Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3637667rwb;
        Sun, 20 Nov 2022 18:49:03 -0800 (PST)
X-Google-Smtp-Source: AA0mqf5klhONu1GTdxs6gyNfYBtUCFEa+X92cul+qYq90Y2iETxfHth7lh1cKG56QGDwAbSfIQtS
X-Received: by 2002:a17:903:d1:b0:186:7070:8ab4 with SMTP id x17-20020a17090300d100b0018670708ab4mr1523267plc.23.1668998943355;
        Sun, 20 Nov 2022 18:49:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668998943; cv=none;
        d=google.com; s=arc-20160816;
        b=CFVmOwATxd4SAvLXOWOafxJSY9t/aRRonZHHl32JAHJS9WWvrTsNocZ36nSMy+U7ew
         zAdx15qNstOaaV+Fz1I7XSXCPHrNu3Zo6E7GUjP3UeE0A7HnuMPyeHYlIbaQZQJjShOY
         ZnuFPdLfrxK2QD6m5dUSUsiQ3c3UNfJ0GNMyW+J4NVw2fvizudnkfq2xceimL3g9RzXj
         XUIej5F436b71hJex3rw2Ld0BmCdkJngLhcaR69hhgg6MpIgUBdCsbcEddVQX64rpN2n
         GM9jaBOCDJ1Om3f85XJDXUlOwZojTawgYQZd6bZjIWzpwUDHgSbTSkUpEqNI0RlbfPwt
         tDdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:references
         :cc:to:from:subject:user-agent:mime-version:date:message-id;
        bh=wVrCb9IXamSTVGCvU3QM88oNCiEoIeYGD9WzW8w25hI=;
        b=qp570/XApzCXHzIJVMON0nwBDsMKMQEs+hCgO9xb7nMAIZFayuS2jI+0XxzdyMDeDk
         OXiXRKPtRs+N3UiKPcB2DF4i7nhuy/gB+6kGf3fcJuJYf0UCJ8SlUi6GD6BwuLl/II5Q
         U2YQ/bSq2NyEQN+Ky6l8u5Dm9XXOEcM92UGAk1th3LwMQmrEQSGK7nQyLqfkly9bhN7S
         PdCh6ebYzyq9d3dTVAFMNhJgMqIMGQqEGkRFTrpavr6kPF1FV67KdWo9qnhrsNaI7v21
         ui0PW38VGJBULgKEHc30OwE4jPJTZzRdQS2quiBj0ZmghMbFkaA52b9t3mcSYKHNwLPW
         v9QA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id d5-20020a056a0010c500b005718d10c3c3si11159100pfu.275.2022.11.20.18.48.51;
        Sun, 20 Nov 2022 18:49:03 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229721AbiKUCEw (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 90 others); Sun, 20 Nov 2022 21:04:52 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38762 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229551AbiKUCEv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 20 Nov 2022 21:04:51 -0500
Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBEAE13CC4
        for <linux-kernel@vger.kernel.org>; Sun, 20 Nov 2022 18:04:49 -0800 (PST)
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R721e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045168;MF=guorui.yu@linux.alibaba.com;NM=1;PH=DS;RN=21;SR=0;TI=SMTPD_---0VVDR92k_1668996282;
Received: from 127.0.0.1(mailfrom:GuoRui.Yu@linux.alibaba.com fp:SMTPD_---0VVDR92k_1668996282)
          by smtp.aliyun-inc.com;
          Mon, 21 Nov 2022 10:04:46 +0800
Message-ID: <51d486c9-4689-c2d6-0db4-4e3754a058db@linux.alibaba.com>
Date:   Mon, 21 Nov 2022 10:04:41 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0)
 Gecko/20100101 Thunderbird/102.4.2
Subject: Re: [PATCH v8 5/5] x86/tdx: Add Quote generation support
From:   Guorui Yu <GuoRui.Yu@linux.alibaba.com>
To:     dave.hansen@intel.com
Cc:     ak@linux.intel.com, bp@alien8.de, dave.hansen@linux.intel.com,
        hpa@zytor.com, isaku.yamahata@gmail.com, jun.nakajima@intel.com,
        kai.huang@intel.com, khalid.elmously@canonical.com,
        kirill.shutemov@linux.intel.com, linux-kernel@vger.kernel.org,
        marcelo.cerri@canonical.com, mingo@redhat.com,
        philip.cox@canonical.com,
        sathyanarayanan.kuppuswamy@linux.intel.com, tglx@linutronix.de,
        tim.gardner@canonical.com, tony.luck@intel.com, wander@redhat.com,
        x86@kernel.org, "Du, Fan" <fan.du@intel.com>
References: <7c09d15b-40bc-c6a0-3282-a94e9d9c36be@intel.com>
 <a69faebb-11e8-b386-d591-dbd08330b008@linux.alibaba.com>
In-Reply-To: <a69faebb-11e8-b386-d591-dbd08330b008@linux.alibaba.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00,
        ENV_AND_HDR_SPF_MATCH,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY,
        USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Dave,

Kindly ping for any comments here?

Sincerely,
Guorui

在 2022/8/9 14:20, Guorui Yu 写道:
> To my opinion, virtio-vsock is a wonderful way to achieve the 
> comunication between the host and the guest under traditional scenario.
> 
> But from secuirty perspective, virtio-vsock itself may involve too much 
> of components, which may lead to considerable attack surfaces. In order 
> for virtio to work properly, the guest must maintain several vrings 
> placed in shared memory, which in turn depends on swiotlb in current 
> codebase. As this flow is NOT designed for confidential scenario, there 
> are some on-going/existing works on virtio hardening [1] [2] [3].
> 
>  > Do we *REALLY* need specific driver functionality for this?  For
>  > instance, is there no existing virtio device that can send blobs back
>  > and forth?
> 
> And we may indeed have use cases where virtio is not used at all, such 
> as when we consider Intel-TDX/AMD-SNP protected VMs as a SGX enclave 
> replacement. In such use cases, end users may expect a smaller 
> dependency on the GetQuote interface. It doesn't seem natural that the 
> GetQuote interface cannot be used because virtio-vsock is disabled (via 
> kernel compile options or the upcoming device-filter), since GetQuote 
> doesn't inherently depend on it.
> 
> Thanks,
> Guorui
> 
> [1] 
> https://lore.kernel.org/lkml/20210603004133.4079390-1-ak@linux.intel.com/
> [2] https://lore.kernel.org/lkml/20211012065227.9953-1-jasowang@redhat.com/
> [3] 
> https://lore.kernel.org/linux-iommu/d2ae0b1d-332b-42a1-87bf-7da2b749cac2@sect.tu-berlin.de/