Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp963957rwr; Wed, 26 Apr 2023 08:27:39 -0700 (PDT) X-Google-Smtp-Source: AKy350blr6R0uUU77KexS6aKQ3y4F2NQ87cAJmbJVPuMgwkd92rwOPOLsIPYqO8Ah2OoBr+oxQyL X-Received: by 2002:a05:6a00:1a50:b0:627:e49a:871a with SMTP id h16-20020a056a001a5000b00627e49a871amr30461214pfv.23.1682522859540; Wed, 26 Apr 2023 08:27:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682522859; cv=none; d=google.com; s=arc-20160816; b=TBF8jbIz0XM/5MdprUJiAya1QQ28ZuZngnV/nj6CUXUGYbcBvI7soc4tKhDA6SBSsU 588KghWmKTMXPDa7sMWk+0+yXDDRHua9UvwxGwbvlLqJ3MgYq7vKrF1IoxM6Cd8AWXru wrW/NA2KKNJ6QolJdgMMEmasQ9iynBkyEvLdaVE+fztj/z2JvZN33m1Ed+tVaq+jlDSR U1RRLR9WEpAKLecmF96elLTfrgNLdvjYDyoOrME6P+iq6b9DFUpgXdRW+yF8kEhQ6XJN osHzms/iJXqnYdj6165KB6eil+sExg0axnRDxC5QisYYBHmh/S1k3zpWa9oRU1U9blMp 0Kyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:reply-to:from:subject :message-id:dkim-signature; bh=5IyWirluzXQID9XJYcX+SwZPx1Xgh0mwKf+sipnh1Rk=; b=ItSFDbIeVOQxpjUr2KqkadECRuHscYwb6cSVhp6XHTLLXT1dc47phnmH/D8mpCqwbM 5njcnR7jHavii/ywdil44uXAMzlTT1jA6n13aUv518dECsN/cZEmzYewR2ncSoOxua4x LI2h8vNot7zXmSe5MbWn/mrk2NWu6as/8Y5DIYaXdWKn2St0sYeOtLtboJLEr77RsHx7 JK4yHFybyYOG38oQQOCZE5I0vEc7+imDqA9mNRoYj6JDr8VZo/YViXYCdf74oN/LpXV0 eNYIPwVrxRemepNiiOP8cKfp4JGKcz3AoKjpZ7XN1EPqwv9ZJhfyxzoer2Z3SmVBWMAS 1ZfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=o54+pZAy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 134-20020a62188c000000b0063c462e9ff6si16147342pfy.389.2023.04.26.08.27.25; Wed, 26 Apr 2023 08:27:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=o54+pZAy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240825AbjDZPYF (ORCPT + 99 others); Wed, 26 Apr 2023 11:24:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240838AbjDZPYC (ORCPT ); Wed, 26 Apr 2023 11:24:02 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B28C26B9; Wed, 26 Apr 2023 08:24:01 -0700 (PDT) Received: from pps.filterd (m0353729.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 33QFMjXN011286; Wed, 26 Apr 2023 15:23:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : mime-version : content-transfer-encoding; s=pp1; bh=5IyWirluzXQID9XJYcX+SwZPx1Xgh0mwKf+sipnh1Rk=; b=o54+pZAyY/T3idbk4Xjk7C+slAUjFDJ8GSUrpGNXtiw21jIhhTkkKwyGPwQgcfkAdlsY qN3m1FTvVGWuIZJV5J/9kxLFfV2IWDROOm9wcnuE9YBVMNzvYeZu8dpRADOMQIFsMSpQ HsY5LMqpjaJEcgd94b5mDpYiTt/YkBLKxcN6XhB5AW+gU1LEPXPxh1ZTBEtbjFaIxI+x AJqVLlfzGTWuoq2Clsb7temKdSnxLkA+V6GCNBwrgG7fnjMcqSk/HAtb+WcjUwp0RUD7 R+SZfgSpoq+lYOhHR/fA+ugF1El133qrudJI5SSxVA6wAEmfagqB+rjrgSpylO68FxyS eg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3q765wrr5e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:23:17 +0000 Received: from m0353729.ppops.net (m0353729.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 33QF7O7A002103; Wed, 26 Apr 2023 15:23:15 GMT Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com [169.47.144.26]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3q765wrr33-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:23:15 +0000 Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1]) by ppma04wdc.