Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1090884rwr; Thu, 27 Apr 2023 12:10:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4fxO9dU7Rah2cnbgcL3N5pV0DxDdFUgIMHllhftbogeI1u2tbsKRcic9vX5niYFiO5hCSq X-Received: by 2002:a05:6a00:1950:b0:628:1b3:d499 with SMTP id s16-20020a056a00195000b0062801b3d499mr4053254pfk.21.1682622659011; Thu, 27 Apr 2023 12:10:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682622658; cv=none; d=google.com; s=arc-20160816; b=gwdAoxV4RLAFEMLqH7OsyEOeaAPDRBpud6LClAw2iX2xUAzLy5C2wEYNo7q/1+RU2S +SScsY8PEcPdu7ZhRNsewFQt7Lb5T7s7rdDiGJbX0F7Rg2tYqjXSIlsQ7rEd9b+r+LWS NxGetxrE/CjuyM9QaQJZdk8HgCD7E98rQrbHGvp9s7zZU9y/NOdFCQ7Z/Bc4XLMpBKpL iUhAwjlyn7GzDCqs1yAD5ARiXYqLcDjnwq1rP0wTIKhkmRte0qOgXDO6sOb9IFcUl436 vExrsNWDT6Eo9MxNpA9rQTeN9fFXxSL8BBiW5M62zqeRIbVjmHA8km1/1pNdGiHtBkbR YmXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=nfDiRfSq+kC18iemI6FYmlOcxjBiiknnRlI3qG2uuas=; b=NAg1JVFAOx2g1EkhxGhAa03PEh9n93kmXXjYknUHYofkfJzMpMrSXpZKpq5QUUoIRA 7D/1GynRQ0Z0JoMGTdfa1BdyCzNhcqFeybpjFBD2slCCsmM8kc7b9PEl/QGMkEQq9Zcl pNgduCfwcbhMo43lKQLXoeM8dFl1r3h/HHvu2B/EoX4376os7BUD+3LdPH9vTzF02eRr o37IBvzGlk8isPMOZmMR1Eh3naEXjAmGbwhpyF3AoRTLtySedRO0wCF+VY8tvjHKr7lf R9bCgR629kcj5RRrLFY15e7MIPW0SscAApLLPK2EYuEZ+HvjZ/zI/b++mBTQ0F3JkOc4 +Wwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=k0072J0d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z18-20020aa79592000000b0063b716685fasi18967670pfj.235.2023.04.27.12.10.43; Thu, 27 Apr 2023 12:10:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=k0072J0d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244643AbjD0THG (ORCPT + 99 others); Thu, 27 Apr 2023 15:07:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244649AbjD0THE (ORCPT ); Thu, 27 Apr 2023 15:07:04 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87D034C10 for ; Thu, 27 Apr 2023 12:06:54 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-4efea87c578so15435e87.1 for ; Thu, 27 Apr 2023 12:06:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1682622412; x=1685214412; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=nfDiRfSq+kC18iemI6FYmlOcxjBiiknnRlI3qG2uuas=; b=k0072J0dHqpJdFyGK8SUJ1Su9/HrBnV3NUsDVqoiWls1qAJ+eYsHWFpvb6DIyvoIPH eANWr9j4w47SGDA4u1bzYV6u4joJhikZCjg4FUbwaKOEf0zOCNbinpuiS+X3iZr8bO4o txKXL+8pMS1bVy6XMwJyt5G4+j6mcyqRPUF9wj1cryCL6jIuC7X6OIUWqMOtHblLffsE /O/TyxMyAV0ySb95Bm6K/2X9ivi++j49/VSVqje4tBOomP2eB5H4CWIyg+qRB/0uRkW0 Hhbd+Inbl7cH6dAbwoHlqfQ5uPSH5B8Ezd+4rxFgbYo/ky9YFjDdgsKAuXpOOU7eA2ZA Bstg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682622412; x=1685214412; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nfDiRfSq+kC18iemI6FYmlOcxjBiiknnRlI3qG2uuas=; b=BugEDCaCzdjg9/2XPVSZkxuOiDNtAh/kPbNfxKmnHU2Hr4dG4Hlqi9IHklseDTIxOK yaCA5YJobdptpNkV8E8OD2jN408cm+Mb+5YJk7h03wOY/i7s/roFarXUc1meZLonnSol Cwt6uowRdUqKiKGqSj1NrWT0UuRQ0D91n4YFi7S8hG40jYKkAatKMPa51utWKsMrNlRQ OoCzpYZCs+uEKJMcwleJU1TVe2A5MsvXPFVEkSJMirf/t8fNoLhlAFDQ5xGuGxhTQsi7 CiwDUiq/IWtjflqKwQCoYZtSppsRvktJ3dPfmCwd+UmMU8rSWcfczrV2EytF9ApAdEsK kL1Q== X-Gm-Message-State: AC+VfDy+8djAh4wMczETmW7n+QX5UhTCRGPM1ZlQ4HiMiQGa3p7kvXMs sQCbth4EI5tXJnLfEDPTgWq1Hfjk4S5h20Ym8Icaig== X-Received: by 2002:a05:6512:ea7:b0:4ea:e5e2:c893 with SMTP id bi39-20020a0565120ea700b004eae5e2c893mr20014lfb.1.1682622412005; Thu, 27 Apr 2023 12:06:52 -0700 (PDT) MIME-Version: 1.0 References: <20230327141816.2648615-1-carlos.bilbao@amd.com> In-Reply-To: From: Peter Gonda Date: Thu, 27 Apr 2023 13:06:39 -0600 Message-ID: Subject: Re: [PATCH] docs: security: Confidential computing intro and threat