a2b683mr5158779pgb.279.1650653339993; Fri, 22 Apr 2022 11:48:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650653339; cv=none; d=google.com; s=arc-20160816; b=lGrEJy8I6nkSAit1AdyH+yAbCVnY3IWiGdTpWy7Mi19NniNvzH+2ItS2slyLJr787s 5Y0cTwHdc/u3B/00GHqGMtatDQ5Yk4YxNhEXMQjxYsCgd6IDMHKKWsFHB5seDwMLb1Uk UXFZ52B4ySyJNGBi5sFig/IhN3x1TLXVOD8Yg3EtqT/0MLEYnGtkKC6M3nYIgVxGJB7r ecyULYD8LNaSVyiL+Ws1Af3QFqKFN8psHwwW9R7vWKob/WD/BJkfOhq34yV4RJil5m9w lV0chNc3mqLqvz2+yxS9A0oo6AId39jvK1x8qSLD7icmSb9YJdizdA2qNHnm5zuNW26P 4V0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=IgWe5UFOcvcIjAAjFU+D/EipIehtp2aGwZiiavdpmfQ=; b=nRcOvy6XfqzJY9Mf1SPGIIWSNpyg479d+UCuCTd3kOD/fjnjv079hK46rmroA0D3GI fQ1m2PX2cxHGmh1PY5q7h/tRu195H3hb4YQSm7NyeHqA2/6rP7tWnAyTHX2Vprm/1hi8 f8aKeGbZoG4o7eXAk3Bz4XyO+7rzqIpQRHsIJJhV+/4ol7s3aM4opXroymnc2ofhpRi6 HzLzHDxa5JWQjoBkMqolhKOeGOtHMbSsfWyVCGKEMuhDE04fL7+dtkhkBfUHKYRBFHBy Vr8WPheF6YkcArSCckr389oEwbCL0F2B/xi7eqVbUPVyFZROpljIfMeKPtGdw4/YXrBl tNFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E2M7uuqD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id u3-20020a637903000000b003816043ef60si8995398pgc.341.2022.04.22.11.48.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 11:48:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=E2M7uuqD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A3E2C10C4; Fri, 22 Apr 2022 11:15:16 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347304AbiDSXFg (ORCPT + 99 others); Tue, 19 Apr 2022 19:05:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54860 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231473AbiDSXFf (ORCPT ); Tue, 19 Apr 2022 19:05:35 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 676C324F38; Tue, 19 Apr 2022 16:02:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650409371; x=1681945371; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=hLC0T6kqi1/zOVAyrMi+mXunlB8no/BrDd00I42Lbds=; b=E2M7uuqD7oX4HBlz1+/vJ6EC7fZ7XeIUzUsRWQPSWfTRAS7ioc88R5OZ rjSSzjNo3boKyZmrK9mJ1JuPvoS+vPt5nhW6eKWOTTOhgxrZsVV8X0vn2 wCgZefqdHkw0z0T74s/6qhMFMKf2NPSmv2UJ9x+7w64wNnlsRL+eTeKSS 3eR6VHm6mwBNuTi8ohQXZAu5xt9jgvM+NtZN3jmRxYKSnNohwGT4YiWpr TgdEnUlFyLNnfVlMfZEF9y5Vvp5Wzpqc7g1SkOJzmamD5QyCI13DR6FIl oiSc8Z1aZUiWE38v6yNqN6YyII0hQAwqUklvVxW5wXN8Gav7pVNK/C1u2 w==; X-IronPort-AV: E=McAfee;i="6400,9594,10322"; a="251198994" X-IronPort-AV: E=Sophos;i="5.90,273,1643702400"; d="scan'208";a="251198994" Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 16:02:50 -0700 X-IronPort-AV: E=Sophos;i="5.90,273,1643702400"; d="scan'208";a="667183262" Received: from asaini1-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.58.15]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 16:02:46 -0700 Message-ID: <79119cc04552617ad462d314dcd8bdbec90a1b20.camel@intel.com> Subject: Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver From: Kai Huang To: Dave Hansen , Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Hans de Goede , Mark Gross Cc: "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org Date: Wed, 20 Apr 2022 11:02:44 +1200 In-Reply-To: References: <20220415220109.282834-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220415220109.282834-5-sathyanarayanan.kuppuswamy@linux.intel.com> <975b5050-2108-9ace-cc71-46f17db0a731@intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2022-04-19 at 15:49 -0700, Dave Hansen wrote: > On 4/19/22 15:21, Kai Huang wrote: > > On Tue, 2022-04-19 at 07:13 -0700, Dave Hansen wrote: > > > On 4/19/22 00:47, Kai Huang wrote: > > > > > From security's perspective, attestation is an essential part of TDX. That > > > > being said, w/o attestation support in TD guest, I guess nobody will seriously > > > > use TD guest. > > > Are you saying you can't think of a single threat model where there's a > > > benefit to running a TDX guest without attestation? Will TDX only be > > > used in environments where secrets are provisioned to guests on the > > > basis of attestation? > > > > > I don't think anyone should provision secret to a TD before it get attested that > > it is a genuine TD that he/she expected. If someone does that, he/she takes the > > risk of losing the secret. Of course if someone just want to try a TD then w/o > > attestation is totally fine. > > Yeah, but you said: > > w/o attestation support in TD guest, I guess nobody will > seriously use TD guest. > > I'm trying to get to the bottom of that. That's a much more broad > statement than something about when it's safe to deploy secrets. > > There are lots of secrets deployed in (serious) VMs today. There are > lots of secrets deployed in (serious) SEV VMs that don't have > attestation. Yet, the world somehow hasn't come crashing down. > > I think it's crazy to say that nobody will deploy secrets to TDX VMs > without attestation. I think it's a step father into crazy land to say > that no one will "seriously" use TDX guests without attestation. > > Let's be honest about this and not live in some fantasy world, please. OK agree. No argument about this. -- Thanks, -Kai