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 33QCT3Ed032073; Wed, 26 Apr 2023 15:18:12 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([9.208.129.114]) by ppma04wdc.us.ibm.com (PPS) with ESMTPS id 3q4777wygr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Apr 2023 15:18:12 +0000 Received: from smtpav01.dal12v.mail.ibm.com (smtpav01.dal12v.mail.ibm.com [10.241.53.100]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 33QFIBlw54526288 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 26 Apr 2023 15:18:11 GMT Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E2AE958065; Wed, 26 Apr 2023 15:18:10 +0000 (GMT) Received: from smtpav01.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1956F58058; Wed, 26 Apr 2023 15:18:05 +0000 (GMT) Received: from lingrow.int.hansenpartnership.com (unknown [9.211.118.80]) by smtpav01.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 26 Apr 2023 15:18:04 +0000 (GMT) Message-ID: <7502e1af0615c08167076ff452fc69ebf316c730.camel@linux.ibm.com> Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model From: James Bottomley Reply-To: jejb@linux.ibm.com To: "Reshetova, Elena" , "Christopherson, , Sean" , Carlos Bilbao Cc: "corbet@lwn.net" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "ardb@kernel.org" , "kraxel@redhat.com" , "dovmurik@linux.ibm.com" , "dave.hansen@linux.intel.com" , "Dhaval.Giani@amd.com" , "michael.day@amd.com" , "pavankumar.paluri@amd.com" , "David.Kaplan@amd.com" , "Reshma.Lal@amd.com" , "Jeremy.Powell@amd.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "alexander.shishkin@linux.intel.com" , "thomas.lendacky@amd.com" , "tglx@linutronix.de" , "dgilbert@redhat.com" , "gregkh@linuxfoundation.org" , "dinechin@redhat.com" , "linux-coco@lists.linux.dev" , "berrange@redhat.com" , "mst@redhat.com" , "tytso@mit.edu" , "jikos@kernel.org" , "joro@8bytes.org" , "leon@kernel.org" , "richard.weinberger@gmail.com" , "lukas@wunner.de" , "cdupontd@redhat.com" , "jasowang@redhat.com" , "sameo@rivosinc.com" , "bp@alien8.de" , "security@kernel.org" , Andrew Bresticker , Rajnesh Kanwal , Dylan Reid , Ravi Sahita Date: Wed, 26 Apr 2023 11:18:03 -0400 In-Reply-To: References: <20230327141816.2648615-1-carlos.bilbao@amd.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: kr6owqMIH95NE01e4SLMhX0r13XFzqpx X-Proofpoint-GUID: _lSiUX2-N5MOlon2znWzr_yfsQngWUho X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-26_07,2023-04-26_03,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 adultscore=0 bulkscore=0 clxscore=1011 spamscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304260134 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2023-04-26 at 13:32 +0000, Reshetova, Elena wrote: > > On Mon, Mar 27, 2023, Carlos Bilbao wrote: [...] > > > +provide stronger security guarantees to their clients (usually > > > referred to +as tenants) by excluding all the CSP's > > > infrastructure and SW out of the +tenant's Trusted Computing Base > > > (TCB). > > > > This is inaccurate, the provider may still have software and/or > > hardware in the TCB. > > Well, this is the end goal where we want to be, the practical > deployment can differ of course. We can rephrase that it "allows to > exclude all the CSP's infrastructure and SW out of tenant's TCB." That's getting even more inaccurate. To run in a Cloud with CoCo you usually have to insert some provided code, like OVMF and, for AMD, the SVSM. These are often customized by the CSP to suit the cloud infrastructure, so you're running their code. The goal, I think, is to make sure you only run code you trust (some of which may come from the CSP) in your TCB, which is very different from the statement above. James