model To: Sean Christopherson Cc: Dave Hansen , Carlos Bilbao , corbet@lwn.net, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, ardb@kernel.org, kraxel@redhat.com, dovmurik@linux.ibm.com, elena.reshetova@intel.com, dave.hansen@linux.intel.com, Dhaval.Giani@amd.com, michael.day@amd.com, pavankumar.paluri@amd.com, David.Kaplan@amd.com, Reshma.Lal@amd.com, Jeremy.Powell@amd.com, sathyanarayanan.kuppuswamy@linux.intel.com, alexander.shishkin@linux.intel.com, thomas.lendacky@amd.com, tglx@linutronix.de, dgilbert@redhat.com, gregkh@linuxfoundation.org, dinechin@redhat.com, linux-coco@lists.linux.dev, berrange@redhat.com, mst@redhat.com, tytso@mit.edu, jikos@kernel.org, joro@8bytes.org, leon@kernel.org, richard.weinberger@gmail.com, lukas@wunner.de, jejb@linux.ibm.com, cdupontd@redhat.com, jasowang@redhat.com, sameo@rivosinc.com, bp@alien8.de, security@kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 26, 2023 at 10:03=E2=80=AFAM Sean Christopherson wrote: > > On Wed, Apr 26, 2023, Dave Hansen wrote: > > On 4/25/23 08:02, Sean Christopherson wrote: > > >> +While the traditional hypervisor has unlimited access to guest data= and > > >> +can leverage this access to attack the guest, the CoCo systems miti= gate > > >> +such attacks by adding security features like guest data confidenti= ality > > >> +and integrity protection. This threat model assumes that those feat= ures > > >> +are available and intact. > > > Again, if you're claiming integrity is a key tenant, then SEV and SEV= -ES can't be > > > considered CoCo. > > > > This document is clearly trying to draw a line in the sand and say: > > > > CoCo on one side, non-CoCo on the other > > > > I think it's less important to name that line than it is to realize wha= t > > we need to do on one side versus the other. > > > > For instance, if the system doesn't have strong guest memory > > confidentiality protection, then it's kinda silly to talk about the > > guest's need to defend against "CoCo guest data attacks". > > > > Sure, the mitigations for "CoCo guest data attacks" are pretty sane eve= n > > without all this CoCo jazz. But if your goal is to mitigate damage that > > a VMM out of the TCB can do, then they don't do much if there isn't > > VMM->guest memory confidentiality in the first place. > > > > So, sure, CoCo implementations exist along a continuum. SGX is in ther= e > > (with and without integrity protection), as are SEV=3D>SEV-ES=3D>SEV an= d > > MKTME=3D>TDX. > > > > This document is making the case that the kernel should go to some new > > (and extraordinary) lengths to defend itself against ... something. > > Then name the document something other than confidential-computing.rst, e= .g. > tdx-and-snp-threat-model.rst. Because this doc isn't remotely close to a= chieving > its stated goal of providing an "architecture-agnostic introduction ... t= o help > developers gain a foundational understanding of the subject". IMO, it do= es more > harm than good on that front because it presents Intel's and AMD's viewpo= ints as > if they are widely accepted for all of CoCo, and that is just flagrantly = false. I think changing this document to what Dave is describing is a more useful doc rather than tdx-and-snp-threat-model.rst. The tdx and snp threat models are well described by their respective white papers. Lets do as Dave suggests and "not quibble about where CoCo starts or ends", but make some definition of CoCo and its overall goals that way we can start executing on kernel improvements to match those goals.