Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1719414rwb; Thu, 15 Dec 2022 13:33:11 -0800 (PST) X-Google-Smtp-Source: AA0mqf59vgcpX9UDtXyqL/05Z4U5OP/+FSE23Qk3IA+LOm3bhlg4i3nIWa+vEEpr6robh3HW2Xsv X-Received: by 2002:a17:906:4ec3:b0:7c1:5169:3ed6 with SMTP id i3-20020a1709064ec300b007c151693ed6mr18517325ejv.48.1671139991555; Thu, 15 Dec 2022 13:33:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671139991; cv=none; d=google.com; s=arc-20160816; b=zfvGfROZvYJsYUedRWhivOlSGdadHhbFueYuNRp/TPPwCmrWiJIt7WYK2Rf3bEtCTm AFL2bTI8zqXQqoLYfp+nbaVJdVBB1+Rz3tTrJI1HYdYkyrXvNlKzftTXD8bt1eUEzPYa NYZdZmUoq5R7sZp5o0fCH3TMLy/d94wW4H+YHasky47OF4mMt7IHCqHGcDCCI1n/4PId 3uFMC3/npvRmREhAm6RjFBi+f57NnrHfH/izbo79p7i+x6qLRktI0nTTRBo+oV+a4qCK ywUq9JF35ISdmjbWBCOT8RH2MKBCPXFOnpWWeYqwaJPihG7jFgQ/B8EhQLmEu9fJ8oL4 spkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=k5vO4iXxDI8l3p2u6X1R3lngpiikACJ3jAiViD2nLG0=; b=z+RTFNUiaIssQvboNQZ4Iy7w2zqu3MvMiuWDoRPZh5SX9vlZ3JFdCC+1Vm68MfUHW0 wrv6Ox0ubUDpa/Q5Cmigkg1odWnJzfnBZeAxqrbKh/fT0oPUQ5oe7DWV7l8kDUeqMD8D c5ncMxU/F33vFyqCTy4Nn/qInXOZtPFPKd/Pdyt+k78HbwIAmSvMLpbjbuwDITAtQQGA 3DgzVKkbUnb0/yBe14pQnEzoIBTlJG+0IeZFShPTlYcRD2XvUolUAwQEfvUnXLBHx62o ihR+wXWxVCz5LKomt+IrpmuabnnrohCH9z5bx8wu+PL5zBSn6Bk6s1hrTgSxlBQBQZjj rkTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NYeTcw9c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g17-20020a1709063b1100b007add5af39f6si172814ejf.929.2022.12.15.13.32.53; Thu, 15 Dec 2022 13:33:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NYeTcw9c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229678AbiLOVJQ (ORCPT + 68 others); Thu, 15 Dec 2022 16:09:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229469AbiLOVJO (ORCPT ); Thu, 15 Dec 2022 16:09:14 -0500 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01F7732BBA for ; Thu, 15 Dec 2022 13:09:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671138552; x=1702674552; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=fYu3VSMSVSFNCj8pshMBFs+p2fAnlKCwaMc/dyMskqk=; b=NYeTcw9cTNABQ4ANHNTSfnRdu+C9WulJOrmb7nMF2A4VvHbdNEx3a+RW R1zeLVSgT2p8GI6KeIB0ouAEnKbP6PmCfL0LZ5UAXiMkMclXycTqMweA5 aISqCM0gGFXjNGSQQcYJVS8bLz6jVtitJiHrNuOj5EUfQuHL/pP6jdscj 2NoJENEcNQRIdO45l7XDWWQOm9Dhk5ltWOx+ywfCFyBneVYnK46Nabhs0 K5H0th8/V7fImTM9tM6yijkvA0nxMsQC5yittOsr6l9lHHMGbm5adGuY4 8vdyS/iyqOr3Wqwp0tzXtSXTWVPqnyRBhuYJ/3TXgHVukDj4HDDMb1lgY w==; X-IronPort-AV: E=McAfee;i="6500,9779,10562"; a="299144432" X-IronPort-AV: E=Sophos;i="5.96,248,1665471600"; d="scan'208";a="299144432" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2022 13:09:11 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10562"; a="756495436" X-IronPort-AV: E=Sophos;i="5.96,248,1665471600"; d="scan'208";a="756495436" Received: from ajanssen-mobl.amr.corp.intel.com (HELO [10.209.22.168]) ([10.209.22.168]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2022 13:09:11 -0800 Message-ID: Date: Thu, 15 Dec 2022 13:09:10 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Subject: Re: [PATCH 2/4] x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE Content-Language: en-US To: "Kirill A. Shutemov" Cc: "Kirill A. Shutemov" , Borislav Petkov , Andy Lutomirski , Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org References: <20221209132524.20200-1-kirill.shutemov@linux.intel.com> <20221209132524.20200-3-kirill.shutemov@linux.intel.com> <3121847d-d334-67fc-43d8-0670c08c64b6@intel.com> <20221215171254.3v4maexfhkdnbfk2@box.shutemov.name> <795d6e1d-c79c-b079-3412-69ca2f8ee874@intel.com> <20221215185144.tjctmkwp5vodep3u@box> From: Dave Hansen In-Reply-To: <20221215185144.tjctmkwp5vodep3u@box> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/15/22 10:51, Kirill A. Shutemov wrote: >>> So ReportFatalError() is no good for the task. And I don't have anything >>> else :/ >> Do we *really* have to do a hard stop when SEPT_VE_DISABLE is missing? >> >> Wouldn't it be simpler to just defer the check until we can spit out a >> sane error message about it? >> >> Or is there too much security exposure by continuing? > Well, I guess we can. We always have attestation as a backstop. No > sensitive user data has to be exposed to the TD before it passed > the attestation. OK, so let's just pretend that SEPT_VE_DISABLE=0 is a blatant root hole that lets the VMM compromise the TDX guest (I know it's not, but let's just pretend it is). The guest starts up, the VMM compromises it after the attestation has run. The now compromised guest send along its report. But, since the report contains (or implies???) SEPT_VE_DISABLE=0, the guest will be assumed to be compromised and won't get any secrets provisioned? That assumes that the attestation service knows that SEPT_VE_DISABLE==0 plus Linux is bad. Is that a good assumption? > Do you prefer to have a separate initcall just to check SEPT_VE_DISABLE? I don't feel strongly about where the check should be as long as it can get a message out to the console.